ETHO Post mortem report on the bridge imbalancing

Update 2022 May 7th: The team has been relaunching the BEP20 bridge, which then enables pancake swap. The new contract for that is BSC: 0x48b19b7605429acaa8ea734117f39726a9aab1f9. Please read the following:

The BEP20 bridge for wETHO has been reopened


Act 1: Something feels wrong

image

Sometimes You have a feeling that something is wrong, but You do not really know why? That feeling we have in Q4 and up to February.   We discussed about NFTs, barely a market reaction, we announced a market place, barely a market reaction. We could have announced that Bitcoin has decided to merge with Etho Protocol - it would not have had a market reaction. Today we know why. 

Act 2: Something is wrong

We talk about community being important for ETHO protocol. For ETHO this is even more important and also this time it was the trigger point to something in imaginable. One user had done an analysis of the bridge and was observing that there seems to be an imbalance on the ETHO - wETHO bridge.

 

Some background: A bridge is a tool to convert ETHO to a wETHO token, so from mainnet to a token and also back again. This was needed as Kucoin did not want to list mainnet. A bridge has then two contracts, one to store or release ETHO and one to store and release wETHO. The bridge is connected to accounts which are controlled by private keys.

 

A typical transaction would be that someone would want to convert ETHO to wETHO to trade on Kucoin. this would result into storing ETHO in the bridge contract and then the same amount of ETHO would be minted on the wETHO side. Same would happen in the opposite direction wETHO are converted ed to ETHO by burning wETHO and then releasing the same amount of ETHO from the mainnet contract to the user.

 

So a bridge is always balanced as the amount of deposited ETHO equals the wETHO. Ii it is run properly and not misused, that is.  

Act 3: "Houston, we have a problem..."

Screenshot 2022-02-26 at 09.08.37

On 17th of Feb we got notified that something is not right from one of our community members. He observed that the bridge seems to imbalanced, or how he stated it that someone is printing wETHO out of thin air.

 

We immediately formed a task force to go to the bottom of this. The great thing with blockchains is that every transaction is public. All interactions on a bridge are public too, so the data is there, it is just a big puzzle to put together. But the team with help of the community did.

Act 4: Damage assessment

ethloss

The brutal truth comes now: a rogue person has misused the bridge and started to imbalance it around September last year. First in small steps, then in larger chunks resulting into an imbalance of 17M wETHO. We believe that all these wETHO have been sold to investors as the price on ETHO got worse and worse.

 

So the damage was done. We asked to stop exchanges to accept wETHO in order to not increase the damage. Note that the person could have minted unlimited amounts of wETHO, but that probably would have made people more suspicious, but earlier.

Act 5: Investigative results

rogue account

After compiling the data it seems that the imbalance was caused by a single person. Several accounts are connected to nodes which have been registered by  that single person and the outflow of the illegal wETHO has been going to this single Kucoin Exchange address:

0x312bC1D18e70e4a4AdbBE9f2e19e3b2c3c75e66d

 

 

More importantly we have complied a complete transaction report of every wETHO movement between all the hacker's wallets. We would encourage you to do your own research. Maybe You find additional information we might have missed. You can check the bridge activity here.

 

 

Act 6: Blocking accounts

In order to keep accounts blocked the Etho Team has reached out to law enforcement in order to  get an official record, which is needed for exchanges. This will potentially block all related accounts on Kucoin, Probit and STEX.

 

We will do everything to earn Your continued trust. More updates will come.