Case study #4: Conductor app helps a client to save over $200,000

Hackless Team
Hackless
Published in
3 min readAug 31, 2022

One more happy client with over $200,000 safely migrated from their compromised address. This is our third successful case study where we have helped an individual DeFi investor. The first case describes the rescue of $4,000 and the second one — $87,000 totalling over $290,000.

Context

The client previously invested in Frax Share (FXS) tokens which they later provided as liquidity on Uniswap and received LP tokens. The project allowed them to stake these LP tokens long-term for earning more rewards. The staking procedure looked like this — the client locked their LP tokens in the FXS smart contract and the proof of their stake was the address from which tokens were deposited. This client’s address was added to the project smart contract and according to FXS internal logic, the user could withdraw staked assets and earned rewards exclusively to this very address.

Problem

By the time the staked assets and rewards were ready to harvest, the client’s address had been compromised. The hacker stole their private key and added the address to constant bot monitoring. This bot was set to track all deposits and withdraw or burn all funds right away.

With the bot watching the address, the client had zero chance to withdraw a stake or transfer it to a safe address. In fact, the client couldn’t even deposit a minimum amount of ETH needed for performing these transactions.

Solution

TLTR: Conductor by Hackless. Since we detailed our last case study, we have managed to develop the first version of Conductor web application, which we have offered to our client to make use of. Let’s dig into the details.

Using our Conductor web app, the client:

  1. Created a bundle of nine transactions, consisting of:
  • Sending ETH for performing the following transactions.
  • Seven transactions to withdraw staked LP tokens to a compromised address (seven because the client staked tokens in parts).
  • Withdrawal of LP tokens from a compromised address to a new, safe address.

2. Simulated the bundle to make sure all transactions will be performed as planned and that at the end, the tokens will be sent to a safe address. As an added value, the client managed to significantly optimise their gas fees due to simulation capacity and the ability to create several unstake transactions.

3. Privately sent a previously created, simulated and signed bundle of nine transactions to Ethereum mainnet via flashbots. This resulted in the mining of the bundle in one block in stated order.

Result

Thanks to our Conductor web app, the client managed to safely migrate over $200,000. We’re excited that this time we could offer the client our user-friendly UI and that the flow turned out to be a smooth experience.

I was surprised at how straight-forward the app was. With some assistance from the Hackless team, I managed to create a transaction bundle and do what seemed impossible for me — migrate assets from a hacked address” — the client commented.

With over $290,000 already saved by Conductor, we keep working on our B2C solutions to arm everyone in the DeFi industry with reliable security tools.

Stay safe, stay Hackless!

Follow us on social media to receive timely news, and stay tuned:

⚡️ Website

⚡️ Twitter

⚡️ Telegram channel

⚡️ Telegram group

⚡️ LinkedIn

--

--

Hackless
Hackless

Published in Hackless

Hackless is a security protocol for EVM-compatible blockchain projects. The platform includes mempool tracking services, transactions and funds flows analysis models, tools for safe funds migrations, alerts systems, etc.

Hackless Team
Hackless Team

Written by Hackless Team

We are fortifying DeFi security for protocols and individuals. Shielding from hacks 24/7; MEV protection; staked assets rescue.

No responses yet