Hi all,
Unfortunately we were hit by a hacker today.
This person found a way to duplicate deposit transactions, spoofing our server into thinking they had deposited over 5M $CROWN tokens (max supply is 250M), thus allowing them to withdraw those tokens from our collateral wallet (not the user’s tokens, but our tokens backing up the tokens).
We immediately closed down all services, and found and fixed the exploit. There is no reason to believe any keys were compromised or more permanent damage occurred. During the 30 or so minutes after, they were able to sell nearly 1.6m tokens into available decentralized pools.
We’ve offered a bounty out for this hacker to return the tokens and get paid. If they don’t respond, leaving ~3.4m tokens out in supply that weren’t planned, we’ll have to take more drastic action (i.e mint a new token, inflate supply, etc).
This is extremely disheartening, but the silver lining is that there are many paths forward to recovery. This can unfortunately be a rite of passage for crypto projects, and we’re taking every step possible moving on to keep things secure.
We will keep you posted as soon as we know more and will have a more in depth technical write up soon.
Thank you for being a part of our community!