The Fantom foundation wallets have been hacked leading to an employee reportedly losing about $7 million worth of cryptocurrency, according to on-chain data and statement from Fantom Foundation Director Andre Cronje.
“A Fantom employee was targeted in an attack and their personal funds were stolen”, Cronje said.
The Fantom Foundation is the developer behind Fantom network, an Ethereum Virtual Machine (EVM)-compatible smart contract platform. According to DeFiLlama, the network has over $45 million in assets locked within its contracts.
The exploit was disclosed by users in a Fantom Foundation Telegram group. According to the post, the breach resulted from a zero-day exploit on Google Chrome.
A zero-day (0day) exploit occurs when a hacker targets a software vulnerability which is unknown to the software vendor or to antivirus vendors. The attacker spots the software vulnerability before any parties interested in mitigating it, quickly creates an exploit, and uses it for an attack.
According to a pseudonymous cryptographic individual known as Spreek on X( formerly Twitter), the hacker took home a whopping $6.7 million. The collective money in the hacker’s account is 4,501.58 ETH, which is $7 million.
Blockchain security analyst Certik revealed that the foundation’s wallet was hacked, with FTM losing $470,000 while on Ethereum, $187,000 was drained.
However, the telegram administrator of Fantom Foundation, Jane, assured users that most of the funds are stored in their cold wallets. The money that was drained was from one of their hot wallets. The representative also stated that the team was actively investigating the matter, further adding that the blockchain intelligence firm, TRM Labs, has joined their efforts to rectify the breach.
Fantom (FTM) is currently down 4.9%, trading at $0.18 in the past 24 hours, according to Coinstats.
Recent Exploits
There has been an uprising in security incidents affecting blockchain and DeFi projects in recent months. A hacker recently exploited Friend.Tech’s 2-factor verification flaws, stealing assets worth hundreds of dollars. In August, a decentralized lending platform, Exactly Protocol, also suffered an attack resulting in a loss of over $12 million worth of crypto assets.
