February 10, 2022
Beosin’s Analysis: DEGO is Hacked Due to Suspected Private Key Compromise
The private key of multiple addresses were compromised, and hackers drained the assets on multiple chains.
Take ETH as an example.
The Deployer address of DEGO Finance is:
0x20FE4B1eD95911487499e53355BB8f14a881D735
The hacker’s address:
0x118203B0f2A3ef9e749D871C8fEF5e5e55ef5C91
The hacker minted 592,582.35 DEGO tokens to the Deployer account of DEGO and 0x118 account respectively via private key:
Then removed the liquidity of the ETH-DEGO trading pool:
The hacker obtained 269,502 DEGO tokens and 378 ETH by removing liquidity from the Deployer account.
Then the 378 ETH obtained by the Deployer account was transferred to the 0x118 address.
At the same time, the hacker transferred 441 yvWETH originally belonged to the project’s address to the 0x118 address.
At this time, there were 757.4 (371.6+378.75+7.10) ETHs in the 0x118 account.
As of this writing, all the stolen assets still remained on the 0x118 address and have not been transferred out.
BSC
Cronos
Beosin will continue to monitor this address.
Contact US
Website: https://beosin.com/
Email:contact@beosin.com
Twitter: https://twitter.com/Beosin_com
Telegram: https://t.me/beosin
Medium:https://medium.com/@Beosin
Github: https://github.com/Beosin20180329
Related Project
Related Project Secure Score
Guess you like
Beosin’s Full Analysis of Build Finance’s Governance Takeover Incident
February 15, 2022
Beosin and Guardian have entered into a strategic partnership
July 28, 2022
Beosin’s Detailed Analysis of Solana Attack
August 04, 2022
Beosin EagleEye, the "Magnifying Glass" of Web 3.0 Security
August 08, 2022