Open in app

Sign in

Write

Sign in

Security Incident Post-Mortem Report — and The Road Ahead.

Uno.Reinsure
9 min readNov 18, 2023

WHAT HAPPENED?

On November 14th, at approximately 15:49 UTC, one of our deployer wallets (used previously to run a patch on the protocol codebase) suffered a private key compromise. The exploiter was able to get access to the deployer account, which held the owner role; s/he then transferred ownership to an exploiter-controlled EOA, and maliciously tampered with the claimsAssesor role. This allowed for access to drain the SSIP & SSRP pools using the policyClaim function. Kindly note that this was only possible because the claimsAssessor role was not shifted to a multi-sig.

The exploiter also drained one of the Rewarder contracts using the emergency withdraw function, which was reserved for emptying of contracts in the case of contract upgrades.

Consequently, a total of 32.4M $UNO, 127.9K $USDC, 59.3K $USDT, and 18.4 $ETH was misplaced.

INITIAL/IMMEDIATE SECURITY RESPONSE:

As soon as the Uno Re team was notified, a war room was set up; token contracts for $UNO on both ETH and BSC networks were paused briefly, and all our exchange partners that currently have $UNO token trading pairs were requested to halt trading, deposits, and withdrawals on the $UNO token, and a report on the exploit along with on-chain proof in order to freeze of any assets being transferred from the exploiter’s wallets was filed..

Internally, responsibilities were systematically allocated to respective teams based on the nature of their capabilities; the development team was assigned with Root Cause Analysis (RCA) and implementation of emergency action protocol; the WatchDog Team undertook forensic investigations, active tracking tools deployment, and liaising with CEXs, Mixers, and Token Issuers for effective and rapid-quick communication; Community Relations fell under the purview of the core PR and Marketing team, whilst a dedicated mix of team leads as well as our in-house attorney managed coordination with law enforcement.

To mitigate any possibility of continuous breaches, announcements requesting the public were issued along with front-end adjustments made in order to dissuade users from interacting with our SSIP and SSRP pools (these contracts could not be paused, as the exploiter’s wallet currently held owner perms).

(However, if you did interact with the pools in the duration between the exploit and the alerts being sent out, kindly open a Discord ticket, and we will consider your case for the compensation plan).

We have since also disabled policy sales on our policyController, which will essentially prevent unknowing policy buyers from buying policies via our integration partners.

Additionally, we also established communication directly with the exploiter via on-chain messaging in an effort to work out a mutually beneficial solution — an offering of 15% of the misplaced funds as a bounty were offered, in exchange for return of the rest of the amount, and the promise of no investigations or legal pursuits made against the exploiter.

[Transcripts of the entire conversation can be found at the end of this article. As of yet, no such solution has been accepted by the exploiter; if s/he wishes to re-negotiate, we’d (mostly) be willing to be contacted on-chain, or at contact@unore.io].

DETAILS OF LOSS:

A detailed on-chain report of the fund flow on Ethereum and Binance Smart Chain (BSC) contracts post-breach, along with a few other relevant transactions, is given below:

  1. Example of Ownership transfer to attacker-controlled EOA 0x9ada20B835Aa178813A8C174F1F93B1dc1BFA775:

https://etherscan.io/tx/0xad359d43602988dcf84ecd27828ac34680df5573eb61f0889ef66e56ab43fc44

  1. Example of setting malicious claims assessor using setClaimAssessor() to EOA 0x9ada20B835Aa178813A8C174F1F93B1dc1BFA775:

https://etherscan.io/tx/0x7f87101d1dd014502c363adc09f0a754453d59257fcf8782f7f5909f749b20fd)

The above set of transactions were replicated in a similar fashion on all our SSIP and SSRP pools, linked on both ETH and BSC, to our capacity controller — allowing the exploiter to get access to 99% of the pool funds.

Flow of Misappropriated funds on Ethereum Contracts:

  1. UNO Tokens: Transaction Proof 1, Transaction Proof 2
  2. Uno Re: Selene Pool: Transaction Proof
  3. UNO_SSRP: Transaction Proof 1, Transaction Proof 2
  4. UNO_SSIP: Transaction Proof

The attacker then proceeded to sell all the misappropriated UNO tokens via Uniswap v2.

  1. USDT- SSIP: Transaction Proof
  2. USDC-SSIP: Transaction Proof
  3. USDC SSIP Rewarder: Transaction Proof

Flow of Misappropriated funds on BSC Contracts:

  1. Transfer of UNO tokens to exploiter’s intermediary wallet
  2. The attacker then proceeded to sell nearly all stolen UNO tokens exploit via Pancakeswap in various transactions; here’s one example.
  3. Transfer of ETH and stablecoins to attackers destination wallet
  4. Transfer of UNO tokens from UNO-SSIP to attacker address
  5. Transfer of USDT tokens from USDC-SSIP to attacker address

TL;DR, post the exploitation of the contracts and extraction of funds, almost all of the $UNO tokens were sold via Uniswap and Pancakeswap with the maximum allowed slippage, causing a massive crash of the token’s price on November 14th, around 16:00 UTC.

Some tokens from the proceeds of the exploitation were also moved to CEXs by the exploiter. The basket of stolen funds that the attacker now had (ETH, BNB, USDC, USDT, and more — on multiple networks) were then further put into mixers, transferred across more chains, and swapped and split multiple times with the purpose of obfuscating our insistent and avid tracking-and-freezing effort.

(At this time, we’re only able to report that these efforts in fund recovery is where we’ve had most success; unfortunately, due to it being an active and ongoing investigation involving not just internal Uno Re experts but also other freelance security service providers, OSINT specialists, private on-chain investigators within the space, as well as law enforcement authorities, at this time, these are all the details we can share).

FORENSIC INVESTIGATION:

As mentioned above, we’ve assembled a team — comprised of internal Uno Re experts, other freelance security service providers, OSINT specialists, private on-chain investigators within the space, and more.

Despite the ongoing inquiries — legal and otherwise — our primary focus remains the freezing and subsequent recovery of 100% of the stolen funds. The efforts to do so mentioned above are still ongoing, and avidly.

Upon forensic analysis of the accounts associated with the perpetrator, it becomes apparent that the present attack constitutes a mere fraction of a more extensive operation. This elaborate operation appears to target numerous developers and deployer accounts, with notable instances including the DareNFT and LunaFi attacks.

There is also speculation amongst the investigative teams that the PK compromise occurred earlier than the incident; the exploiter could’ve simply been waiting for an opportune moment to extract maximum value from the crime. Unfortunately, this is all that we’re able to share for now, without hindering the ongoing investigations..however, we’re eager to share more as soon as possible.

THE RENEWED ROAD AHEAD:

We messed up — our decided act of contrition is to work tirelessly to course-correct, restore faith (and funds), and remind you of this protocol’s future plans.

We acknowledge that our outdated OpSec measures and contract configurations led to this incident, for which we apologize; this incident has been a severe wake-up call to never put off filling our own cup as we continue to secure and protect other protocols and users within Web3.

The incident has also underscored the need for more comprehensive security beyond smart contract audits — thorough audits of OpSec. This will now become part of the Watchdog arsenal.

In addition, here’s some measures we’re taking ourselves:

FUTURE PREVENTATIVE MEASURES:

In terms of our protocol core contracts, we’ll be making a couple of changes to our V2 core protocol contracts including:

  1. Removal of permissions for the owner from being able to manipulate claims assessor’s roles; we will also be removing any/all withdrawal and setWithdrawTo functions from the contract/s.
  2. A separate Guardian multi-sig will be set up to handle certain cases like emergency protocol pausing/freezing.
  3. Implement proxy design for all core contractions with emergency actions controlled by a separate voting contract controlled via votes from veUNO holders.
  4. Provision the ability to achieve 100% decentralization for contract upgrades, being controlled by our currently established DAO members (veUNO holders). This will ensure changes cannot be executed unilaterally in the contracts without approval by existing DAO.
  5. Transitioning the claims assessment and policy claims function execution to decentralized oracle services like UMA, along with an additional dispute resolution layer.
  6. Monitoring and tracking tools to be set up on existing withdrawRequests on insurance vaults, which checks to ensure that malicious withdrawals are not happening and the ability to switch to timelocks for significant withdrawal requests.
  7. Implementing vesting contracts for $UNO token major holding wallets, with claims only authorized from verified multi-sigs allocated to each tranche per our tokenomics.

The UNO core team has always had these plans to transition a lot more of the protocol controls to our existing DAO members as per our veUNO launch docs; however, we chose chose in order prioritize UNO V3 development, which by design was meant to be fully decentralized, unlike v2 which required operational interventions (managing vaults, products, emergency actions, filling up rewarders, etc). We realize this is our mistake; in no way is this excuse, and we will further strive to achieve more transparency and actions in this regard.

We are currently exploring a comprehensive security monitoring solution to be set-up on our contracts as well as the implementation of a time-locked circuit breaker (EIP-7265) However, the ability to control these timelocks comes at a risk of sacrificing decentralization; potential implementation notes will be shared and voted on by DAO members before implementation.

The current plan is to redeploy V2 (with the aforementioned measures applied) and make all LPs whole, and implement DAO structure to govern upgrades. Simultaneously, we’ll build V3 in the background and then plan a DAO-approved migration from V2 to V3 for all capital.

We are considering and discussing potential third-party audits to scrutinize the code base for hidden vulnerabilities — smart contract audits, economic audits, OpSec audits, and more.

We will also be enabling an enhanced bug bounty program (2.5x the current bounty payouts table) with a higher level of inclusion set to account for Opsec vulnerabilities.

Although the protocol tokenomics allows for Reinsurance capacity, we will also be additionally getting SCV coverage with our partners in DeFi coverage space for our users, which will be baked into their deposits in the vaults (Embedded Insurance).

This has been an awakening for us; we cannot afford to understate the importance of security in our operations since it directly affects the trust that users have in us. The lessons learned from this exploitation will be invaluable in strengthening and fortifying our defenses. Together with the community and security experts, we are stringently working to prevent the recurrence of such events and working to minimize the losses.

RECOMPENSATION OF LPs:

As our team continues to work towards recovering the misplaced assets, cooperating with law enforcement agencies and coordinating closely with CEXs to immobilize any unlawfully appropriated funds, we acknowledge that our LPs cannot be expected to wait this long to be made whole, 1:1.

With this plan, we’re also taking into account the fact that UNO DAO must continue on its path to making Web3 a safer place, and that we must ensure a healthy $UNO economy.

A detailed proposal on how we plan to satisfy all three of the aforementioned criteria without offsetting any of them will soon be posted on our DAO Forum.

The proposal will also include further details of how we plan to administer this restoration to our LPs.

We appreciate all the grace and patience you’ve shown us so far; we can’t even begin to show our gratitude for your support.

We’re excited to keep working at 2x, with renewed vigor, and of course, polished security in place; we hope you come along for the ride.

Uno Re

Transcript of Comms with the miscreant so far:

UNO RE :

To whomever it concerns: We’ve frozen your accounts on multiple CEXs; there’s more incoming.

We’d like to offer you 15% of the misplaced funds as a bounty and will make no effort whatsoever to disclose your identity or pursue any legal actions against you.

You may send the proceeds of the security exploit including swapped funds and token balances in UNO, USDC, USDT and ETH back to our address : 0xb782425E27A88921189a05bE7199748DdbDB71bf

If you’re willing to engage with us, you may send us an on-chain message or contact us at contact@unore.io — we’re always happy to have a chat.

We shall wait for a duration of 24 hours before proceeding with a legal course of action with law enforcements. — — Message sent with https://notifi.xyz

https://bscscan.com/tx/0xcf12549d192bf0214272329b7024d5e3553a249ed882fdab4ae06d166738bf6f

MISCREANT:

Hello, I understand your words.

I will suggest one way.

If you can un-frozen my accounts, I will follow your words.

I will wait your reply.

Thank you.

https://etherscan.io/tx/0x2af3253505f8c39430d26d0c5084a959d0c605e9b27a4f6d8e2330a9c7981ab9

MISCREANT:

My accounts are still frozen on CEXs. I will send 10% of the funds immediately right after my accounts are activated again. We can discuss further things after the first trial. Regards.

https://etherscan.io/tx/0x0acdad46f954854acf66f4fc84be2e9ccd3b451139106beaf5b50a7d350f1bc5

About Uno Re

Uno Re is building a fully secure decentralized insurance ecosystem to serve our institutional and individual clients. Despite daily heavy losses incurred by DeFi exploits, our clients can rest easy with our customizable, affordable, and convenient coverage.

Our insurance platform has sold more than $10 million in coverage across various crypto protocols and has more than $4.4 million in an active on-chain capacity, with risk underwritten for over 85 different protocols and six stablecoins on our B2C Insurance Sales dApp — The Cover Portal.

--

--

Uno.Reinsure

Written by Uno.Reinsure

499 Followers

Safeguarding your crypto assets and your DeFi journey.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams