The attack on Wrapped LEO (WLEO) was a black swan event that had a rippling impact throughout the LeoFinance community and our project. The investigation into that attack has lasted for the past 10 days and we have discovered a great deal about how the attack was carried out and who was responsible for it.
This post contains the white paper we wrote about this event and the most important details and conclusions drawn from it. We hope that this gives everyone some much needed closure on this event and also serves as a cornerstone piece to how we continue to develop LeoFinance in the present and future. Our aim is to build a robust project for the years to come and an event like this is a harsh lesson but one that will have a lasting impact on how we buidl our vision for the future.
If you'd prefer a PDF version, click here to download the white paper.
Contents
I. The Mission and Creation of Wrapped LEO
II. The Unfolding of Events Leading Up to, During and After the Hack
III. Investigation of How the Attack Took Place
IV. Investigation of the Attacker
V. Liquidity Providers and the Redistribution of Saved ETH + LEO
VI. The Future: Exploring Models for a More Secure WLEO
Abstract
This paper is a documentation of the entire Wrapped LEO attack. We start out by discussing the overall mission and goal of Wrapped LEO (WLEO), why it was launched in the first place and why it is an important aspect of LeoFinance.
From there, we move on to a record of the actual events as they unfolded. Including timestamps of when things happened and how the response played out in real-time. We also discuss the actions that were taken post-attack and how the community and team stepped up to work on fixing what was broken and pick up the pieces to move on from this black swan event.
In section IV, we conduct a thorough investigation of the attacker. We dig in to the ETH address that carried out the attack and link it to other attacks on various projects and individuals across the Ethereum blockchain in order to get answers about who carried this out.
We then discuss the conclusions of our investigation into the hack itself. Over the course of several days, more than a dozen people helped in the investigation of how exactly WLEO was attacked and how the attacker was able to mint WLEO to their address.
After exploring everything we could related to the hack. We now need to move on from what happened and keep pushing forward as a project and community. We take the insights learned from this event and discuss the relaunch of WLEO with a revamped tokenomic structure that is vastly more secure, robust and thoroughly tested against events such as this.
This event has caused a radical shift in the entire LeoFinance project. The impacts are not only felt on the WLEO aspect of our project, but will ripple through to every single branch of LeoFinance and how we conduct ourselves in the present and future. Creating a more robust project and finding ways to utilize this event as a positive driver for growth.
I. The Mission and Creation of Wrapped LEO
Wrapped LEO (WLEO) was launched as a means to gain traction and liquidity for the LeoFinance project in the broader crypto industry. Our ultimate ambition is to drive user growth and connect with other blockchains, communities and ecosystems in order to expand the reach and scale of LeoFinance.
The native LEO token is built on the Hive-Engine second layer solution for the Hive blockchain. This token has a lot of unique features that leverage the Hive blockchain for fast, feeless and scalable transactions. One thing that this native token lacks is accessibility outside of Hive. Wrapping this token and creating an ERC20 equivalent (WLEO) allowed us to expand and connect with exchanges like Uniswap and coin aggregators/trackers like Coingecko, CoinMarketCap and Blockfolio.
As a social media, blogging and engagement-based platform on a blockchain, reaching outside of Hive (our core blockchain) is a necessary step. Up until about 2 months ago, this was always an idea for the future, but something that we had yet to find a way to achieve.
When WHIVE launched, we immediately realized that this idea was not just achieveable, but right in front of us. We quickly began work on desiging the architecture to support WLEO and prepare ourselves for a moment to step outside of Hive and bring in new users and community members to the LeoFinance ecosystem.
WLEO is an important part of the LeoFinance project, but it isn't the entire LeoFinance project. We run a number of other apps, branches and community-oriented projects that all fall under the LeoFinance umbrella. The temporary downtime for WLEO has been a set back, but it is far from a killing blow to our project. This much has been seen by the rallying support of our community and also the continuous developments that have been released to our core project: the leofinance.io UI.
Throughout the rest of this paper, you'll see the insights that were gained through the initial launch of WLEO including the perspective that was granted to us by the WLEO attack in which an outside party - which we have determined to not be connected to Hive in any way - was able to mint an unlimited amount of WLEO and attack the liquidity pool.
With this said, I hope that you realize the importance of WLEO. While WLEO isn't the entirety of our project, we will see the return of WLEO to the LeoFinance ecosystem as it is a key driver of growth and connectivity to the rest of the crypto space. The key difference, however, is that it will be housed under a new tokenmoic structure which coincides with major changes to the server and wallet infrastructures surrounding WLEO.
By pulling from exchange models, other Ethereum-based projects and the combined brainpower of multiple devs, we've designed a system that is more robust, secure and proactive against attacks such as this one and other potential threats.
II. The Unfolding of Events Leading Up to, During and After the Hack
Leading up to October 11th, 2020 there was no suspicious activity indicating a security breach. The first indication of an attack was the false minting of 10,000 WLEO at 3:08 AM on October 11th.
After investigating the addresses involved, we've found that this particular address was the only one receiving minted WLEO during the attack. It then used the "fake" WLEO that was minted to swap into the Uniswap pool in exchange for ETH.
Times used from here forward are in CST (central standard time):
Oct 11 3:08 A.M. The first minting of false WLEO:
https://etherscan.io/tx/0x9c0abb76e5924623def3f000c3df6da9b100c90be279f63b24b22c842444f66e
Shortly after that, another minting TX occured for 7,590.692 WLEO:
https://etherscan.io/tx/0x0e8621db8bd6c42d559e24274c02c837964041890dcc357031b495160d5c05c8
Oct 11 3:12 A.M. First Swap Into the Pool With Minted WLEO:
The attacker minted 2 smaller amounts of WLEO and swapped into the pool.
Oct 11 3:15 A.M. The attack continues as WLEO is falsely minted in this account and then subsequently swapped into the Uniswap pool for ETH:
To better read the above image:
- The Green "In" TXs represent WLEO getting minted to this address
- The Orange "Out" TXs represent WLEO being swapped into the Uniswap pool in exchange for ETH
The above routine of minting WLEO to this address and then swapping into the Uniswap pool continues for the next 4 hours. Instead of leaving all those details here in screenshots, an export of these TXs have been referenced at the end of this paper.
Oct 11 3:47 A.M. The first mention of the attack is by LeoFinance community member @decentropia as they report on the strange WLEO pool activity in Discord:
Oct 11 4:32 A.M. Discussions amongst community members continue as they try and dissect what is happening in real-time:
The same community member, @decentropia sees the first of the stolen ETH sent to Binance. As mentioned here, this same address has been utilized in prior attacks to steal ETH and then send to Binance, yet Binance has never taken action to report/block this address. More information on this will be in the "Investigation of the Attacker" section of this paper.
Oct 11 7:30 A.M. Many LPs Began Withdrawing Liquidity and Securing their WLEO as LEO on the Hive blockchain.
Throughout this entire attack, LEO on Hive was completely safe. The attacker only had access to printing WLEO and didn't have access to anything else. This means that all aspects of the project on the Hive side were safe and many users encouraged each other to take their WLEO out of the pool and unwrap it into the LEO native asset.
Discussions on Discord continued throughout this entire period as users continually found and shared information to figure out what exactly was happening. Meanwhile, around 7:30 A.M we began work on shutting the WLEO oracle and contract down to prevent further damage.
Oct 11 8:17 A.M. The App Was Stopped Which Prevented Any Wraps/Unwraps and Mints from the App Itself
$100,000 USD in liquidity still remained in the pool at this time. The hacker still had WLEOs minted in their address, so we began work on securing any liquidity that remained in the pool.
Oct 11 9:07 A.M. We minted WLEO in order to swap into the pool and drain the remaining ETH. At this moment, it was either us or the hacker who would drain the 112.29801 ETH that remained in the pool.
These TXs were posted in Discord for everyone to verify. 112.29801 ETH was then held until we could figure out a plan to distribute it back to LPs who had not yet had the chance to remove liquidity from the pool. More info on this redistribution can be found in the section titled "Liquidity Providers and the Redistribution of Saved ETH + LEO".
Oct 11 4:00 P.M. After shutting down the contract, securing the remaining ETH and LEO and finally halting the WLEO-ETH pool to prevent further swaps/adds/removals, the LeoFinance team compiled an official statement about the situation.
It was a long day of figuring out exactly what happened. Once we secured the remaining ETH/LEO, we went to work on securing the Hive side. Again, we found that nothing was impacted on Hive. Just the keys to the WLEO contract on Ethereum which allowed the minting of WLEO.
The past 10 days have been spent investigating the situation and finding a method to reimburse impacted LPs. ~112 ETH was saved that day along with ~255,000 LEO on Hive.
Since the investigation spanned ~10 days in total, we decided to report on our findings and conclusions rather than give timestamps throughout the investigative process itself. The above was intended to give insight on how the day of the attack unfolded including how the attacker stole ETH from the pool and most importantly, how the community and team responded to the attack.
In the next two sections, we'll explain the most relevant information we found and our conclusions from the attack.
III. Investigation of How the Attack Took Place
As mentioned previously, this attack was carried out by an attacker who managed to get a hold of the private key that governed the wLEO minting contract.
Due to the nature of wLEO's infrastructure, the oracle app requires continuous access to the key of the address that launched the wLEO contract in the first place. This key is then used each time a wrap transaction is made.
i.e. when User A wraps 10 LEO into WLEO, the WLEO contract issues a mint tx for 10 WLEO to User A's ETH address. This mint function requires a signature from the ETH wallet that launched wLEO in order to be sent.
This model has some inherent security flaws. Namely, if an attacker gains access to the server then they also gain access to the app that mints wLEO. With this access, they can also extract the private key that governs wLEO minting - allowing an attacker to mint unlimited wLEO and drain the Uniswap wLEO-ETH pool.
Once we figured out the how of the attack (access to the private key governing the wLEO contract), we moved on to the where (where did this attacker extract the key from).
There are three ways in which the attacker could've gained access to this private key:
- From the wLEO server
- From the local machine that setup wLEO
- From the software/browser that created the wallet
Investigation of the WLEO Server:
We initially carried out an investigation of the server logs. Checking the IP addresses of who had access to the server. Upon an initial inspection on the day of the attack, we couldn't find any unusual accesss logs in the server.
Wrapped Contract developer @fbslo also graciously helped us investigate the database of the Wrapped LEO oracle. Inspecting the database, he found that the wrapped transactions didn't originate from transfers to the oracle (the database didn't indicate false requests to wrap LEO).
An initial thought about the attack was that someone was able to send transactions to the oracle account (@wrapped-leo) without actually holding LEO. This was tried by several accounts either erroneously or with the explicit purpose of actually attacking WLEO and printing fake WLEO since the launch.
After crossing that potential attack off the list, it left us with the need to do a deeper investigation on the server logs and database to see what else we could find and if there was any unusual activity.
A few amazing people stepped up to help with the investigation of the server. We wanted to determine where exactly this attack on the keys originated. @themarkymark (long-time Hive witness and operator of several Hive-based projects) and another dev (who has worked on other LEO projects but didn't want their name listed for privacy) investigated the server logs thoroughly and couldn't find anything unusual. A group of Hive devs and witnesses also gathered to discuss the ways in which these keys could have been stolen and if it was from the server oracle itself.
A major shoutout goes to @themarkymark, @foxon, @deathwing, @rishi556 and @cadawg for helping in this and other aspects of the investigation progress. All of their witnesses have been linked at the end of this paper and I highly recommend giving them your vote. It's amazing to be a part of a community with so many passionate and talented people who don't run from crisis but step up to be involved in the resolution of it.
Investigations into the WLEO server itself lasted for several days after the attack. In the end, we concluded that there were no unusual activities within the server itself. Also considering the nature of the attack (as investigated through ETH tx records of the actual minting transactions) we found that the minting TXs likely didn't even originate from the server. This means that the keys were used elsewhere to mint WLEO. The liklihood of a server attack is slim to none.
From the local machine that setup wLEO
After determining that the WLEO server was still secure, we moved on to investigating the local machine that actually setup the Wrapped LEO contract.
Before we even started scanning this machine, we determined this attack vector to be unlikely. This particular machine is kept offline and was only brought online for specific one-off transactions/setups that were considered sensative.
At the time of the attack, there were also other keys/records on this machine that the attacker could have exploited but didn't. This isn't a disqualifying factor, but it does decrease the liklihood of a local machine breach.
After scanning the machine and investigating entry points, we ultimately eliminated this as the location of the attack.
From the software/browser that created the wallet
This was one of the main weak points for wLEO. The way that WLEO was setup requires that a hot wallet control the minting keys for the WLEO contract.
Hot wallets are infamously known for poor security, but wLEO requires that new tokens are minted on the Ethereum blockchain in order to be "exchanged" for LEO on the Hive blockchain. While there are other models (which is what we'll explore in "The Future: Exploring Models for a More Secure WLEO" section of this paper), this particular "hot wallet model" is the one that was chosen for the initial launch of WLEO.
After we concluded that a server breach was unlikely, this became our #1 suspect. We also scanned the local machine for good measure, but it was pretty clear to us that this was the most likely attack point for the hack on the WLEO minting keys.
To further add to this conclusion for the attack, we also ran an in-depth investigation on the ETH address that carried out this attack. In the next section of this paper, we investigate the "who" behind this attack in more detail.
This particular address is linked to a wide array of phishing scams all across the Ethereum blockchain. Known for wallet attacks and software breaches, they've carried out multi-million dollar heists on various applications and wallets utilizing the Ethereum blockchain.
Our Conclusion on the "How" & "Where"
We found ample evidence pointing to the conclusion that it was in fact the keys to the WLEO minting contract that were stolen.
From there, we investigated the various attack points for those keys. After crossing the most likely target - the WLEO server - off the list, we scanned the local machine and determined that to be an unlikely location of the attack.
We then marked a particular timeline between the initiation of the WLEO contract, the extraction of private keys and the setup of the WLEO server as the most likely point of attack. After our research into the attacker, we found that they have a history for software/wallet attacks and concluded that this is how they stole the keys to the WLEO minting address. Through the browser itself and the wallet software that extracted the keys.
There are some positives and negatives to this conclusion. Ultimately, finding out that the attack was on the minting keys and that they were stolen some time between extracting the keys and initiating the WLEO contract gives us a clear path to setting up a far more secure and robust WLEO contract in the future.
Wrapped LEO was undoubtedly one of the key growth drivers of LeoFinance. As we said, it wasn't everything but it did have a signficant impact and will have a long-term impact in the future. Getting WLEO back online is and should be a priority for our project. The key is to get it online and ensure that these attack vectors we've outlined are secured.
While I've left the details of this process out and just shared the conclusions here, this entire process of investigating the different vectors of attack for WLEO has given us and the people helping to build a new and far better version of WLEO an incredible level of insight. We'll dive into those details in the section titled "The Future: Exploring Models for a More Secure WLEO".
IV. Investigation of the Attacker
In the days that followed the attack, we dug into the addresses of the hacker. We found some interesting links connecting this party to much larger attacks across Ethereum ranging from the tens of thousands to multi-million dollar heists.
From this information, we concluded a few important points:
- This attacker does not stem from Hive
- This attacker likely had little-to-no knowledge about how LeoFinance actually works
- This attacker has a track record of phishing attacks on keys, which helped us deduct how the attack was carried out
As mentioned previously, this attack was carried out by an attacker who managed to get a hold of the private key that governed the wLEO minting contract.
Screenshots of the false mints of WLEO were shared in section II. The following address was the recipient of falsely minted WLEO. Using that WLEO, this address then swapped into the pool to steal the ETH liquidity.
https://etherscan.io/address/0x8c9a02c89c96940e377052a9be0c7326f89a2495
Throughout the attack, this address sent multiple transactions containing the stolen ETH to the following addresses:
- https://etherscan.io/address/0x713dbc6e1aa500d2d770e8950b3b2049cd96d4da
- https://etherscan.io/address/0xe08d5f067b87f4f267eacc90c61ba4c43f0f927b
- https://etherscan.io/address/0xfbfb338b6c14e5d39db637103185d1503b1554b0
- https://etherscan.io/address/0xc2d0143574a10f8a196917713f6fdee82db4e9f1
- https://etherscan.io/address/0xa55185370a480dac11dbf426169c4d74b521cd55
All of these addresses subsequently sent the ETH they received to the following address:
https://etherscan.io/address/0xa305fab8bda7e1638235b054889b3217441dd645
After the ETH was received by this address, it then sent it to Binance in multiple transactions (designating it to multiple Binance accounts in order to bypass KYC/AML procedures):
Here's where the investigation into this attacker took an interesting turn. The above address has been linked to a multitude of scams and major hacks on the Ethereum network.
After investigating this main wallet address and also diving deeper into the addresses linked to it, we found multiple reddit threads, official project reports and even a few Binance tickets about this particular attacker.
This main address has been reported to Binance countless times. We reported the addresses involved in the WLEO attack several times on the day of the attack and the days that followed. No helpful responses were received from Binance and they clearly haven't taken action against this address despite the multitude of reports that can be found on Google and Binance support requests about similar attacks over the past 2 years.
As this report is being written, this address has continued to send thousands of other ETH (presumably stolen in some way) to Binance with the latest tx sent just 45 minutes ago.
There are quite a lot of TX records here to dig through and dozens of ETH addresses involved. From all of these records and some other reports of attacks similar to the one on WLEO, we've learned that this attacker has particular ties to phishing scams and software wallet hacks which helped in our ultimate conclusion on this event and how it occured.
V. Liquidity Providers and the Redistribution of Saved ETH + LEO
The people that were most impacted by this attack are the liquidity providers. These are users who took a major leap of faith and decided to wrap LEO, combine it with ETH and provide valuable liquidity to our Uniswap pool.
Prior to the hack, our Uniswap pool reached ~$430,000 USD in just about 1 month of operation. This is an incredible feat, especially for a project that only had a market cap of ~$1.5 million USD at the time.
If you go back through the unfolding of events, you'll see that many LeoFinance users and LPs caught on to this attack early. Fortunately, many of these users were able to contact other users and a large amount of liquidity was secured out of the pool early on.
Unfortunately, this attack occured in the middle of the night for many people. While many were able to get out of the pool in time, many others weren't. These LPs that got stuck in the pool until the end saw their entire liquidity balance hit 0. This means that up until today, they lost 100% of their ETH and 100% of their WLEO in the attack.
If you remember, the LeoFinance team was able to step in during the attack and rescue ~110 ETH from the pool. Along with this, we also saved 255,000 LEO from the Wrapped-LEO oracle.
Prior to the attack, LeoFinance's official team liquidity was ~91 ETH and 129,000 WLEO. The LEO team liquidity will not be claimed out of the saved ETH and LEO. Instead, 100% of this amount will go to impacted LPs.
Remember the 300,000 LEO that was set aside by the LEO Bounty fund in order to incentivize liquidity providers? There was only 1 payment before the attack which leaves 253,403.490 LEO remaining from that total.
We've decided to include this in the LP refund pool.
The past week has been spent reviewing the balances of liquidity providers. There are a lot of unique situtations - with some LPs getting out of the pool in time, some not, some unwrapping, some swapping, etc. etc.
Each case required manual review in order to determine a fair amount to refund based on the initial liquidity provided and if/how much a user was able to remove during the attack.
In the end, we've determined that refunding ~110 ETH + ~754,000 LEO to impacted LPs will result in near 0 losses for everyone who provided liquidity and wasn't able to remove any from the pool. Some users may see a varying number, but most users will be made whole.
The ETH has been sourced from what we saved from the pool + the denying of refund from the Leo team liquidity. The LEO comes from 3 sources:
- Remaining bounty fund: ~253,403 LEO
- Saved LEO from the oracle: ~255,000 LEO
- Removed from the team stake: ~252,000 LEO
What does this mean for the LEO supply?
This means that the LEO supply will increase by roughly 4.3% (the dev stake minting of 252,000 LEO) outside of the number that would have existed in circulation after the 90 day bounty had completed.
All of this stake would have been released in circulation anyways. No "extra" LEO is being minted. What we're doing here is simply targeting that LEO toward LPs who were negatively impacted by this event.
As many have put it, this type of hack is a black swan event. It's a make or break time for the LeoFinance project and community. The community has already shown a great deal of resilience and a strong resolve to rebuild WLEO so long as we develop a system that cannot be attacked in this way and also safeguards liquidity against other attacks in the future.
Many other projects have had to deal with major attacks such as this. These events often turn into a project fork in which the community is divided and the tokens are broken in half. Some forks go more smoothly than others. In the end, the goal is simply to reverse some of the damages and create a positive path forward to keep building the shared vision.
This event is LeoFinance's black swan. We've experienced something that could easily kill any other project. Stop them from achieving their vision dead in their tracks. Instead, the LeoFinance and Hive community stepped up on the day of the attack. Our resolve actually strengthened and we all bonded over a shared loss.
After discussing all of this with several community members and team members, it seems that this is the best path forward. A way in which LPs can be made whole and a way in which LeoFinance can thrive moving forward as we carry this extremely vital lesson and battle scar into the next iteration of WLEO and also adopt better practices to apply to current and future branches of the LeoFinance project.
On the date that this paper is published, the LP refund distributions have already started rolling out. If you were impacted by the pool attack, you will find ETH in your LP address and LEO in your HiveLinked address in the hours that follow.
If you are a member of this group, we just want to say thank you for being a part of this community project and also for being patient with these finalized distribution numbers.
I know many of you have been anxiously waiting to get more info about if there will be a distribution and for how much it would be. It took several days to find the concrete numbers and then also make a decision on how the distributions would occur. We hope that you find our decision for redistribution fair for everyone involved and if you have any questions related to this or anything else, don't hesitate to jump in our Discord server, leave a comment on an @leofinance post or ping us on Twitter. Thank you.
VI. The Future: Exploring Models for a More Secure WLEO
Moving forward from this attack is vital for the LeoFinance community and our project. Many of our community members have already asked if and when a new and highly secured version of WLEO would launch. As outlined earlier in this paper, the addition of WLEO to our project brings a wide array of benefits:
- Liquidity
- Trading volume
- Pegging our token price to ETH
- Accessibility to other Ethereum-based projects
- Easy on/offramp for our recent LeoInfra integrations
- Decentralized exchange listings and centralized exchange listings
Throughout the process of investigating this attack on the first version of WLEO, we've identified the core weaknesses of Wrapped LEO. This has allowed us to build a model that not only solves the particular issue raised by this attack, but one that also improves our overall security on all fronts.
This new model is one that provides an incredible level of security. Especially in thwarting off attacks on any keys involved in the Wrapped LEO economy.
The attack on Wrapped LEO was an attack on the minting keys and thus, the attacker was able to mint an unlimited amount of WLEO and drain our Uniswap liquidity pool. In order to prevent this attack in the future, a limited token supply model combined cold storage has been designed.
Through discussions with various people - both in the Hive community and in the Ethereum/DeFi space - we managed to build a few models that represent robust versions of WLEO that pull from several other projects and exchange models.
The finer details of this model - including specific numbers, tokenomics and implementations - will be released in a long-form @leofinance post about 1 week after this paper is published. This post will give more details on the model and also the specific date that Wrapped LEO will relaunch.
For the purposes of this paper, we'll give an overview of the ideas behind the model and how we ultimately arrived at the various mechanics that are being implemented in order to ensure that an attack like the one we experienced is rendered impossible. More importantly, we'll also share the other implementations that we're adding to enhance the security on other aspects of Wrapped LEO that weren't involved in this attack but ultimately create a landscape for WLEO that has depth of security on all fronts.
Limited Supply of WLEO Tokens
In this new model, we're implementing a limited supply of WLEO. The attack on WLEO was possible because a hot wallet governed the ability to mint unilimited WLEOs. This was necessary under the old model of WLEO, but our new model will implement a different oracle system for wrapping LEO and unwrapping WLEO.
With a limited supply of tokens, we're removing the ability to mint new WLEO. At the start of WLEO, we're going to issue all of the tokens so that the ability to mint any new tokens is completely impossible. This protects us from having the key to mint tokens stolen. It also means that that key can also be utilized via cold wallet rather than hot wallet (since the key doesn't need to be used to sign minting TXs).
Since all of the WLEO tokens will be minted at the start, we need a secure method of storing them. These tokens will be stored in 3 locations:
- A portion of these tokens will be timelocked using a smart contract developed by the Trustswap team. This means that a portion of WLEO will be locked for a set amount of time (i.e. 12-24 months) before reaching circulation. These tokens will represent future supply of LEO (since the native LEO supply is increasing and more WLEO will be needed in the future)
- Another portion of these tokens (which represent the current supply of LEO) will be held in a cold wallet
- The final portion of WLEO will be held in a hot wallet. This hot wallet replaces the need to mint new WLEOs, as users will send and receive WLEOs by interacting with this wallet. Since this wallet is also the least secure form of storage, it will hold the least amount of WLEOs (just enough to service wraps/unwraps)
Cold Storage
In the WLEO storage methods above, cold and hot storage are mentioned. Again, the issue with the first version of WLEO is that the entire project hinged on 1 hot wallet. This is an obvious security flaw as having an attacker gain access to this wallet causes a collapse of the entire project.
With our new model for WLEO, we're limiting the damage that can be caused if an attacker were to gain access to this hot wallet. While we're drastically improving the security of this hot wallet key, it cannot be guaranteed since it is - as the name suggests - a hot wallet. This means that it is in constant use every day as the transactions to send WLEO to users who wrap LEO tokens needs to be signed with this wallet key.
The model we've designed is based on the way that major exchanges manage user funds. The hot wallet stores just enough to service active transactions each day while the cold wallet stores the remaining crypto. The cold wallet is managed offline and doesn't need to be used for daily transactions. Instead, the cold wallet is used to sign transactions only when the hot wallet runs low on funds and can no longer service the wrapping of tokens.
If you're familar with cold wallets and offline transfer procedures, then you'll know the high degree of security that comes with cold storage. Had the previous WLEO minting key been held by a cold wallet, this attack would not have been possible. The issue - as mentioned above - is that the old model relied on the ability to issue WLEO to users whenever they wrapped LEO tokens.
With our new approach, the hot wallet holds just enough funds to service those wrap transactions which means that if an attacker were to gain access, the damage they can cause is limited. No wallet exists that can mint new WLEO (since all WLEO is minted at the start). The remaining WLEO that isn't needed for day-to-day transactions is held by the cold wallet which is always kept offline.
New Geyser LP Incentive Approach
Before the attack on WLEO, many community members are aware that we were in the middle of creating our own Geyser platform to distribute LP incentives after the initial 90 day bounty period. This approach would allow us to sustainably reward LPs with a high APR for providing valuable liquidity to the WLEO - ETH Uniswap pool and also the other pools that will launch in the future.
A Geyser approach allows us to distribute WLEO/LEO incentives to users who provide liquidity. There are some key differences to this approach as compared to our LP incentive bounty that we ran for the first WLEO pool.
With this new approach, users earn additional WLEO/LEO incentives based on the length of time in which they are a liquidity provider. What this means is that an LP who's in the pool for 120 days will be rewarded with a greater APR than an LP who's in the pool for 30 days. Both of these providers will earn the same base APR, but that APR is then scaled up using a multiplier effect that is based on the length of time in which the provider has left their liquidity in the pool.
The longer you're an LP, the higher your rewards. This creates a relative distribution of LP incentives and also enhances the liquidity providing aspect of LeoFinance.
More details about this system will be released in a post prior to the launch of WLEO. Our new Geyser approach is modeled after a popular system in the DeFi space which utilizes LP token staking. While we modeled this system after other DeFi projects, we've created an extremely unique model of distribution which doesn't require LP token staking and also connects with the HiveLink system we created for the initial WLEO 90 day bounty.
In other words, this system is a radically new approach to LP rewards and it's going to add a fascinating aspect to long-term rewards for LEO stakeholders.
Providing liquidity is a risky endeavor but it also should bring the highest degree of rewards. Liquidity is essential for a project token like LEO/WLEO and this aspect of our project cannot go understated. We are lucky to have multiple devs working on different aspects of LeoFinance simultaneously as it allows us to continue building the LeoFinance UI while we fixed WLEO AND while another dev finishes the development of our new Geyser economy.
As always, there's a lot happening with LeoFinance all at once. Instead of overwhelming you with all of the details on these different aspects of the project that will be launched soon, we'll break them down in several posts that will be released over the coming two weeks before the relaunch of WLEO.
WLEO Relaunch Date
The key to relaunching WLEO is to ensure security on all fronts. We need to not only render attacks like the one we experienced impossible but also predict future attack vectors and create layers of security to safeguard against them.
Limiting the supply of WLEO along with integrating a cold/hot wallet management system are the pillars in our strategy to create a secure WLEO that can be utilized now and in the future. There are other benefits to this management system in terms of growth and exchange listings which wouldn't accept our old model of WLEO that had an infinite supply. We'll talk about these benefits and the other security measures that we're implementing in upcoming posts as we prepare for the relaunch of WLEO.
Our target launch date for Wrapped LEO is November 10th.
As the design is completed, the architecture is built and the system is battle-tested by multiple developers, we'll release more details and a hard launch date.
References
[1] leopedia.io/explainer - LeoFinance Landing Page displaying a diagram about Wrapped LEO
[2] Cold/Hot wallet diagram example: https://medium.com/tokensoft/scalable-wallet-architectures-a-simple-hot-cold-setup-for-exchanges-7ed6bf336c69
[3] Etherscan.io - Ethereum blockchain explorer. Used extensively to track LP addresses, WLEO balances and dig up tx records related to the attacking address
Users and Devs Who Helped With This Investigation
On the day of the attack, we received an overwhelming amount of support from the Hive community. Many users and devs stepped up to help with the process of digging through all of this information and it was no easy task. If you recognize these witnesses and developers, we highly recommend voting their Hive witnesses. They didn't ask to be named here but they definitely deserve the recognition and your vote of confidence.
- @themarkymark https://vote.hive.uno/@themarkymark
- @fbslo https://vote.hive.uno/@fbslo
- @foxon https://vote.hive.uno/@hextech
- @deathwing https://vote.hive.uno/@deathwing
- @rishi556 https://vote.hive.uno/@hextech
- @cadawg https://vote.hive.uno/@cadawg
An honorable mention also goes out to a few devs and community members who didn't want to be named here for privacy but also helped extensively in the process. Thank you!
LeoFinance is a blockchain-based social media community for Crypto & Finance content creators. Our tokenized app allows users and creators to engage and share content on the blockchain while earning cryptocurrency rewards.
Track Hive Data | New Interface! | About Us |
---|---|---|
Hivestats | LeoFinance Beta | Learn More |
Trade Hive Tokens | Hive Witness | |
---|---|---|
LeoDex | @financeleo | Vote |
Posted Using LeoFinance Beta
What about wLEO held by people other than liquidity providers? I had about 25k wLEO in 0xacC7D3095634a378339e6159e06DBB491fa38A11 when you wiped the pool, will this be honored?
Posted Using LeoFinance Beta
That is being made whole also. It was omitted from the post but liquid wLEO is also being refunded.
Posted Using LeoFinance Beta
I hope everyone has learned something new regarding key security after reading this post. I also liked the idea of having a cold wallet and making sure no new wLEO can be minted. While it might be relatively controversial to some, this is basically how it is (more or less) either way. So it doesn't really matter if you mint all coins at once or overtime.
I am hoping with the upcoming (re)launch of wLEO, we can see the price spiking, once again. I'll try to buy the dip a bit more. (Though it's not really a dip anymore.)
definitely not saying this because I was involved but a very nice detailed investigation. :)
Thank you for the time you took deathwing, great job.
Posted Using LeoFinance Beta
Nothing wrong with a self pat on the back when you put in a lot of work and are part of a team pouring through all those records.
And yes I think LEO will increase at an even greater rate this time due to renewed confidence in the entire project.
Posted Using LeoFinance Beta
Wow a long post with a lot in it.
It is terrific that you got to the bottom of it and that every Leo person will be made whole. This shows the merit of the Leofinance team and all involved.
The fact that this is not going to stop wLEO is a great thing. Things are looking up which is always a positive.
Confidence in Leofinance should be off the charts. There is no way to deny that this is a serious project seeking tremendous long term outcomes.
Holding LEO is a wise move in my opinion. We are just getting started.
Posted Using LeoFinance Beta
Yeah kudos to the team, they really do care about the project and the community.
I'm looking forward to the next few weeks on here.
Posted Using LeoFinance Beta
The next 6 months are going to be incredible. A lot of things planned.
Hold onto those LEO and dont let them slither away. They will be worth a lot down the road.
Posted Using LeoFinance Beta
It reads like a drama novel but it ends up being a real life scenario. Sucks to be on the receiving end of such an event but it did prove that there were weaknesses that were to be rectified. Little consolation but at least it wasn't millions of dollars stolen.
Thanks to all for the diligent work, although I haven't been participating in the WLEO stuff, I can definitely appreciate that lots stepped up to get this whole thing figured out and to come to a better path forward.
Thx for sharing the long report, maybe this is also a good opportunity to think about renaming the LEO token to LEOFINANCE or something like that to avoid confusion with the "LEO" Token (@coingecko rank 24 symbol "LEO") and to strengten the LeoFinance brand.
Posted Using LeoFinance Beta
Awesome! Just awesome, all of it!! I've worked for large corporations, mom and pop businesses and owned my own business and I can say the way you have handled this shitty situation is exactly the way to handle such a situation.
Acknowledge the problem as soon as possible. ✔
Investigate to find out (to the best of your ability) exactly what happened. ✔
Report the findings to your customers/clients/users in a timely manner with as much detail as possible. ✔
Clearly state your plans for moving forward so the problem does not happen again. ✔
Make it right (as much as possible) with your clients. ✔
Now, you guys went above and beyond on that last one but I know that you know the cost of doing so will be well worth the goodwill and confidence in your product that it garners. #smart
Keep on keeping on @khaleelkazi and crew!
Posted Using LeoFinance Beta
Details are astonishing and the level of clarity of what happened and how things will be handled in the future can only build trust. Without affecting the economy of LEO ecosystem too much, by covering the loses from the community pool with under 5% supply increase shows that investors are important for this project compared to other failed businesses when no support was provided in such cases.
The right way to handle things and keep the flame of trust up for the LEO Finance community!
Posted Using LeoFinance Beta
It is good to see a team that cares for their community and investors. We need to do our part and keep building this site wit great content.
Posted Using LeoFinance Beta
This was all worth the read. Now I'm more curious about how the future relaunch is going to turn out. Can't do any active posts on Leo but I'm learning a lot from the community on the subject of cryptofinance. This community will go far if it keeps this momentum going.
Why cant you do active posts on LEO?
Posted Using LeoFinance Beta
All my blogging activities are postponed until I settle my career obligations and free up some time. I'm currently semi-active on the blockchain just trying to catch up on the events after being inactive for almost 2 years due to my career (studying medicine). I mostly blog about art but was also into finance (more on traditional fiat investments). Looking forward to the end of November when I can have time for blogging about art, and then explore more on cryptofinance. For now, will just be contented on lurking on the Leo server so as not to miss out on the news.
We need some more traditional finance blogger around here.
I look forward to your posts when you find time to do it.
Posted Using LeoFinance Beta
And we actually have to go in search for them to bring them here.
Posted Using LeoFinance Beta
And when you finally start publishing, please do so via https://leofinance.io/
Posted Using LeoFinance Beta
I have yet to adapt the habit of consciously switching between frontends. Noted and thank you :D
Posted Using LeoFinance Beta
I have no topic to post or hard to find can anyone tell me where I can find the topic worth making a post on
Anything that has to do with finance is appropriate on Leofinance.
Cryptocurrency, money management, stocks, bonds, real estate, taxes, technology, businesses, and advertising/marketing.
Basically anything that applies to an individual or business.
Posted Using LeoFinance Beta
thank bro,
any suggestion on the crypto ban that's what I'm thinking of making a post about
The crypto ban?
Posted Using LeoFinance Beta
yeah where i live they don't allow to buy or trade crypto
Thank you for this extremely detailed explanation of the WLEO hack. I guess I understood maybe half of it, but I'll be able to reference it, knowing that the other half will probably clear up any doubts as to what actually happened, and how @LeoFinance reacted to it. Thank you!
Another great thanks is the way you managed to resolve the most painful part of this hack, the loss of funds. See, I'm one of those LPs who slept through the hack, finding my ETH reduced to minimal the morning after, and a boat-load of WLEO, which is probably fake. At first I was majorly upset, but then I had to accept that these things do happen in the cryptosphere. Now that I see that you will actually refund our losses, makes me appreciate the LeoFinance team even more. I'm certain you wouldn't cut into your own flesh for this, but since the original setup made this possible, I think I should express my great admiration for it. This makes me feel positive about joining the next liquidity pool.
Thank you once again. Now I keep checking my Uniswap, which I haven't touched since the hack.
Posted Using LeoFinance Beta
Yeah it really shows how much the team values the community and is a nice thing to see in a crypto project. Sorry about your losses, this should make you back to where you were before the hack.
Posted Using LeoFinance Beta
There are many reasons to be confident in Leofinance and this just adds to it.
We can now see the progress forward restart and move towards the ultimate end that we all envision for this platform.
Posted Using LeoFinance Beta
Awesome news and great work. The hack was unfortunate but sometimes the best lessons come through the hardest circumstances. I like the ideas for securing wLEO 2.0 and think making LPs whole was the right thing to do for a whole host of reasons. Specifically that the goodwill and confidence gained far outweigh the costs of a slight bump in supply that was eventually coming anyways. Onwards and upwards!
Sometimes a step back is the best way to keep moving forward.
Posted Using LeoFinance Beta
Personally I want to say thank you to the team and those individuals who took the time to help out.
I also want to say it shows the character of a team who is willing to use their own ETH from the pool to support their investors.
I think the minted and cold storage of wleo is a great idea that will not only limit lose but give wleo more structure. We now can show the max supply of tokens for coin market sites and people can track them.
The community will just have to work harder to make sure we can offset the loss with ad revenue. It shouldn't take too much work, the site is growing well.
Posted Using LeoFinance Beta
Sorry for the setback this may bring, hopefully your next wleo contract will be very secure and that it won't fend off LP's too much. Hopefully people keep in mind never to add more than you can afford to lose but I'm glad you guys managed to secure some Eth before it was all stolen and give back at least a percentage to the victims.
All in all I'm glad this wasn't someone from Hive as that would've been a bigger hit to the community and spirit. Glad the price is recovering nicely even with everything that's happened!
Posted Using LeoFinance Beta
Yeah if it was a Hive based attack, that might have been a serious security flaw that nobody saw coming.
As far as we can tell, the security on Hive is still very strong.
Posted Using LeoFinance Beta
Khal, what can I say man, this is incredible! You are foregoing the ETH + WLEO that was initially put in by LF plus the remainder of the LP bounty... thereby ensuring that all LPs who lost out are fully reimbursed!
I am one of those LPs. I knew it could be risky and after the hack I was prepared to accept whatever was left over....instead it looks like we'll get all of it back, amazing! Thank you indeed for this generosity and all the hard work you have put in and the extremely competent leadership you have shown.
Posted Using LeoFinance Beta
Every single comment here is positive, so I'm going to play devil's advocate.
I get that the 4.3% supply would have been minted anyway.
But putting it straight into the pockets of the already rich who's high risk/high reward investment didn't pay off, is a bit meh.
Posted Using LeoFinance Beta
very detailed. Thank you for this report. It Will be useful for all future wrapped H-E tokens.
Congratulations @leofinance! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
Do not miss the last post from @hivebuzz:
I can only say Bravo.
I'll have to reread a few times to grasp completely all the precious information which is being shared here.
Thank you.
Posted Using LeoFinance Beta
good work 👍. I will be an LP also for the next wLEO.
Well written post. I am glad that the team is refunding the LPs. As an LP I am grateful to have a Leofinace team to lead this project. Good job.
Posted Using LeoFinance Beta
Very well detailed this report and clarifies many things that happened during the attack, I think the most important thing now is to learn from the mistakes made to avoid future events like this, LEO is a great project and has an incredible potential full of thousands of enthusiastic crypto users.
The future aims to be incredible and we all hope that LEO will be the best of the best and together we will contribute to this
Posted Using LeoFinance Beta
great job
Posted Using LeoFinance Beta
This is seriously awesome! I was expecting you to get back on your feet. Only thing that sucked for me was I couldn't do much dip buying cause I was too busy buying DEC for Lands presale.
Posted Using LeoFinance Beta
I was waiting for this post. The details contained here are far from what I was expecting.
I think that the overall action plan to solve the wLEO issue is really good.
I support the project, the commitment of the team is amazing and the future looks bright!
LEO will come stronger than ever from this!
Cheers!
Posted Using LeoFinance Beta
it took time to read the whole thing but it was worth and that shows how leo and wleo are improving in security and finance also leo and hive are almost the same with only a cents difference I think the price will increase after this post what do you think guys
Totally awesome!
Posted Using LeoFinance Beta
That didn't feel like 6000 words!
Thanks for all the hard work, great progress.
All I can say is that any ETH or LEO that gets returned to me is going straight back into WLEO 2.0!
Cheers!
Have a !BEER
Posted Using LeoFinance Beta
Sorry, you don't have enough staked BEER in your account. You need 24 BEER in your virtual fridge to give some of your BEER to others. To view or trade BEER go to hive-engine.com
It took quite some time to read but the was worth it... Happy to hear that wLEO has relauched back with full force. I believe that everyone has learned something new touching key security after reading this epoch content.
Posted Using LeoFinance Beta
These were some long and demanding days and nights for you. Congrats on dealing with the situation at an utmost professional level!
Yes, time invested in security audits is never wasted. You've learned that the hard way yet you are better off from now on.
Good luck and keep on doing great work.
Posted Using LeoFinance Beta
thanks for trying to build something in a world of assholes ;) keep up the good work
Posted Using LeoFinance Beta
That is just AMAZING!
Deserves to be headline crypto news tomorrow! 'The attack that did no damage' or I'm sure there's a better headline!
Posted Using LeoFinance Beta
Great to see wLEO project back!
This is great news and leofinance just prove
together we can continue to improve and make this community.
One important thing I can from this
We are moving forward.
Posted Using LeoFinance Beta
Just want to add my thanks to you @khaleelkazi and the @leofinance team for the level of detail and transparency in this report. Thanks also to all the people that helped with the investigation.
I think the fact that the team's funds are being foregone to make community members whole speaks volumes to your character @khaleelkazi and just adds to my commitment to leofinance moving forward.
Looking forward to the relaunch of WLEO, and seeing this projected scale greater heights over time.
Cheers,
JK.
Posted Using LeoFinance Beta
This is amazing. The fact that you will use the hole liquidity fund to repay people shows the commitment to the project and your integrity. Well done.
I have been buying Leo since, rebuilding my stash, and now I am getting my old Leo. Will buy even more.
This is indeed a full length research paper. So much work put in. Thanks to Khal and the team of Hive developers and witnesses that supported the research. I see a stronger and more secured wrapped-LEO. Things would only get better.
Posted Using LeoFinance Beta
How LeoFinance is handling the bad times is a good indicator of future resilience. Good stuff.
If i remember there was someone with big amounts of Ethereum basically propping up the Wleo market. That seemed suspicious to me i wonder if it was the same person who drained the pool in the end.
Kudos to the team who worked on the investigation. You all did an outstanding job of digging into this event. Optimistic about the future of WLEO and HIVE. Devs and community responded quite well which makes me feel more secure being part of this community and very, very hopeful moving forward.
Good explanation of how the events occurred, unfortunately binance did not provide the necessary support, although they know what it is to go through that.
And well, it only remains to get up from this fall and move on with the project, we hope that the relaunch of WLEO will be soon.
Posted Using LeoFinance Beta
Incredible what goes on in the background of LEO. The stuff you were able to investigate is mind-blowing and very techy. So many loopholes to consider, I wouldn't even know where to start with. Amazing how much quality support you have gotten. The whole topic really throws some light on security and we all should re-think how we handle our keys. One thing I have learned from this, is that LEO is even stronger than I thought. And I have been sitting on a small whale stake for over a year now. THIS TIME, I will also join the liquidity pool for wLEO, because I believe in what you are doing even more so after the dust has settled.
Posted Using LeoFinance Beta
I was one of those that was completely out of it when the attack happened, in fact found out about it days later, lol, but I'm pretty happy how it turned out and having gotten all LEO and almost all of my ETH back that I used to provide liquidity with – kudos for the team, you certainly think for the best of the community!
Posted Using LeoFinance Beta
Although I have to admit that I merely scanned through this ( I get most of my information from Discord and your videos ), it gave me a pretty good feeling and once more showed that the trust ( I and others have put and will put ) in Leofinance is legit.
It was pretty amazing to wake up this morning and - after logging into my Exodus wallet - finding out that I received my Eth back. Even more after paying some ETH ( that I had gotten by turning LEO into ETH via Metamask ) to a tax consultant (haha), only yesterday. I then checked my LEO wallet and found loads of liquid LEO, paid out in LEO.bounties! Awesome!
In short, it felt like I received a birthday present.
Especially knowing that I decided to let go after the hack, thinking that whatever would happen would be okay.
Thanks again for showing us that trusting humanity is still worth it ( even in 2020 ) ;<)
Posted Using LeoFinance Beta
Great! Amazing that you really track it! Whatever it is, whatever its past, I'm still here to invest in LEO.
Posted Using LeoFinance Beta
Great job, @leofinance! Glad to be part of the community!
Posted Using LeoFinance Beta
Aloha
That was a long, but fascinating read, filled with a wealth of information. The Leofinance project continues to impress all with eyes and I admire your loyalty to your Community and I agree that the decision to make the LP investors whole was the best one in this situation. I am a LP investor and it's a risky position to be in, plus without the incentive rewards I wondered if holding Leo was more viable. Then the hack and it's crystal clear that being a LP investor isseriously risky, but essential for the future of the token and community. I can't stress how important being made whole is to the liquidity providers and how important this project is to the community. The opportunity to tie our token value to the value of Ethereum is priceless.
Reaching beyond Hive is essential. Hive has wonderful technology and community, but it's still a very small and unknown token in the crypto universe. A second layer token would be forever be limited by the success of the first layer token without such efforts and although risky, these moves are essential to the growth of the token price and growth of the community. It's marvelous that someone wrapped hive and showed the way.
As an investor in other LP I can say first hand the risks are there, the losses are there, but not all LP have the huge backing and commitment of this community. This community and token are gems, truly diamonds in the rough.
My respect and admiration goes out to all involved.
Posted Using LeoFinance Beta