Fantom Foundation hot wallet was hacked for $550,000

The Phantom Foundation, the developer of the Phantom Network, has been cleared of more than $550,000 worth of cryptocurrency. The foundation confirmed the attack on X, saying that most of the stolen funds belonged to other users and that 99% of the foundation's funds were safe. The group also stated that it is investigating the attack.

pic.twitter.com/gShkT3C9XV

— Fantom Foundation (@FantomFDN) October 17,

Blockchain security researchers initially reported that the attacker stole nearly $7 million in crypt. The Phantom Foundation later issued a public statement saying that some wallets labeled “Fantom: Foundation Wallet” were mislabeled by block explorers and that not all of the stolen funds were from the foundation. According to the group, some of the affected wallets belonged to the foundation but have since been assigned to phantom employees and do not contain company funds. The team is currently investigating the attack to determine how the wallets were affected.

The Phantom Foundation is the developer behind the Phantom Network, an Ethereum Virtual Machine-compatible modern contract platform. The network has more than $45 million in assets locked up in the deal, Defillama said. The attack was against the Foundation and other users of the Fantom wallet, not the Fantom network.

Total attacker profit (not all necessarily from phantom or related wallets) looks like ~$6.7m pic.twitter.com/0rkDHULsdI

— Speak (@spraakaway) October 17, 2023

On October 17, On-chain sleuth Spreek reported on X that the foundation had received a “suspicious” attack on a report submitted by Telegram. They later listed the stolen wallets and estimated a loss of $6.7 million, but also suggested that the funds leaked may have included sources other than the Phantom Foundation.

Related: Fantom DEX Saves at Eleventh Hour Following Planned Shutdown

Blockchain security platform CertiK has confirmed that the foundation was hacked. He initially estimated the loss at $657,000 but later updated this figure to $7 million. An analysis of the blockchain data showed that an account named “Fantom Foundation Wallet 1” by EtherScan sent 2,000 CVX, 1,000 Dai (DAI), 4,500 USD Coin (USDC) and other tokens to a wallet named “Fake_Phishing188024”. Additionally, an account named “Fantom Foundation Wallet 20” posted by Fantom network block explorer sent over 1 million FTM to an account named “Fake_Phishing32”. When a development team sends money to a known fraudulent account, this generally indicates that the team's private key has been stolen.

Update Oct 17, 6:40pm UTC: This article has been updated to include an official statement from the Phantom Foundation on X.

Update October 17, 5:55 PM UTC: This article has been updated to note that CertiK has increased its estimate of total losses and to provide statements from the Fantom Telegram group admin.

This is a developing story, and more information will be added as it becomes available.

Collect this article as an NFT to preserve this in history and show your support for free journalism in the crypto space.