In a 20 April blog post, EasyFi founder and CEO Ankitt Gaur detailed the incursion, which he says was a “targeted attack.”
According to Gaur, the EasyFi smart contracts were not exploited and only the mnemonic phrase and admin keys for the network’s MetaMask account were compromised. Following a brief post-mortem, the EasyFi team concluded that the hack wasn’t a result of a MetaMask phishing attack. Instead, the physical computer used to execute official transactions was compromised and the wallets were accessed directly from the hard drive.
“We are investigating it thoroughly to arrive at a factual conclusion and act on it,” Gaur said.
None of the tokens drained from the protocol have yet been sold due to liquidity constraints. EasyFi stopped all token deposits and is working with exchanges to halt token trading altogether. At the time of the hack, the stolen EASY tokens were worth over $70 million.
Gaur offered a $1 million reward for the hackers to return the funds and said that the company wouldn’t take legal action.