February 10, 2022

Beosin’s Analysis: DEGO is Hacked Due to Suspected Private Key Compromise


The private key of multiple addresses were compromised, and hackers drained the assets on multiple chains.


Take ETH as an example.


The Deployer address of DEGO Finance is:


0x20FE4B1eD95911487499e53355BB8f14a881D735


The hacker’s address:


0x118203B0f2A3ef9e749D871C8fEF5e5e55ef5C91


The hacker minted 592,582.35 DEGO tokens to the Deployer account of DEGO and 0x118 account respectively via private key:



Then removed the liquidity of the ETH-DEGO trading pool:



The hacker obtained 269,502 DEGO tokens and 378 ETH by removing liquidity from the Deployer account.



Then the 378 ETH obtained by the Deployer account was transferred to the 0x118 address.



At the same time, the hacker transferred 441 yvWETH originally belonged to the project’s address to the 0x118 address.


At this time, there were 757.4 (371.6+378.75+7.10) ETHs in the 0x118 account.




As of this writing, all the stolen assets still remained on the 0x118 address and have not been transferred out.



BSC



Cronos



Beosin will continue to monitor this address.




Contact US

Website: https://beosin.com/


Email:contact@beosin.com


Twitter: https://twitter.com/Beosin_com


Telegram: https://t.me/beosin


Medium:https://medium.com/@Beosin


Github: https://github.com/Beosin20180329


Discord: https://discord.com/invite/B4QJxhStV4

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Beosin’s Full Analysis of Build Finance’s Governance Takeover Incident

    February 15, 2022

  • Beosin and Guardian have entered into a strategic partnership

    July 28, 2022

  • Beosin’s Detailed Analysis of Solana Attack

    August 04, 2022

  • Beosin EagleEye, the "Magnifying Glass" of Web 3.0 Security

    August 08, 2022

Join the community to discuss.