Newsletters
This article is more than three months old

Fantom dodges $170m vulnerability, pays $1.7m reward to security researcher

Fantom dodges $170m vulnerability, pays $1.7m reward to security researcher
DeFi
Fantom's $550,000 hack last month could have been much worse. Credit: Rita Fortunato/DL News
By
Tim Craig
  • A Fantom Foundation wallet was hacked that contained a dormant admin token for the FTM token contract.
  • The hackers could have minted one million FTM tokens on Ethereum with the admin token.
  • Earlier in the year, the Fantom blockchain was hurt by a hack of the crypto bridge Multichain.

The Fantom Foundation has paid out a $1.7 million bounty to a security researcher after one of the foundation’s crypto wallets was hacked last month.

The researcher, who was not named in an announcement, alerted the foundation that the hacked wallet held a dormant admin token for Fantom’s FTM token contract.

Had the hacker discovered that the wallet they controlled contained the admin token before it was discovered, they could have minted one billion FTM tokens directly on Ethereum.

As FTM traded at $0.17 at the time of the hack, the Fantom Foundation evaluated the potential damage at $170 million, but added that that hacker likely couldn’t have realised that much value due to insufficient market liquidity for the FTM token.

The Fantom Foundation is a non profit organisation tasked with developing the Fantom blockchain.

In October, a wallet that had belonged to the Fantom Foundation was hacked, costing the organisation $550,000.

Shortly after the hack, the Fantom Foundation confirmed that it no longer used the hacked wallet and had reassigned it to an employee. It called the incident a “targeted personal attack” against the employee and not the foundation itself.

The October hack is not the worst episode affecting Fantom this year.

Join the community to get our latest stories and updates

In May, crypto bridge Multichain, which issues wrapped versions of many tokens on the Fantom blockchain, began experiencing issues which its developers called a “force majeure” against the protocol.

After suffering a $126 million hack in early July, Multichain said it was shuttering its operations, claiming that its CEO, Zhaojun He, had been arrested by Chinese authorities.

As the primary bridge connecting Fantom to other DeFi ecosystems, Multichain’s woes weighed heavily on Fantom. Between May and October, the FTM token plummeted over 50% to a low of $0.17.

FTM has since benefitted from the wider crypto market rally, and currently trades at $0.33.

Tim Craig is DL News’ Edinburgh-based DeFi correspondent. Reach out to him with tips at tim@dlnews.com.

Update, November 21: Corrected the amount of FTM tokens the admin token granted minting rights for from one million to one billion.

Related Topics
FANTOMHACKS AND EXPLOITS
Related articles
User pockets $1m after Multichain bridge mysteriously restarts — then stops again
Tim Craig
Fantom Foundation confirms $550,000 stolen from one of its wallets
Osato Avan-Nomayo
Why ‘rage quitting’ is a growing DeFi trend that’s upending DAOs
Osato Avan-Nomayo
Savvy trader pounced on $125m Multichain hack to execute ‘smartest arb in crypto history’
Aleks Gilbert