Social token platform Roll has suffered a security breach worth nearly $6 million in cryptocurrencies. Various social tokens that were issued on the platform were transferred and liquidated, with some of the funds being moved to transaction mixer Tornado. The attacker then sold off the various personal tokens using Roll’s competitor platform Rally.
3000 Ether Stolen During Roll Security Breach
Based on on-chain analysis from ‘The Block’ researcher, some $5.7 million in ETH was stolen during the attack. The market sale of the affected social tokens resulted in significant price declines of the concerning tokens.
Two hours ago, someone sold a huge amount of social tokens issued on Roll platform.
As a result, an attacker earned almost 3k ETH ($5.7M), of which 700 have already been sent to Tornado Cash.
Most of social token prices dumped as a result. pic.twitter.com/WmdMogBBnd
— Igor Igamberdiev (@FrankResearcher) March 14, 2021
The creator of WHALE, one of the social tokens affected during the incident, confirmed the hack saying 2.17% of the coin’s supply has been compromised and the rest is secured in the cold storage.
The hack resulted in decreasing the value of several social tokens minted and distributed on the platform by more than 50% including WHALE, RARE, and PICA.
Meanwhile, the RLY token of competing social money platform Rally has surged to an all-time high.
Ethereum wallet manager, MyCrypto.com shared on Twitter:
“There was some sort of widespread hack/compromise across various social coins, leading to a massive dump.”
Seems there was some sort of widespread hack/compromise across various social coins, leading to a massive dump. pic.twitter.com/45Cgca33Ap
— MyCrypto.com (@MyCrypto) March 14, 2021
Stolen ETH were Transferred to Tornado Cash
In response to the incident, Roll has suspended withdrawals of social money from its Roll wallets and set up a $500,000 fund for its affected users.
The platform has also said that it’s building its infrastructure, getting its code audited, and working with the police in catching the robbers.
Earlier today, the private keys to our hot wallet were compromised.
We're investigating this with our infrastructure provider, security engineers and law enforcement.
— Roll (@tryrollhq) March 14, 2021
A representative for Roll confirmed that the project’s hot wallet was targeted, saying:
“We’re looking into a vulnerability in our hot wallet and will share more details as soon as possible.”
Data from Etherscan have shown that the stolen ETH were transferred to Tornado Cash, a privacy tool often used by hackers to cover their tracks.
CEO Bradley Miles said, “Our goal is to come back stronger than ever.”