OFFICIAL STATEMENT OF EVENTS
Rise community,
I apologize for my lack of communication for the past 3 days. To see a project that you’ve put hundreds (possibly thousands) of hours of blood, sweat, and tears into get brought down in less than 30 seconds by a malicious actor is nothing short of soul crushing. I’m still in a state of shock and disbelief to this day, but I will try to keep this as professional as possible. I’ve been quiet on the public front in order to focus on figuring out how this attack could have happened.
Here’s the sequence of events:
February 24 – Dele T. submits an application for a Chainlink/Solidity developer through our web portal.
February 24 – A team member notifies me and brings the application to my attention.
March 3 – We officially onboard Dele to assist with Chainlink integration. He was paid in ETH, and was on a contract basis.
March 8 – Dele requests a screenshare with me in order to walk me through the work and the code he’s done. The screenshare invitation was sent through Cisco WebEx.
March 10 – Dele sends me the .sol files in a .zip file for the new rebaser contract via Telegram. I carry out a full AV scan on the .zip file, and it returned clean. I then deployed the new contract, and made the official Chainlink integration announcement.
March 11 – Keys to the deployer account were compromised. All liquidity was drained, and Dele deletes his Telegram account along with all communication history with team members.
March 11 – Immediately following the attack (I was in a client meeting at the time), I run out to the restroom to communicate with the team and figure out what’s happening. After discussing internally, the only way that access could have been gained was through the computer that I hosted the rebaser script on (the same one that I screenshared with and deployed the contracts from). I remote shutdown the computer that was compromised in order to stop any further activity from occurring. This computer was on 24/7 in order to run our automated rebase script.
March 12 – I return home and boot up the compromised computer. I’m immediately hit with the blue screen of death (critical process died). I repaired Windows through a re-install (keep my files option). Once in, I realize that a majority of the files I previously held on the computer were deleted. This includes the private key file and the .zip file for the deployment.
Let me start by saying that exposing us to this risk, and not doing my due diligence on security was 100% my fault. No one else on the team should be blamed. The computer that was attacked was mine, and no other team member has access to this.
After research and discussion with the team, here’s how I believe the attack was carried out:
Dele was able to obtain my IP address through the Cisco WebEx screenshare. There’s a tool that allows connecting IPs made to be visible. The .zip file contained some kind of backdoor that must have allowed him to connect to my computer. Utilizing my IP and the backdoor, he was able to access my computer.
This attack was not of my doing. I'm anon and could have easily disappeared with the rest of the funds, but I'm just as shocked and in disbelief as you all are. About $40,000 have been spent on marketing efforts, and Chainlink integration was just completed. Were my intentions malicious, I could have easily exited with the full amount of ETH raised from the presale a month ago.
This project was something I was fully and 100% devoted to. I wanted to see it succeed more than anyone. I was ecstatic when Dele first told me that the initial integration was complete. I wanted to deploy it ASAP in order to stimulate the market and prevent the sell-off that might have happened from the release of seed investor tokens. Unfortunately, my excitement to announce and deploy this resulted in the security flaw which led to our subsequent attack.