Date:: October 8th, 2021
Amount Stolen:: $24,100,000
@mgnr_io was the victim of a malicious and targeted cyber attack the attackers appear to be very sophisticated and have scripting abilities / facility with cross-chain bridging and mixing techniques
the point of entry was likely a phishing email masked as somebody we recognized from @maplefinance and containing a fake docx from @PanteraCapital
we've subsequently heard of 2 other crypto firms receiving an equally targeted attacks (also with 'pantera' term sheets) the intrusion was probably used to implant a key logger and steal credentials to a password manager where we had (stupidly) shared a privkey as temporary hot wallet between a few team members
we'd typically stay a bit more private about this sort of thing but after hearing as of yesterday the attacks are ongoing feel we need to step forward for public good and in defense of other crypto money managers one framework for thinking about cybersecurity is as a 'swiss cheese' a number of holes must align in order for hackers to achieve entry
again, please take this opportunity to revisit your own setup
we have engaged support of law enforcement and will be aggressively pursuing the leads / clues the thieves have left behind
we have already recovered a substantial portion of the stolen funds and have frozen some of the hackers' exchange accounts (with fake KYC)
as a precaution we temporarily disabled some of our trading systems / wallets
we thank all exchange / venture / trading partners for being patient during this time and can assure everyone that we'll be back up and running soon (tm)
-
0x57737d6f8ea0099c30c96754a436e46d4dd3fa80 - Primary Attacker
-
0xdef57ccb20b1f2eaee0c64aab3280350f84cb0fc
-
0x1398db28ca00d9f943355d6b57ab28a61110bfef
-
0xefdd66340b2988bc8c90147318066e9816e9ab86
-
0xf49193605dcbccc6b8c2ea4b22795ec1ef090ee0
-
0x246569f8b420c8d850c475c53d0d59973b3f08fc - Paxful Deposit
-
0x593dc5e1ad81667bbfc90739dd2c09c926920e3b - Paxful Deposit
-
0x2e1155cf5374cba058a04fd03ebd0ba19afe580d - Noones Deposit
- 0x785b9940eaf44be2b832c61816ff873b97a8ad63
- 0x2cf79ade61c36925463b02505d7186eabc1d8f2c
- 0xc7c6d42875fd091faa16ad0225f587158f47fce4
- 0xea609c15f4fa1205346b875b7f65fc298249214b
- 0x964d7c2e0dff7f929d1a53238d3a4943fd9fd342
- 0x6560e818728269f51eaa0cdc3f8aa1ac03103198
- 0xe51c218552f01984cfabd17aff7b75a8e281464e
- 0x683c3d42325ca1beb2475f443c916832f0bd10f2
- 0xa53f74f942c8475c4418c67d77ba593df67c5a7c
- 0xaaa51a89c7d3342e0c4e6084713aa44248a7a232
-
https://twitter.com/mgnr_io/status/1448489258029703168/photo/1
-
https://web.archive.org/web/20211014032211/https://twitter.com/mgnr_io/status/1448489258029703168/
-
Some of mgnr's addresses are ID'd here, however the author makes the fatal mistake of attributing large sweeps / dumps / closing of positions to malicious activity on mgnr's part, not the hackers. rip mgnr. (and shity sleuths.)