Over the weekend, hackers stole millions of dollars in crypto from Roll, a social currency startup that allows so-called “creatives” to launch and manage their own Ethereum blockchain-based money systems.
According to the company, someone managed to get inside its “hot wallet” early Sunday morning, making off with the equivalent of $US5.7 ($7) million in currencies. (A “hot wallet” is basically an online crypto-bank account.) The hacker then sold the tokens on Uniswap, a crypto exchange platform. Roll said the hack seems to have occurred via a compromise of one of the wallet’s “private keys,” which is the equivalent of someone learning your master password.
[referenced id=”1679122″ url=”https://gizmodo.com.au/2021/03/terry-crews-has-his-own-cryptocurrency-because-why-not/” thumb=”https://gizmodo.com.au/wp-content/uploads/2021/03/12/ig4b1mt7ib3jesnkkjrz-300×169.jpg” title=”Terry Crews Has His Own Cryptocurrency Because Why Not?” excerpt=”Soon you could be spending money minted by Terry Crews — certainly an exciting piece of news if that’s been an ambition of yours.”]
“As of this writing, [the cause appears to be] a compromise of the private keys of our hot wallet and not a bug in the Roll smart contracts or any token contracts,” the company said in a statement Sunday. “We are investigating this with our infrastructure provider and law enforcement.” The company further promised to do a third-party security audit and a forensic analysis to “figure out how the key was compromised,” as it’s currently unclear how the hacker got their hands on it.
Roll launched in 2019 and has since made a name for itself as a home for entrepreneurs looking to launch and manage their own currencies. We recently wrote about its partnership with celebrity Terry Crews, who now has his own crypto, $POWER. As of the recent hack, the company had a growing following and was hoping to be a hub for the “mass personalisation” of currency, a place where “anyone, anywhere, anytime can create their own money.”
Yet this weekend’s security incident sent several of those money systems skittering towards oblivion, with prices of affected tokens dropping “as much as 90%,” Finance Magnates reports. One of those currencies, Karma DAO, announced via Twitter Sunday that the hackers had emptied out its wallet, clearing 155 ETH, equivalent to over $US276,000 ($356,288). Another user, who had invested in currency $PICA, said that they had “lost everything” because the crypto had “just went to 0.”
I also think it’s an opportunity to accelerate Karma’s evolution into its next phase — I’ve ideated a roadmap to evolve the concept of the token asset into something else. Please don’t buy KARMA on Uniswap, and all invites into KARMA have been closed.
— Karma DAO / karmadao.eth (@karma_dao) March 15, 2021
Roll has apparently angered some followers by not immediately offering a full refund of the losses incurred. Instead, it has opened a $US500,000 ($645,450) pool to “help the creators and their communities affected by this,” though details on how that pool works aren’t readily available on its site. We have reached out to Roll and will update if they respond.
As should be obvious, Roll isn’t the only crypto platform to get hacked recently. Just yesterday, the NFT-trading platform Nifty Gateway announced that someone had busted into several user accounts, absconding with some of their crypto-art fixtures as well as account information. In general, token exchanges have an abysmal track record when it comes to getting hacked. It’s pretty obvious why crypto has a big target on its back: It’s an internet-facing community based around money and anonymity (that also just happens to have ongoing issues with scams and fraud). If you’re a cybercriminal, what’s not to love?