EasyFi Network Details $6M DeFi Hack in Latest Postmortem

The platform has released a postmortem detailing the incursion.The latest decentralized finance (DeFi) protocol to suffer at the hands of hackers is EasyFi.

In an April 20 blog post, founder and CEO of the EasyFi DeFi protocol, Ankitt Gaur, detailed an attack that resulted in the loss of as much as $6 million from its liquidity pools.

The incursion, which happened on April 19, was a targeted attack compromising the admin and mnemonic keys. This allowed the hacker to access funds and make off with almost 3 million EASY tokens.

“We gained validation to the initial reports about the targeted attack on the founder’s machine/MetaMask to access admin keys and execute the well-planned hack.”

Targeted DeFi hack

Gaur stated that he was first alerted to large transactions from protocol wallets. The hacker accessed existing liquidity in protocol pools in USD, DAI, and USDT in order to transfer 2.98 million EASY tokens to their wallet address.

He added that EasyFi smart contracts were not compromised. It was a targeted mnemonic hack upon Gaur’s own computer using a planned remote attack to access MetaMask.

“Since the machine was not used for daily operations and is used solely for the purpose of official transfers. The hacker waited for the right time to execute the hack in a well-planned manner.”

Gaur stated that most MetaMask attacks phish private keys or passphrases. However, in this instance, the computer was compromised and the wallets accessed directly from the hard drive.

He added that the tokens had yet to be sold due to liquidity restraints. Gaur offered a $1 million reward should the hacker return the funds in full.

The incident reinforces the premise that DeFi protocols are not really decentralized if the “CEO” still holds all the keys. It’s similar to the hack that targeted Nexus Mutual Founder Hugh Karp in December 2020. However, the $8 million was lifted from Karp’s personal wallet, not the protocol itself.

EasyFi is a Layer 2 DeFi lending protocol designed for digital assets powered by the Polygon (formerly Matic) Network. It launched on Binance Smart Chain in early April and partnered with PancakeSwap for yield farming incentives.

EASY token price crashes

EasyFi’s native token crashed almost 50% as the news broke, falling from around $26 to $13.50 in under 24 hours.

At the time of writing EASY had recovered marginally and was trading at $17.65.