Using Graphistry and AnChain.ai to Uncover a Massive Ethereum Heist
Graph visualization has proven to be powerful for investigating almost any type of data, and most recently the team at Graphistry was able to help in uncovering a massive Ethereum heist on two of the world’s most popular DApps (distributed applications).
AnChain.ai and Graphistry recently partnered to investigate the world’s first publicly identified BAPT (Blockchain Advanced Persistent Threat). The investigation identified the BAPT-F3D hacker group, which was responsible for stealing 12,948 ETH (~ $4 million) between July and August 2018 from various vulnerable smart contract DApps. As of today, BAPT-F3D is still actively attacking.
Fomo3D and the Airdrop Vulnerability
AnChain.ai, which specializes in security for the blockchain ecosystem, analyzed the wildly popular game “Fomo3D” ( the #1 DApp in July 2018) and its copycat “Last Winner” (the #5 DApp in August 2018). These games are DApps based on Ethereum Solidity smart contract and operate quite openly as Ponzi schemes or exit scams. At high level the game works as a lottery with players buying keys that reset the timer for a round. Keys continue to get more expensive over time, and eventually when the time runs out, the player who bought the last key wins the entire pot.
Additionally the game included another side-betting opportunity when a player buys their keys. When a player buys their keys they have a % chance to win an “airdrop” to instantly win ETH from a growing sidepot. The more a player gambles on their chance, the more they stand to win. And this airdrop function is where things got interesting.The airdrop function contained a vulnerability, which allowed coordinated attackers to steal the equivalent of more than $4 million USD across both games in just a few days.
Finding the Industry’s First Blockchain APT
Combining Graphistry’s industry-leading GPU-powered investigation platform with AnChain.ai Situational Awareness Platform (SAP), AnChain.ai gained a holistic view of all millions of events and over 30,000 addresses related to the games. As a result, the AnChain team was able to identify the first known Blockchain Advanced Persistent Threat (BAPT), dubbed BAPT-F3D. This was the first known BAPT in blockchain history. Further bytecode artifacts similarity analysis by SECBIT Labs confirmed this BAPT group of 5+ addresses are strongly correlated, as likewise seen in the visualization.

The AnChain.ai SAP was able to identify the following traits related to BAPT-F3D:
- Advanced: Leverages massive scale of sophisticated attack contracts to exploit a vulnerability in the “airdrop” feature; Anti-Forensics capability that self-destructs the blockchain artifacts. Coordinated crime.
- Persistent: Well planned, and operating continuously for weeks; Constantly upgrading attack contracts from V1 to V3. Moving from target to target
- Threat: Financially motivated threat targeting specific smart contract DApps with similar vulnerabilities, stealing $4 millions worth of ETH and counting.
Impacts and Conclusions
Using knowledge graphs, AnChain.ai was able to document a new type of threat facing DApp owners, exchanges, and the growing blockchain ecosystem. For Graphistry, the analysis proved to be very similar to our work in anti-fraud and money-laundering investigations, although with very new and interesting twist. But most importantly, it shows the power of knowledge graphs and GPU-powered graph investigations to quickly expose the important connections and relationships across millions of pieces of data.
We think of this as the user interface for a world increasingly dependent on data, machine-learning, and AI. Analysts have similar needs whether investigating malware or phishing incidents, tracking the flow of illicit funds, fraud within a healthcare system, or hundreds of other data driven projects. Humans need to be able to see and understand what is in their data. They need AI and ML models to not be impenetrable black boxes. By bringing an interactive and investigative front end to these technologies, we hope to make them more accessible, usable, and ultimately deliver far more impactful analysis and applications.
About Graphistry
Graphistry is redefining how organizations investigate their data. The Graphistry Platform turns any type of data into interactive, graph-based investigations that brings immediate insight into cybersecurity, anti-fraud, and wide range of other data-intensive investigations. By providing an intuitive human front-end to big data and AI, Graphistry allows human analysts to bring all of their data and all of their tools into a single context and see connections and relationships that could never be seen before. Using multiple breakthrough GPU innovations on both the client and server side, Graphistry has already delivered a 100x improvement in the scale of interactive data visualization, and continues to reset the bar on a regular basis.
About AnChain.ai
AnChain.ai is an AI-powered blockchain ecosystem security startup based in Silicon Valley. The team has extensive experiences in cyber security, artificial intelligence, cloud, big data.
AnChain.ai offers two products:
- SAP proactively protects smart contract assets. It provides Threat Intel, Knowledge Graph, and Situational Awareness to secure blockchain transactions for DApps, Exchanges. AnChain.ai SAP detected Blockchain APT (BAPT) for the 1st time in history.
- CAP is a containerized cloud SaaS, offering automated Solidity smart contract online auditing, and top tier expert auditing service.
