Cointime

Cointime

Download App
iOS & Android

Tales of Elleria GameFi Project on Arbitrum One Suffers Over $280,000 Loss in Exploit

Cointime Official

April 20 (Cointime) - Tales of Elleria, an immersive three-dimensional role-playing GameFi project built on Arbitrum One, has experienced an exploit, resulting in a loss of over $280,000 USD, its co-founder Wayne @crwy__ revealed on Twitter.

According to Wayne, the hacker generated his own signature and withdrew a large amount of $ELM in four transactions from the bridge. The contract used to verify signatures, specifically the ecrecover function, is suspected to have been exploited, allowing the hacker to generate authorization signatures without the private keys. The private keys were only exposed to a few individuals and AWS for backend deployment, and no leak was detected.

The project is asking for help in investigating the incident and assures the Ellerians that appropriate action will be taken to compensate for the loss and move forward.

Read full thread:

2/ The hacker's address: 0xf2cbF39e7668EbB113f2C609BBd6eA1dFCe5d376 He made 4 transactions, withdrawing an incremental amount of ELM from the bridge:

1st: https://arbiscan.io/tx/0x411938ac2e40c0c0011187427760c7bf37a3a94606343da2e626d13d8b8e92c8…

2nd: https://arbiscan.io/tx/0x376aaa9b8bdf452ea4bbc4a185e639cf30eff456d96ee117571dcbb6e9cf318c…

3rd: https://arbiscan.io/tx/0x51ec11ef35c4a558c4d266c310f9a643513f46d97a65f8369c2b30ee10e67c8d…

4th: https://arbiscan.io/tx/0x1184e6e0970595572c27242a42e33682d41a3b0e676c269b8da164bd2477f0e2

3/ ecrecover: Potential vulnerability in the contract used to verify signatures: https://arbiscan.io/address/0xe1bBe57b783F619Ff5f3dC575bE6e069bCCe04f5… Current findings suspect that the ecrecover function was exploited and the hacker was able to generate the authorization signatures without our private keys.

4/ Private Keys

We were very careful with the private keys for the signers, and it was only exposed to me, Quack, and to AWS for our backend deployment. We're all nerds and don't spend much time on other stuff other than dev, don't think there was a leak on this side :')

5/ If anybody can help and investigate, we'll appreciate you immensely

We'll be here and will take action appropriately to compensate and move forward. Stay strong Ellerians!

GameFi
Comments

All Comments

Recommended for you

  • Trump will hold a private dinner on the day of the court recess, inviting NFT trading card buyers to attend

    On May 10th, according to sources, former US President Donald Trump will host a dinner at his Mar-a-Lago estate on a day off, inviting NFT trading card buyers to attend. This event is part of Trump's series of non-campaign activities, aimed at balancing his White House campaign and legal disputes. After Stormy Daniels testified in Trump's trial on Tuesday, Trump expressed his desire for campaigning rather than being tied up in court. Despite no public campaign activities on Wednesday, Trump's schedule includes private political meetings.

  • Tether: Deutsche Bank’s analysis lacks clarity and substantive evidence

    According to a report on stablecoins released on May 7, Deutsche Bank analyzed 334 currencies linked to stablecoins and found that 49% of stablecoins had failed during their median lifespan of about eight to ten years. The analysts concluded that most anchored assets in the cryptocurrency field will experience significant "turbulence" caused by speculative sentiment and ultimately suffer some form of decoupling event. Deutsche Bank analysts also pointed out that Tether's reserve transparency was lacking and described the company's solvency as "doubtful".

  • Yesterday, Solana’s on-chain DEX transaction volume surpassed Ethereum, reaching $1.314 billion

    On May 10th, according to DeFiLlama data, the trading volume of Solana's DEX reached 1.314 billion US dollars yesterday, surpassing the trading volume of 1.297 billion US dollars on Ethereum's DEX.

  • US court orders seizure of 279 virtual currency accounts containing criminal proceeds from North Korean hacking

    A US court has ordered the confiscation of 279 virtual currency accounts containing proceeds from North Korean hacker crimes. US District Court Judge Timothy Kelly in Washington, DC approved the federal prosecutor's request for a summary judgment on these accounts and ordered their confiscation on May 8. This ruling means that these accounts are now under the control of the US Department of Treasury.

  • South Korea’s National Tax Service announced that it would collect 40 billion won in taxes from Bithumb users

    Bithumb has issued a preliminary notice of comprehensive income tax to some users who participated in activities held between 2018 and 2021, and announced full support for the related tax amount. The position of the National Tax Service is that rewards paid to users through various activities (including virtual assets) constitute taxable income. Bithumb does not agree with the National Tax Service's opinion, but explains that taxation is mandatory.

  • The Base ecosystem Bloom project said it has recovered 90% of the funds stolen in the attack

    On May 10th, Bloom, a decentralized derivatives exchange on the X platform, announced that they have recovered $486,000 (minus 10% for bug bounties) out of the total funds utilized ($540,000). All of these funds will be redistributed to limited partners. 10% of the bug bounty has been agreed upon in exchange for not pressing charges against those who exploited the bug. A compensation plan for limited partners affected by the bug will be completed within the next 24-48 hours. Funds are safe and there is currently no need to revoke contract access.

  • US House of Representatives passes SAB 121 crypto rule overturning SEC

    The US House of Representatives has passed H.J. Res. 109, a resolution aimed at overturning the Securities and Exchange Commission's SAB 121 regulation on digital assets. The resolution aims to reduce regulatory burden and promote regulated banks to safely hold digital assets. However, the White House supports the SEC and has threatened to veto the resolution, emphasizing that if the President receives H.J. Res. 109, he will veto it.

  • Marathon reports record net revenue of $337.2 million in first quarter of 2024

    Bitcoin mining company Marathon Digital Holdings reported a record net profit of $337.2 million in the first quarter of 2024. The quarterly net profit announced by the company in its earnings report on May 9th increased by 184% compared to the first quarter of 2023, which was $118.7 million. The diluted earnings per share for this quarter were $1.26. The company announced that its first quarter revenue for 2024 reached a record $165.2 million, an increase of 223% from the same period last year, which was $51.1 million.

  • Canada's anti-money laundering regulator fines Binance $4.4 million

    Binance Holdings Ltd, a cryptocurrency exchange, has been fined CAD 6 million (approximately USD 4.4 million) by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) for violating anti-money laundering regulations. The report states that Binance was penalized for failing to register as a foreign money services business and for not reporting virtual currency transactions exceeding CAD 10,000. The fine was issued on Tuesday of this week, and the Canadian regulatory agency announced the news to the public on Thursday.

  • Binance CEO: Nigerian officials demanded $150 million in bribes

    Binance CEO Richard Teng has remained silent on the legal crisis in Nigeria for the past few months, but today Binance executive Tigran Gambaryan posted on the matter of his being charged in Nigeria, stating that unidentified individuals had contacted the exchange's employees and suggested paying a sum of money to resolve the charges. According to DL News, Nigerian officials have demanded a possible bribe of up to $150 million in cryptocurrency from Binance. In a statement, Richard Teng said that lawyers had been asked to make a large payment in cryptocurrency within 48 hours.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company