Announcement: Further Investigation Results

EOSIO.SG
EOSIO.SG
Nov 15, 2018 · 3 min read

Update: 21st Nov 2018, 04:00 UTC, a claim from GiggleAll was received.

Based on his story, the transaction was performed using the ‘gizdkmjvhege’ testing account on test net and subsequently posted on Github. This happened during the exploit.

Therefore, GiggleAll and relevant authority have been contacted and involved together with AirDropsDAC to investigate this exploit further.

— — — — — — — — — — — — — -

Dear EOS Community,

This interim update provides additional information we have uncovered after further investigating the recent incident where AirDropsDAC’s tokens were misappropriated.

We started with the public key of the account sym111111add during the period of the exploit. This can be retrieved as EOS7TBTmjpbYMVXCdzQZYDAyd7Pz2A63d4LD5ceb5wUmddLwSEu7R, which we have already shown in the last medium post.

We have further investigated this public key’s activities on blockchain and uncovered that this hacker also controlled the following accounts:

In addition to our stolen test account, three accounts were hacked on Oct-25th-2018 and another one on Nov-08th-2018:

We have gone through the activities of the hacker(s) during the period he/she controls these accounts and found out that the stolen EOS has been transferred to the account ‘gizdkmjvhege’ in the end.

Then we did a search on the internet for this account and found the following comment on Github which indicates Github User ‘GiggleAll’ has been acting on account ‘gizdkmjvhege’ during the time of exploit. This control has not been changed after the last update auth activity on Oct-24th-2018.

https://github.com/EOSIO/eos/issues/6301

Therefore, we believe that GiggleAll is the hacker behind this exploit, who is controlling account ‘gizdkmjvhege’ at this moment.

In this way, we believe that we have successfully find the identity of the hacker, a programmer who is a total stranger to EOSIO.SG.

Once again, we deeply regret that our oversight has resulted in one of our testing accounts to be compromised and subsequently used in an inappropriate manner. We will take a lot away from this incident and the frustration it has caused the AirDropsDAC team and the wider EOS community.

Yours sincerely,

EOSIO.SG

EOSIO.SG

Written by

EOSIO.SG