Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Sentinel, a Cosmos ecological dVPN project, stated on Twitter that the $40 million DVPN tokens were stolen due to the leak of the mnemonic phrase on the HitBTC exchange. Sentinel stated that the user's own DVPN was safe, and HitBTC had the problem. They reported the hacking incident to Sentinel one hour after the incident. So Sentinel hopes that HitBTC will take action to return DVPN to users. HitBTC responded that Sentinel was trying to shirk responsibility for its technical defects and deceive everyone. HitBTC believes that Sentinel’s technology has vulnerabilities that can easily cause user mnemonics to be publicly disclosed. Such vulnerabilities are common in the Sentinel network, and the blockchain and software have not been thoroughly tested, and the company has not invested enough Time and resources to protect users. Therefore, HitBTC recommended that Sentinel fix the security vulnerabilities in the software, conduct more tests, and restart the current centralized system. Attack method (per SlowMist): Affected by the HitBTC event. Reported loss: $ 40,000,000.
- chain
- —
- protocol
- Sentinel
- bug_class
- private-key
- date_occurred
- 2021-08-21
- loss_usd
- $40,000,000
- source_id
- sm:sentinel::2021-08-21