Introduction

On October 17, several unauthorized transfers occurred from multiple wallets Labelled ‘Fantom: Foundation Wallet’ as well as some unlabelled but connect wallets. Losses amounted to approximately $7 million with Fantom stating $550k was related to the Foundation with the rest relating to the personal funds of an employee. Initial reports suggested that a Google Chrome zero-day exploit had led to the wallets being drained. On-chain evidence points to a private key compromise, bringing the total lost to private key compromises in 2023 to approximately $591 million.

Event Summary

Large movements from doxxed Fantom: Foundation Wallets on FTM were observed in the early morning on October, 17th. These movements were considered unusual due to the receiving wallet bridging funds to the Ethereum network. In addition to funds belonging to FTM Foundation wallets, assets from anonymous wallets were also identified moving into externally owned address 0x2F4 and 0x1d9 which were the receivers of funds from Fantom: Foundation Wallets.

Initial reports in the Fantom Foundation Telegram suggested that a Chrome zero-day vulnerability had been exploited. A zero-day vulnerability is a new vulnerability that has not yet been documented.

On-chain evidence shows that the attacker wasn’t simply transferring funds from victims, they were also withdrawing assets, such as this withdrawal from Compound.

The ability to perform this type of action, as well as conduct several transfers, demonstrates that the attacker had control of the wallet meaning that private keys were compromised. The screenshot below shows the compound withdrawal with several token transfers to 0x2F4 either side of the transaction.

The stolen funds were consolidated into EOA 0x0b1 which received 4,701.48 ETH amounting to approximately $7 million.

Initially, the admin in Fantom’s Telegram channel attributed the private key compromise to a zero day vulnerability via Google Chrome. However, Fantom in an announcement on X stated that they are still investigating the cause of the incident.

On-chain Activity

Funds that were taken from users wallets were transferred to two wallets, 0x2F4F and 0x1d93. Assets from 0x2F4F were swapped for ETH and aggregated into 0x1d93 which sent ETH onto 0x0b1F. 0x0b1F received a total of 4,701 ETH, worth $7.35m at the time of writing, where it still remains.

Confirmed Victim Wallets

0x596288A9090c9EeDf87bb5F2DA5d8e1bbC7BB935 (Fantom: Foundation Wallet)

0x386aA44439e9C7181b1F0f1CAc0eFa478B623b27 (Fantom: Foundation Wallet)

0x1bfFB3a232E06E06A5D9e93C8DF3321f768197c2 (Fantom: Foundation Wallet)

0x48f7572cFbC4F246600CF816c668271034d81F8F (Fantom: Foundation Wallet)

0x1bfFB3a232E06E06A5D9e93C8DF3321f768197c2 (Fantom: Foundation Wallet)

0xB0E3baEC3bA1990ebd2EDF9EEDC2f3213B381fB1 (Likely Fantom employee wallet)

0x4a6ff07acd81f8d0ec7dd51f325d86b833821b1d (Likely Fantom employee wallet)

0xD2976A56cD84a91A2E83685a6dC5308315e29f15 (Likely Fantom employee wallet)

0xb86B137232C4e9B67F2B9BfD3d5641B77df70065 (Likely Fantom employee wallet)

0x3CbA76E6A3298B19b77bd3B6A7BbC0B209e712b4 (Likely Fantom employee wallet)

Although the incident affected Fantom Foundation wallets, the majority of the losses came from a Fantom employees personal wallet which is where the majority of the losses came from. For example, EOA 0xb86B137232C4e9B67F2B9BfD3d5641B77df70065 lost approximately $3.2 million worth of assets on Ethereum.

Zero-Day Vulnerability

Metamask wallets have encrypted seed phrases that are stored locally in chrome.local.data. Whenever a user opens Metamask for the first time they are prompted for their local wallet password. After entering the password, the unencrypted private key is stored in the browsers memStore. Metamask then remains unlocked for the rest of the browser session.

An admin in the Fantom Foundation Telegram suggested that the incident was the result of a zero-day exploit on the Chrome web browser. The zero-day that the admin was likely referring to is CVE-2023-5217.

The vulnerability, which has also been confirmed present in Firefox, exploits the vp8 encoding in libvpx. It is worth noting that decoding is not vulnerable but it is highly recommended to update your browser. The vulnerability gives a malicious actor access to memory storage within the browser, thereby giving access to an unencrypted private key.

Private Key Compromises 2023

CertiK continues to track the losses attributed to private key compromises and have accounted for $591,331,138.87 lost to private key compromises this year.

With the exception of the Euler Finance flash loan, the largest incidents in 2023 have come in the form of private key compromises. Incidents such as the Poly Network attack, Multichain, Alphapo, Coinspaid and Stake were all due to private key compromises and have led to combined losses of $363.3 million. During this bear market where asset prices are suppressed and the total value locked in DeFi remains low, major losses will likely continue to be from private key compromises on wallets holding a large amount of funds.

Conclusion

Of the $1.3 billion lost to exploits, hacks and scams in 2023, approximately 43.76% of the lost funds are due to private key compromises. Compromising private keys can lead to devastating losses for a project or individuals. Traditional Web2 attack vectors are one of the main threats facing projects and individuals who are in custody of a large amounts of assets due to the risk of private key breaches. It is still to be determined if the incident was due to a Chrome zero-day vulnerability as originally suggested, though it is almost certainly a Web2 private key compromise of the Fantom foundation and employee wallets. Individuals in control of large sums of assets should utilize reputable hardware wallets to store keys to maximize safety.