Secure cryptocurrency bridges are one of the most challenging development tasks in the industry. Every day in the news there are exploits. Whether you are a project our size or a multi-billion dollar whale. Ours failed due to the apparent failure of a trusted individual consumed by greed.
Since that time, the most important improvement has been that Etho Protocol is now really a "Team Effort" vs the reliance on the founding developer for many critical functions.
The new bridges are improved both technically and with multi-level access/control.
What has happened to our bridge
The previous founder had deployed two bridges: BEP20 and a ERC20 bridge. Both have been misused and once we detected a missuse we have demoted the usage. For ERC20 this has been easy, as they have been used by centralized exchanges. So stopping the deposits closed this loophole. BEP20 is used on Pancake swap. There it is not as easy to stop trading as long as someone provides a liquidity pool. We detected the misuse beginning of April which then resulted in the statement on discord the 11th of April:.
BEP20 bridge Analysis
Analysis has shown that indeed also this bridge has been misused. To a much lesser extent, but still. Of course, you can ask, why we have not closed this loophole earlier. We were trying to rebuild the project on all ends. Unfortunately, we were not fully aware of the contract and the potential damage it could cause as pancake has never played a larger role in ETHO. We also would have never thought that our founder would first betray us big time and then try it again on a much smaller platform. A misjudgment, clearly..
We created a new contract with additional safety measures to prevent any hijacking by a single party from ever happening again. To understand what went wrong in the past we had to look at the facts. One big issue was that there were only two lead developers on the Team who had the capacity and knowledge to monitor the Bridge contract. But there was no system in place for the community or non-tech-savvy team members to be alerted. So now we have ensured that the entire Team has access to the Bridge and additionally added a Bridge Monitor that runs directly on our Website ( bridge.ethoprotocol.com ) so that every single transaction gets monitored and each user can see the Bridge and Funds monitored at all times in real-time.
When reviving the bridge the first question was, what do we do with previous owners of BEP20 based wETHO tokens. Already for ERC20, we decided to socialise the loss. The same has been applied here, but with more accuracy:
The hijacked contract had 550 Holders of Wrapped Etho. We decided to migrate over 172 Accounts of the largest accounts. Why 172? These were accounts that were holding at least 250 of wETHO on the hijacked contract and after our calculation of the new supply also ended up with at least 250 ETHO.
To calculate we separated the Account Balances into 3 groups:
1) Before "20th Feb 22", this is the time before the malicious actor got active
2) Between "20th Feb 22" and "12th April 22", this is the time when fake tokens were sold at a discount price
3) After "12th April 22", the time when the team officially demoted the usage
Each Group has a different Conversation rate based on the average buy price.
Group 1) 100% token Balance gets converted
Group 2) 50% token Balance gets converted ( Buyprice ~ 1/2 of Kucoin )
Group 3) 12,5% token Balance gets converted ( Buyprice ~ 1/8 of Kucoin )
So we have looked into accounts with 250 and above ETHO and we took into account when and at what price people have been purchasing tokens. From our perspective the fairest way forward.
The Conversion and all the Accounts are listed in the following
MIGRATION DATE : 05.05.2022 12:30
BSC TOKEN CONTRACT: 0x48b19b7605429acaa8ea734117f39726a9aab1f9
ETHO BRIDGE CONTRACT: 0x21Fa7F69E55813d7f9ADef03121993E39C3CF4A7
The new BEP20 contract was deployed on Thursday and the new bridge was reopened:
This will then allow you to access your “new” and backed wETHO according to the algorithm above. And yes you can transfer them back to ETHO. And you will be able to transfer ETHO to wETHO. We will be back on track, next is the ERC20 bridge. Below the video from out AMA from the 7th of May 2022.