Team Funds Stolen and Multi-Sig Exploited
Team Funds Stolen and Multi-Sig Exploited
Serious Update for all HBT token-holders
We just experienced an attack on our team funds in our Gnosis Safe Multi-sig. The team and community is still under huge shock and need to look closely what happened here.
Please read to the end and check our full update to be advised about the Habitat future and next steps as HBT token-holder. Thank you!
What happened?
1. Today, a team member created a 1inch tx in our safe.
2. Deployer key wanted to execute the transaction, but the wallet said it will fail - nothing was signed.
3. Possibly at the same time, another team member signed and executed that said transaction but it failed:
4. After that, we tried to replace the safe transaction with another transaction. This was the start of the UI acting weird.
- Multiple unrelated transactions appeared in our history and queue.
- The Team received some error message while trying to replace the queue:
Tx with nonce=68 for safe=0xc97f82c80DF57c34E84491C0EDa050BA924D7429 already executed in tx-hash=0x66ed941917fa872fb282b65048e95f5015086a882bd7a31d8b0c8cd57886875b→ after this UI mess, we tried to fix this manually by using approveHash executeTransaction
→ after the transaction above, one team member could execute a pending swap approval in our queue.
Still, we received new errors in the interface along several unrelated activity
Transaction failed - execution reverted: Signatures data too short { "originalError": { "code": 3, "data": "0x08c379a0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000195369676e617475726573206461746120746f6f2073686f727400000000000000", "message": "execution reverted: Signatures data too short" } }different ui changes appeared after we dropped the other tx:
These are personal observations from the team, interacting with the safe between 12:00 - 14:00 CET. We informed the Gnosis Support Team and shared our observations.
The support team already forwarded information to the safe team, but we haven't heard back in the afternoon. Then we checked the chain and balances again:
At 15:36 CET we recognised the exploit tx's and consulted the gnosis Discord Chat for further investigation. A gnosis engineer is now in direct contact with Habitat Team.
Drain, Dump, Wash
The exploiter came later this afternoon with 2 transactions, emptying the safe:
Draining Tx:
Exploiter Address:
The Drainer went on to dump HBT on the remaining liquidity pools and drag the price with it.
The Dump:
After receiving the loot, the exploiter went on to deposit in Tornado.Cash:
This is all insights on the exploit we have until now. The first contact with Gnosis point towards a possibly malicious Safe App, while further investigation is necessary to clarify the situation.
Some further important points to remember:
While this is a pitch-black day for the HBT community, the team is still here and thankful for the support in first hours of exploit.
We can move on and will clarify the confusion around todays events to ensure Gnosis Safes stay safe for the future.
Concerning the Habitat Rollup:
LPs need to exit their SLP HBT-ETH Tokens!
HBT token-holders are advised to exit their funds from the rollup!
All token holdings data for HBT can always be reproduced from Mainnet and Rollup, so even if funds are stuck or not recovered: We will find a way to migrate the HBT token.
The Habitat project is not over because team funds are lost. The team and community need to adjust to the new situation and make some clever decisions to get back on track.
WAGMIT - We All Gonna Make It Together!
comments are appreciated ... but please watch your language.