Roll, a platform meant for issuing social tokens powered by the Ethereum blockchain, has reportedly suffered an exploit that resulted in the theft of 3000 ETH and the subsequent sale of the stolen tokens.
According to the data shared by the Research Analyst at The Block, Igor Igamberdiev, some social tokens issued on Roll were moved and liquidated, with some of the tokens sold off via the transaction mixer, Tornado.
Going by the information provided by Igamberdiev on Twitter a couple of hours ago, about 3000 ETH worth $5.7 million at current prices was exploited.
The incident also left a negative impact on the prices of all the social tokens affected, including WHALE, MORK, JULIEN, CHERRY, FWB, KARMA, ALEX, KERMAN, SKULL, HUE, and FIRST.
Igor Igamberdiev tweeted, “Two hours ago, someone sold a huge amount of social tokens issued on Roll platform. As a result, an attacker earned almost 3k ETH ($5.7M), of which 700 have already been sent to Tornado Cash. Most of social token prices dumped as a result.”
Two hours ago, someone sold a huge amount of social tokens issued on Roll platform.
As a result, an attacker earned almost 3k ETH ($5.7M), of which 700 have already been sent to Tornado Cash.
Most of social token prices dumped as a result. pic.twitter.com/WmdMogBBnd
— Igor Igamberdiev (@FrankResearcher) March 14, 2021
Igamberdiev stated further, “The victim’s address belongs to Roll, as it not only received social tokens from Roll’ multisig but was also sponsored by Roll multisig owners.
“The victim who lost all their social tokens gave approvals so that an exploiter could transferFrom() their tokens. This fact indicates a possible private key compromise or inside job.
“Currently, the attacker has sold all the stolen tokens, but it remains unclear whether they have access to other elements of Roll’s infrastructure. In addition, there are still some little-known tokens on the victim’s address that can still be liquidated.”
The creator of WHALE, one of the affected social tokens also shared more information regarding the unfortunate incident:
“While we do not have any additional updates, here is a quick recap: The price dip was a result of our social token issuer’s hot wallets being compromised with the tokens immediately sold. This represented 2.17% of total supply and it has been fully diluted into the market.
“We were fortunate to have exercised caution and transferred all tokens earmarked for community distribution to secure cold wallets with strong physical security measures. The WHALE Vault is similarly secure with a high level of diverse and deep security measures.”