The Fantom Foundation, a nonprofit organization developing the Fantom blockchain platform, has identified and fixed a major vulnerability following a $550,000 hack in October.
The hack, which occurred on Oct. 17, resulted in an unknown attacker draining 1% of Fantom Foundation’s funds from a hot wallet. The affected wallets were subsequently reassigned to a Fantom employee after the foundation ceased using them, making it a “targeted attack.”
After the incident, an unnamed security researcher discovered an additional potential risk associated with the hack and informed the Fantom Foundation. The vulnerability was related to a dormant admin token for Fantom’s ERC-20 FTM contract, which could potentially have given the attacker the ability to mint a portion of Fantom (FTM) for themselves on Ethereum.
The Fantom Foundation revealed that the discovered vulnerability could have enabled the hacker to drain $170 million using the wallet access. The organization stated that the value of the potential loss was calculated based on the token price at the time of the hack, “though this estimate does not consider the market’s insufficient liquidity to absorb the tokens fully.”
The Fantom Foundation stated that the vulnerability was “mitigated quickly” and awarded the unnamed researcher $1.7 million in recognition of their contribution. The organization’s announcement included the statement:
“The Fantom Foundation is dedicated to upholding the highest security standards for our platform, and we remain grateful for the security researchers who contribute to this effort.”
The Fantom Foundation did not immediately respond to Cointelegraph’s request for comment.
Related: Poloniex says hacker’s identity is confirmed, offers last bounty at $10M
Despite the recent hack, the Fantom token has experienced a rise in value over the past four weeks. The token has gained 82% in value since Oct. 17, trading at $0.31 at the time of writing, according to CoinGecko. The token’s value has also increased by 78% over the past year, according to the data.
Launched in late 2019, the Fantom network is a blockchain protocol that enables users to build and deploy decentralized applications (DApps). The Fantom Foundation’s Opera is a permissionless blockchain compatible with the Ethereum Virtual Machine, allowing users to interact with the Fantom network on MetaMask, a leading self-custodial cryptocurrency wallet.
The recent $550,000 hack is not the first attack on the Fantom Foundation or its users. In July 2023, Fantom experienced a significant multichain bridge hack, resulting in the loss of $126 million worth of cryptocurrency. Fantom creator Andre Cronje subsequently claimed that the Fantom team had been misled about the actual security level of Multichain, which ceased operations in mid-July 2023.
Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in