ETERBASE Hack
Incident Overview
ETERBASE hot wallets were compromised, stolen funds were moved to the following addresses:
ETH Address: 0x7860F7b2…781aD9
TRX Address: TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna
XTZ Address: tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc
BTC Address: 1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c
ALGO Address: PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI
XRP Address: rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX
Stolen funds were withdrawn to centralized exchanges wallets of Binance, Huobi, HitBTC. "Due to the fact that Eterbase has lost several important partners and financial providers, we are unfortunately forced to stop temporarily all our operations beginning April 19th 2021. Please, withdraw all your funds immediately.EBASE claims will be converted to EUR claims." - ETERBASE stated on April 8:
https://twitter.com/ETERBASE/status/1380191015915679750
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to ETERBASE, these are the critical security checks that could have prevented this incident (September 2020).
- Verify all logic paths related to Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialSecurity Audit History
- Audit Report 1 Report
Related Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
- 01
-
02
Source 2 https://t.me/eterbasenews/639
- 03
Learn to Prevent the Next ETERBASE
The ETERBASE hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.