EasyFi Security Incident

EasyFi Network
Apr 23 · 7 min read

EASY HardFork & Tokenswap

Background

On Monday, 19th April 2021, malicious hackers under a well planned sophisticated attack, attacked the founder’s machine remotely to access mnemonic keys/admin keys and were able to drain protocol pools to the tune of $6 million of user’s deposits (from USDT/USDC/Matic/ETH/DAI markets).

The attacker was also able to affect the EASY token contract & other official contracts. Around 2.98 Million EASY were stolen from these contracts but were saved from selling on any major exchanges except a few on DEXes.

EasyFi is a multichain layer 2 protocol that operates on three blockchain networks, pool contracts on the Binance Smart chain remained unaffected by the incident.

The hacker used renBTC and WBTC to move the funds via the dark pool and remain untraced so far. We are working with forensics experts to see what’s possible, partners & teams to get deep insights on the hack and track the hacker but it’s a time-consuming exercise and we don’t want to keep our users waiting to learn more about their recovery of lost funds. Although we are unable to recover the lost funds, please be rest assured that we are fully committed to the best interest of our lending protocol users & community member.

We have drafted an interim compensation plan and are having a final round of discussions with stakeholders & partners. We shall share the same with our community and act accordingly.

$EASY is now $EZ

Team EasyFi has decided, as communicated earlier, to create a new token contract (EASY V2). EasyFi operates on three blockchain networks namely Polygon, Ethereum, and Binance smart chain so all addresses holding EASY as per the below details shall be credited with the new EASY V2 token accordingly.

After another round of consultations and suggestions from large exchanges, forensic agencies, stakeholders & partners, it has been decided that the #EasyFi token ticker will be changed from $EASY to $EZ after the hard fork.

👉 This change will be reflected on all 3 chains viz Polygon, Ethereum and BSC.

👉 The Total Supply will remain unchanged at 10 Million $EZ. The ratio of distribution as per plan will remain 1 $EASY : 1$EZ

👉 The new contract addresses for EASY V2 (Ticker:EZ) on ETH and BSC are as follows:

  • Ethereum: 0x00aba6fe5557de1a1d565658cbddddf7c710a1eb
  • BSC: 0x5512014efa6Cd57764Fa743756F7a6Ce3358cC83

👉 The EASY V2 token will hence be known and seen as $EZ on all exchanges (CEXs or DEXs), aggregators (e.g. CMC, CoinGecko) and wallets.

👉 We will also make all integrations with partner applications and on EasyFi as well in due course.

👉 Users please note that token swaps, when it gets started, will be done with the token id $EZ.

On-chain Transactions and Balances

Methodology

We have taken snapshots to obtain on-chain balances of user’s addresses. 1st snapshot before the incident happened and 2nd snapshot while there were considerable on-chain trading activities ongoing. The purpose of taking two different snapshots is to thoroughly assess the user addresses affected due to the attack and to calculate on-chain trading activities for a fair distribution of the new EASY V2 token.

We are constantly taking note of users’ feedback & grievances on all social media channels. Therefore, for the satisfaction of our community members, the team has decided to consider additional 24 Hours & 30 minutes from the time of hack to distribute the EASY V2 token EASY to all the users.

Ethereum:

Snapshot: Block height #12276665 dated Apr-20–2021 at 11:10 AM UTC

Polygon:

Snapshot: Block height #13497393 dated April-20–2021 at 11:10 AM UTC

Binance Smart Chain:

Snapshot: Block height #6729137 dated April-20–2021 at 11:10 AM UTC

Exchange activity

In the background, we are working with all exchanges to smoothen the process of the token swap by providing us wallet balances at a particular point in time. We requested them to halt trading activities and suspend deposits & withdrawal of EASY tokens but the final decision remains with exchanges. Nevertheless, while trading activity on some exchanges is still ongoing, the attacker has failed to move a significant amount of tokens to any exchange, so we have a fair reason to believe that all holders on exchanges will not be affected and will be swapped in the ratio of 1:1 with new EASY V2 tokens with same ticker $EASY. Therefore, a snapshot of user balance on these exchanges shall be done on a case to case basis as follows:

The exact time for EASY V2 token swap to be announced separately post receiving pending data & required confirmation from the exchanges.

For users of Category A & B exchanges this doesn’t affect the status quo till the time deposits & withdrawal remain suspended on these exchanges (please be informed) and the new EASY V2 token swap is completed.

Users of category C are again advised, as announced earlier, to STOP all trading activities viz buying & selling EASY on these exchanges as we are still awaiting appropriate response & data. We can only go ahead with token swap on these exchanges once we have the necessary information in hand.

Please DO NOT BUY/SELL/TRADE on these exchanges or any DECENTRALIZED EXCHANGES/AMMs till further information.

After the announcement of EASY V2 token swap completion, respective exchanges shall credit user accounts in the ratio of 1 $EASY = 1 $EASY with new token contract EASY V2 as per the schedule mentioned above, users don’t need to take any action.

We are thankful to our exchange partners for their cooperation during these difficult times and for acting promptly on our request.

DEXes

We observed that despite repeated announcements and requests to the community members, many continued trading activities over exchanges & DEXes. This makes it very difficult for us to decide on following the recourse plan. We had discussions internally to come up with a more precise and appropriate method to compensate liquidity providers on DEXes & AMMs.

The team has decided to be considerate about such holders & traders who bought & sold during this time. Therefore it is decided to consider additional 24 Hours & 30 minutes from the time of hack to distribute EASY V2 contract tokens with the same ticker EASY. All the on-chain holders of EASY as per the above snapshot shall be eligible for the new token in the ratio of 1:1 which means they will receive 1EASY against 1EASY.

Trading activity on DEXes for new EASY V2 contract token EASY to be only resumed once the token swap is completed.

Please DO NOT BUY/SELL/TRADE EASY on-chain on any DEX/AMM and similar platforms. Users shall be liable for their own loss till the EASY V2 token swap process is completed.

Please DO NOT buy EASY token from contract address: 0x913d8adf7ce6986a8cbfee5a54725d9eea4f0729

Liquidity providers on AMMs & DEXes

The users who have added liquidity to various pools on AMMs/DEXes on all three chains namely Ethereum, Polygon & Binance smart chain shall be credited with new token EASY in the ratio of 1:1 as per snapshot details mentioned above and in the proportion to their share in the respective pool ( percentage of LP share in the pool at the time of the snapshot).

Ongoing Incentivization Programs- Contracts & on Exchanges

We are aware of the fact that many users still have their staked or deposited EASY tokens in the ongoing incentivization program’s contracts like staking, farming, dual farming, liquidity farming & Access programs. We have taken a snapshot of such addresses and respective balances of accrued rewards as per the snapshot mentioned above.

We’ll release a detailed plan for such users once the hard fork & distribution of the new EASY V2 token is complete.

All details regarding the same to be announced in subsequent updates.

What’s next?

While we move ahead with the distribution plan of the new EASY V2 contract token with the same ticker EASY as per the details mentioned above. The next steps are as follows:

Token swap:

1. Minting of new token EASY V2 & subsequent mapping of the new token contract with all three chains, listed exchanges, and information aggregators like CMC, Coingecko.

2. EASY V2 token to be distributed to all users on the Ethereum network, Polygon & Binance smart chain network as per snapshot details mentioned above.

3. EASY V2 token to be distributed to all user’s addresses on respective exchanges on a case to case basis by the exchanges, as & when we have necessary data & information at hand.

4. EASY V2 token to be distributed to LPAs mentioned above.

Activities Post TokenSwap:

1. Compensation & distribution plan for users who lost their deposited assets/funds in EasyFi lending markets on the Polygon network.

2. Detailed post mortem report to be followed once ongoing investigations are over. We shall make all information, detailed technical & forensic analysis of the attack public once authorities and involved experts complete their report.

3. EasyFi reinstatement plan to be announced.

In the background, we are constantly working out to finalize compensation plan for users who deposited funds in the lending markets in the EasyFi lending protocol on the Polygon network. We are committed to leaving no stone unturned to win back the trust of our users and community members. We only need some time to devise an appropriate strategy & work with our partners.

We are very thankful for the overwhelming support from all corners of the ecosystem including partners, exchanges, community members, investors, media partners, advisors & experts. We value the support of our community members a lot and would urge them to keep doing the same. We shall do whatever possible to bring the project back into action which is only possible with your continued support.

As famously said, “what doesn’t kill you makes you stronger”, EasyFi shall rise from the ashes and reclaim the glory that has been lost in this unfortunate incident. We have learned our lesson the hard way. Indeed, new beginnings ahead.

EasyFi Network

Layer 2 Defi — Lending Protocol for Digital Assets

EasyFi Network

EasyFi is a Layer 2 DeFi Lending protocol for digital assets powered by Matic Network. Taking a strong community-oriented governance approach with $EZ

EasyFi Network

Written by

EasyFi is a Layer 2 DeFi Lending Protocol for Digital Assets. Focused on plugging various gaps in DeFi adoption, powered by the efficient Layer 2 Blockchains

EasyFi Network

EasyFi is a Layer 2 DeFi Lending protocol for digital assets powered by Matic Network. Taking a strong community-oriented governance approach with $EZ

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store