In a blog post, the foundation said one of its wallets, containing 10 million of the Fusion Network’s native FSN tokens and 3.5 million ERC-20 FSN tokens had been drained Saturday. The thief’s haul was worth an estimated $3.75 million as of press time.
Millions of tokens have been stolen from the Fusion Foundation, the non-profit tasked with maintaining the network of the same name.
The Fusion Foundation went on to suggest it may have been an inside job, writing:
“There is uncertain evidence showing that theft may have been caused by personnel related to the Fusion Foundation.”
The Fusion Foundation launched its mainnet last summer and has been migrating FSN tokens away from the ERC-20 standard. The interoperability platform aims to bring legacy financial institutions to the blockchain, by facilitating the transfer of stablecoins and other digital assets.
In an interview with CoinDesk, Chief Product Officer John Liu said the foundation has a good understanding of not only who the hacker is but how to de-monetize their loot.
“This is not a newbie hacker. This criminal has been preparing this in advance,” Liu said via phone Monday. “He was well prepared to implement this.”
Liu said the Foundation has been tracking the whereabouts of the coins and working to isolate them. To date, most of the stolen funds have gone through exchanges Bitmax and Hotbit. According to the foundation’s blog post, crypto exchanges OKEX, Huobi, Bitmax, Citex and Hotbit have stopped accepting deposits and transfers of FSN.
As Liu told CoinDesk, the foundation’s methods for isolating the hacker’s funds can not be disclosed until later. With about 25 percent of the Fusion Network’s coins having been stolen, a lot is on the line.
According to data provider Messari, FSN’s current market supply stands roughly 59 million with a market capitalization of $9.5 million as of press time.
Hacker Returns Ethereum Domains Obtained in Auction Bug
The hacker who stole 17 Ethereum domain names during the Ethereum Name Service’s (ENS) auction decided to return them all.
The promise of hefty compensation
On Oct. 4, digital-collectibles marketplace OpenSea said that all of the stolen ENS names were returned successfully and that bidding on domain names will restart again in the coming weeks.
In the beginning of September, the ENS bidding process was exploited by a hacker who managed to steal 17 domain names for lower bids than other users placed. OpenSea, who ran the auction, explained that a bug distributed ENS domains to participants who did not hold the highest bid.
The stolen domain names, which included apple.eth, defi.eth, wallet.eth, and pay.eth were all blacklisted and the hacker was promised an attractive offer for returning the domain names. OpenSea said:
“We appreciate the work you’ve done exposing vulnerabilities in the auction system. […] To compensate for the work you’ve done to expose these vulnerabilities, we’re prepared to offer you 25% of the winning bid price of each name you return. We’ll also refund your purchase price.”
One domain, coffeshop.eth, has already received a bid of 100 wrapped Ether (WETH), worth around $14,000 at press time.
Australian hacker stole $450,000 in XRP last year
Cointelegraph previously reported that Australian citizen Katherine Nguyen pleaded guilty to stealing $450,000 in XRP in January 2018. She hacked into the email account of a man with the exact same last name and proceeded to steal all of his XRP, before unlocking his account two days later. Cybercrime squad Commander Arthur Katsogiannis said at the time:
“It’s a very significant crime and it’s the first we know of its type in Australia where an individual has been arrested and charged for the technology-enabled theft of cryptocurrency.”