Truflation Hack Clearinghouse
UPDATE 4
5:00 PM Coordinated Universal Time (UTC) Wednesday, October 23, 2024
Attack Overview and Next Steps
No user funds have ever been compromised.
The Truflation team and trusted third parties have been closely tracking the on-chain movements of the hacker’s wallets, blacklisting all affiliated accounts. The attacker exchanged 1.37 million DAI for 500 ETH, which was then transferred to the eXch exchange. While the scale of the attack is significant, again, no user funds were compromised.
We are actively collaborating with law enforcement agencies and conducting a thorough system analysis to bolster operational security across our platform. A detailed post-mortem report will be published soon, offering full transparency regarding the incident.
Throughout, Truflation maintained open communication with the community. CEO Stefan Rust continues to address concerns directly via weekly Livestream AMA on X and YouTube. The team and Rust are doing that while launching new products and initiatives.
An official company update will be released on Monday, October 28th, 2024.
To repeat, although unfortunate the attack does not affect our ongoing development, including product updates, new features, and mainnet launch of the TRUF Network.
Be sure to tune-in to the Truflation Livestream AMA every Tuesday and Thursday at 12pm EST on X and YouTube.
We are deeply grateful for the overwhelming support from the Truflation Nation, our whitehats, partners, and community members. Their expertise and solidarity have been invaluable, and we’re committed to emerging from this stronger than ever.
__
UPDATE 3
5:00 PM Coordinated Universal Time (UTC) Sunday, September 29, 2024
Deadline passed.
The $500,000 Bounty is now open to the public. Truflation is working with the industry's top cyber security firm, and international law enforcement is engaged, active.
No user funds were compromised. We will never ask you to 'revoke' your tokens or for access to your wallet. Beware of fakes particularly on social media such as X and Telegram, mirroring Truflation with subtle changes in their handles (i.e. Trufaltion).
We are offering a $500,000 bounty (or reward) for the return of the stolen funds, identity of the hacker(s), and criminal conviction. We have sourced the majority of the stolen funds to this address:
0xb1cf7880351e6d16313c03a6686b4c8a5ba6372a
Contact Truflation: security@truflation.com and/or info@truflation.com
All stakeholders have been alerted and are continually updated.
The attack does not impact Truflation’s ongoing development nor our plans to roll out new features, new indices, our mainnet, or the Truflation Stream Network.
We’re deeply grateful to Truflation Nation, our community members, whitehats, and partners who have rallied behind us with unwavering support and expertise.
We are already stronger, more resilient, and more committed than ever.
__
UPDATE 2
$500,000 Bounty Update
Dear Community,
Hacker Status: As of now, the hacker has not reached out. We’ve filed a police report with the authorities and will continue to pursue all necessary actions.
Immediate Action: We’re closely monitoring the situation and have swiftly implemented all measures to protect against further breaches. No user funds were compromised.
We are offering a $500,000 bounty (or reward) for the return of the stolen funds.
If no contact is made by September 28th at 0800 UTC, we will expand the bounty to the public.
We will then offer the full $500,000 bounty to the person who can identify the hacker in a way that leads to a conviction in the courts.
We have sourced the majority of the stolen funds to this address:
0xb1cf7880351e6d16313c03a6686b4c8a5ba6372a
Stakeholders Alerted: Law enforcement is involved, and we’re collaborating with leading industry partners to further investigate and clarify the incident.
The attack does not impact Truflation’s ongoing development or our plans to roll out new features, new indices, our mainnet, and the Truflation Stream Network.
We’re deeply grateful to Truflation Nation, our community members, whitehats, and partners who have rallied behind us with unwavering support and expertise.
We’ll come out of this stronger, more resilient, and more committed than ever.
__
UPDATE 1
$500,000 BOUNTY
Dear Community,
We posted this message on-chain to the hacker:
https://etherscan.io/tx/0xe3c7263cada26c510f5015b7fe63ed672ff17e3fbef89c8fcd10bd342b2e7552
In light of recent events, we are offering a $500,000 bounty (or reward) for the return of the stolen funds.
If no contact is made by September 28th at 0800 UTC, we will expand the bounty to the public.
⭐️We will then offer the full $500,000 bounty to the person who can identify the hacker in a way that leads to a conviction in the courts.
While this incident is regrettable, it does not impact Truflation’s ongoing development or our ability to roll out forthcoming features, including new indices, the mainnet launch, and the Truflation Stream Network.
If you have questions, please come to our live AMA today with CEO, Stefan Rust, at 12pm EST on X and YouTube.
We’re deeply grateful to the Truflation Nation, community members, whitehats, and partners who have rallied behind us with their support, time, and expertise.
No one wants to face a challenge like this, but it’s the strength of our community that sets us apart. We may have been bruised, but we are far from beaten. We’ll emerge from this stronger, more resilient, and more committed than ever.