February 10, 2022

Beosin’s Analysis: DEGO is Hacked Due to Suspected Private Key Compromise

The private key of multiple addresses were compromised, and hackers drained the assets on multiple chains.

Take ETH as an example.

The Deployer address of DEGO Finance is:


The hacker’s address:


The hacker minted 592,582.35 DEGO tokens to the Deployer account of DEGO and 0x118 account respectively via private key:

Then removed the liquidity of the ETH-DEGO trading pool:

The hacker obtained 269,502 DEGO tokens and 378 ETH by removing liquidity from the Deployer account.

Then the 378 ETH obtained by the Deployer account was transferred to the 0x118 address.

At the same time, the hacker transferred 441 yvWETH originally belonged to the project’s address to the 0x118 address.

At this time, there were 757.4 (371.6+378.75+7.10) ETHs in the 0x118 account.

As of this writing, all the stolen assets still remained on the 0x118 address and have not been transferred out.



Beosin will continue to monitor this address.

Contact US

Website: https://beosin.com/


Twitter: https://twitter.com/Beosin_com

Telegram: https://t.me/beosin


Github: https://github.com/Beosin20180329

Discord: https://discord.com/invite/B4QJxhStV4

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Beosin’s Full Analysis of Build Finance’s Governance Takeover Incident

    February 15, 2022

  • Beosin and Guardian have entered into a strategic partnership

    July 28, 2022

  • Beosin’s Detailed Analysis of Solana Attack

    August 04, 2022

  • Beosin EagleEye, the "Magnifying Glass" of Web 3.0 Security

    August 08, 2022

Join the community to discuss.