Security Incident: EasyFi to Compensate 100% of the Depositors Net Balances

A Brief History of the Attack

A multichain layer 2 protocol on Polygon, Ethereum, and Binance Smart Chain (BSC) network, EasyFi, reported a hack on April 19, resulting in the loss of millions of dollars worth of funds from the official contracts of EasyFi. An unknown hacker stole the private keys to the platform’s admin MetaMask account and drained $6 million from its liquidity pools. Additionally, 2.98 million $EASY tokens got stolen, which were worth over $75 million at the time of the hack. While EasyFi contracts on the BSC network remained unaffected, the hackers were able to attack protocol contracts on Polygon and Ethereum blockchains. The hacker used WBTC and renBTC to move funds via the dark pool to their wallets and remained untraced to date. 

The EasyFi team has been working with security experts to gain deep insights into the hack. Since the process is time-consuming and may take another few months, the platform doesn’t want to keep its users waiting to get information about their recovery of lost funds. Therefore, EasyFi has rolled out a plan to make its users whole over time even, while it keeps digging more info on the hack. 

The Compensation Plan 

 

EasyFi will compensate 100% of the funds of liquidity providers (LP) and lenders deposited on the Polygon network. The team is analyzing the attack and its effect by considering the net balance of each address as per a screenshot at block height #13464478 on the Polygon network – right before the hack happened. Shortly, a list containing all addresses and corresponding balances will be made public for everyone.

All the users affected by the hack will get 100% against their net deposit in two parts:

1) EasyFi will pay 25% of the total amount lost during the hack in stable coins. 

2)  75% of the remaining deposited amount will be paid in EZ IOUs, which are backed by Easy Version two tokens, EZ, in a 1:1 ratio. IOU is short for “I Owe You”. The goal behind releasing these tokens is to create immediate liquidity for LPs and traders while protecting EZ (governance token of EasyFi) from sell-side pressure on order books. As per the EasyFi team, the EZ IOUs have several benefits: 

  • These tokens are to carry a 25% discount on the spot price of EZ in the secondary markets when the team will distribute EZ IOUs. 
  • Token holders can redeem EZ IOU in the ratio of 1:1 against Easy V2 tokens over six months.
  • Depositors can transfer or trade EZ IOUs over decentralized exchanges as these tokens are an ERC-20 type. 
  • Redeemable tokens will be unblocked per block on the Polygon network, after which users can claim them as they please. 

Furthermore, liquidity providers/depositors who added volatile assets in the EasyFi lending protocols on the Polygon network will get compensation as per the spot price of the underlying asset at the time of distribution. 

Complete Compensation While Keeping Itself in Business

Launched in August 2020, EasyFi is not even a year old. The platform is yet to gather enough funds in its treasury that it continues running operations even after compensating 100% of the funds to the users. In order to keep its treasury wealthy, the team started raising funds during ongoing multi-chain expansion. After the incident, the campaign accelerated and has already raised a sizable amount, whose detail shall be disclosed shortly. The funding will help EasyFi introduce a brand new line of products and expand the infrastructure across new networks. The team has promised more innovation in the direction while continuing its search operation to catch malicious actors responsible for the hack.   

The Hunt Continues

The team behind EasyFi is working with experts to get insights on the hack and track the hacker responsible for stealing funds from the admin’s MetaMask wallet. 

Though EasyFi has continuously been updating its users about the progress made so far on tracking the hack source, it refrains from disclosing any sensitive detail or information as of writing this piece.  However, as per a medium article, the team has made some advances and will shortly share requisite data. It is now waiting to receive an investigation report to take necessary action. 

Read Entire Article


Add a comment