Company Update —29th December: On the breach, what is / isn’t affected, and the relaunch plan.

Script Network
7 min readDec 29, 2023

--

Thank you for your patience regarding the attack on one of our dev computers yesterday afternoon on December 28th 2023. Our transparency to everything is paramount to the integrity of Script Network, so here we will explain as much as we can. Here’s what we know, what we don’t know, and what we are doing moving forward from here. **All of the following will be updated if and when further information comes to us**

Overview of the attack

At around 2pm UTC on the 28th December 2023, one of our core dev computers was attacked, completely compromising their passwords, access to the respective contract and the ability to act with the speed that they did. This is not a random hacker sitting in his bedroom, this was a state level group of hackers, as further identified through our investigation with Binance Security. We are still trying to understand exactly how the compromise happened, but we know it was a level of sophistication that is far beyond the pale of simply clicking a link. That said, we are working with cyber forensics, Binance security and Lossless Protocol, to ensure that a full, thorough investagtion is made. Thus far, Binance security themselves have confirmed it is a state level developer sophisticated attack, that said, we have taken the most aggressive of actions across the team until the investigation is complete. More on this below.

As far as what specifically happened, we are confident that the computer was seemingly compromised. This means that even with a secure contract and set up across the team, they were able to change owner address, and then actually withdraw more coins from the contract that even was there at the time (around 30m more coins that was even in the contract at the time). The contract does not allow minting of new supply, and even if it did, you can see there was no new supply added (contract: https://bscscan.com/token/0xeb880acb83c63ea3eab4baae9693dc5dd9d324a3?a=0x6b787b16445983197bf4b291016c74363d78979a#tokenInfo)

The hackers then seemingly started to carry out a mix of 3 actions after retrieving the coins:

  1. Dispersed small amounts of coins into multiple different wallets (over 20m coins dispersed the 10s of wallets)
  2. Opened a liquidity pool on pancake swap (of which Script Network has never launched — as we are not on dexes)
  3. Created an illusion that dex trading was open officially by a range of wash sales to create trading activity, of which users then started buying due to the arbritage on the price to the CEXs. It is here where they began selling. Alongside this, they sent small amounts to exchanges to liquidate, of which they done in two significant stages yesterday. They of course aimed to do significantly more, but we assume that across the fake dex LP and CEXs, they sold approximately 325k usd worth of coins. This could be less, but at this stage, it does not matter.

How we dealt with the situation:

We were actually alerted by Binance of the breach and a notification we got from our sec Ops. They helped immensely (and still are doing so) to find the group of attackers. As mentioned above, since it was sophisticated, even with a sec ops team, lossless protocol and Binance security, we are unable to confirm exactly what has happened. Once we can confirm, we will update here.

What we did do however is ensure our treasury is safe, which it is, and ensured that liquidity (as much as we had control off of) was pulled from the exchanges. We then requested that exchanges close deposits and withdrawals of wallets holding SCPT (due to the hacker attempting to trade millions of coins) and then, halting trading. This process, due to all 3 exchanges being based in a timezone where the core team was unavailable, which meant we had a prolonged period of time with trading continuing, with nothing that we could do to change it.

We have carried out a full internal team audit, alongside further additions to our monitoring not just on chain, but off chain through our servers, web apps and platform.

Where we are now

Contract:

Although the previous contract had no issues (audited by 3 companies), we have deployed a new contract via Lossless protocol. This already comes with significant security protection, already audited by certik, skynet and hacken. There is a multi sig governing both the primary and back up ownership safes. Only the core team will ever have access to this for the foreseeable future at least.

Exchanges:

All trading has been suspended on all exchanges. This is good news, as it means the hackers can no longer sell coins. They have of course confirmed they’ll support a full migration a new contract address. This means, as it stands, if you held coins on the exchange at the time of the snapshot— you will receive a 1:1 conversion to the new SCPT coins. [UPDATE 2 JAN 10:20AM UTC] This snapshot will now likely be at the respective time of closure of trading of that respective exchange.

Any buys made after this will be given a conversion which is to be confirmed. This is because of the checks to separate organic buys from that of the hackers wallets depositing coins to dump, then to receive a free airdrop only to dump again on relaunch. Likely, buys after the hack will still get an airdrop, however this will be updated and confirmed over the coming days. We are not in control of the speed of this decision, it is that of the exchanges.
For clarity, you may see articles like this https://www.kucoin.com/announcement/en-kucoin-will-suspend-scpy-usdt-trading-pair-and-support-the-token-swap-for-script-network-scpt-20231229 — this is simply confirmation that the migration is ongoing and Script Network and the exchanges (Kucoin, MEXC, Bitget) are fully in co-operation.

Relaunch:

We will re-launch at a similar price as to what SCPT was at the time of the hack. The tokenomics will remain the same as it was before. We are ready to relaunch, but unfortunately we have to wait for the migration to be carried out by the dev teams on the exchanges. With it being a weekend (no coins or tokens launch / relaunch ever takes place on weekends), then New Year’s Day, this means the relaunch date is TBC, but likely next week. The exact date and time will be confirmed once we have it.

What all of this means for you and the company: In short, it was a terrible day in the company yesterday, after so many years of building, to have people try so hard to damage everything the team has worked so hard for — but — in short — nothing has been affected.

✅ Treasury is fine — we still have all the available funds to utilise on the roadmap

✅ Liquidity is fine — we pulled liquidity early enough to not be affected.

✅ Your coins — also fine. Which we will explain below for clarity — — —

Scenarios (this following plan is likely to change if and when exchanges confirm the migration strategy on their end) UPDATED 2 JAN 10:20AM UTC:

You held SCPT coins on an exchange and didn’t do anything yesterday in terms of trading: you will receive a 1:1 conversion of coins you held, and the price will be in and around what it was at the time of the hack.

You held SCPT coins in cold storage or on a decentralised wallet and didn’t do anything yesterday in terms of trading: you will receive a 1:1 conversion of coins you held, and the price will be in and around what it was at the time of the hack.

You sold SCPT coins before the snapshot: you will not receive an airdrop

You bought SCPT coins before the snapshot: you will receive a 1:1 conversion

You deposited SCPT coins into an exchange after the hack, then sold: you will most likely not receive an airdrop, and will have to open a ticket after the migration is complete

You had your coins on Magna, unclaimed: Nothing will change, Magna will support the migration and all coins will be claimable as per before the hack.

For anyone else, please open a ticket up in our discord and we will do our best to answer. It should go without saying but we will do our best to avoid anyone losing out from this situation, even though some users repeatedly decided to buy and sell hours after we repeatedly told them not to.

What happens to the old tokens

Will effectively be defunct as of now. DO NOT interact with any dex pool that may open up with the attempt to sell your tokens, you may be exposing yourself and your security. You DO NOT need to swap your tokens for new SCPT tokens next week, it will be automatic

In short relaunch date is expected to be the 2nd or 3rd Jan, everyone’s coins are 100% safe til then. The only “downside” of all of this, is that no one can trade their coins for a few more days. In terms of all product launches, new channels, mainnet etc — all news will follow after migration. We are stacked with stuff to release / announce, but best we do this once this is complete.

For those waiting for KYC approval, or process of refunds, this will be carried out next week. For those who have not yet been able to claim their tokens for whichever reason via Magna, this will be claimable upon re-launch.

Thank you everyone for your patience on this. It’s a long road and although we are beyond annoyed about what has happened, we are glad that it was mitigated quick enough with hardly anyone if any being affected. We’re super pumped and cannot wait for next week to continue our long term mission.

About Script Network:

Script Network is a leading L1 blockchain video delivery network and live streaming protocol that revolutionizes the way viewers engage with live television content. Through the power of AI, Script Network offers personalized, high-quality, and secure live TV streaming experiences. Learn more at https://www.script.tv.

--

--

Script Network

Script Network is an open source web3 live tv platform, protocol, and storage network