$5 000 000 USD





"A Decentralized Financial Gateway" "EOS Based. Efficient, instant transaction, more diversified." "Decentralized Trading. No registration, no deposit/withdraw." "Trusted Transaction. On-chain, transparent and traceable." "PIZZA smart contract audit by SlowMist & PeckShield"


"eCurve was launched by the DAD DAO proposal number 64 as an Ethereum port of Curve. Ethereum uses unsigned parameters for this action and as a result does not require a positive value check on the EVM side." "The DAD DAO decided not to audit the code due to a lack of consensus on the DAO funds to be spent for eCurve. Previously the DAD DAO contracts were audited by Sentnl and no critical issues were found. The community debated many times whether to audit the remaining code but due to a lack of available funds and consensus, the DAO did not go ahead with the audit."


"On December 8, 2021, eCurve, a DAPP deployed on EOS was attacked." "12/8, 8pm, hacker itsspiderman used exploit in eCurve to mint infinite Tripool tokens and deposit as collateral in PIZZA platform, drained all valuable assets." "The hacker attacked eCurve and minted infinite LP tokens called TRIPOOL. Beside using the TRIPOOL tokens to withdraw all liquidity in target eCurve pools, the hacker also collateralized them in PIZZA Lend, and borrowed all tokens with value." "PIZZA losses $5 millions worth of tokens. We are working with slowmist, BPs, and other projects to manage to retrieve." "By using a large number of Tripool tokens, the hacker was able to open over-collateralized positions and drain real valuable assets and withdraw them to his or her own wallet. The lost tokens are valued at $5 million."


"The eCurve hack revolved around not requiring a positive balance of stable coins to be passed to the ecurve3pool1 contract. This issue existed in tandem with only requiring that positive amounts trigger an inline action for a transfer of a stable coin." "The hack begins with the attacker depositing USDC/DAI/USDT to receive an initial TRIPOOL balance." "This TRIPOOL balance is then transferred back to the ecurve3pool1 contract which is immediately followed by a call to the withdrawimbl action. In this action, a negative amount is passed for 1 of the 3 stable coins which as stated previously does not trigger an associated inline transfer which would have failed."


"The attacker made a deposit of 3.66853 USDCs, 3.669928 DAIs, and 55.1576 USDTs to ecurve3pool1 and obtained 62.103274 TRIPOOL tokens. The attacker converted 46.205931 TRIPOOL tokens to 248 DAIs and 248 USDCs. Bugs that existed in the implementation of staking and withdrawal were exploited by the attacker."


"The attacker repeatedly staked and withdrew USDCs and DAIs and eventually staked 900,000 DAIs and 900,000 USDCs. The attacker withdrew 900,000 DAIs and 900,000 USDCs, obtained 28.22 million TRIPOOL tokens and cashed out the TRIPOOL tokens. The attacker cashed out 14.72 million TRIPOOL tokens to 20,000 USDCs, 1.05 million DAIs and 1.85 million USDTs. The attacker converted 1.50 million TRIPOOL tokens to 134,000 USNs in eCurve’s USN pool. The attacker staked 12 million TRIPOOL tokens to the Pizza application as collateral and borrowed 330,000 EOSs, 130,000 DFSs, 3,933 BOXs, 1655 YFCs, 35900 TAGs, 660,000 USDTs, 78.81 million TPTs, 454,000 KEYs, 10.55 million DAPPs, 3.5679 PBTCs, 4.61 million CHEXs, 1.24 million OGXs, 39.629223 ETHs, 0.4584 USNs, 1.99 million USDCs, 8.79 million IQs, 1.374 BTCs, 2.07 million USDBs, 520,000 OUSDs, 2346 BOXAIs, and 0.6914 PETHs. The total exploited assets were valued at around 10 million USDs."


"The stable coins appear to be rotated so as to not deplete the contract of one stable coin before the hack may be completed. The result of passing this negative amount allows the hacker to receive a return of TRIPOOL as well as the positive stable coins. The limit on how many stable coins that can be entered is dictated by the TRIPOOL amount." "[T]here is no positive balance check for the minamounts parameter. What we do see is a check to ensure that the asset exists in the tokeninfo2 table and that the symbol matches." "The hacker then repeats this process of depositing the received stable coins, receiving more TRIPOOL tokens, then using those TRIPOOL tokens to withdraw larger and larger amounts of stable coins until the contract is depleted of all stable coins."


"One validation check that would have saved the contract would have been the addition of a positive balance check as well as a validity check (as seen in the eosio.token smart contract)." "Another would have been to assert if a non-positive balance was sent."


"The hacker then deposited 12,000,000 TRIPOOL for collateral to pizza for a massive loan which yielded 331,044.7153 EOS as well as several other tokens. Some of these tokens were converted to EOS as well. The hacker created 1.4M EOS accounts. RAM used to create EOS accounts is not recoverable."


"We received the alert and immediately verified that a hack incident has just happened. The first reaction was to contact both the eCurve team and the producing block producers. Confirm the hack and find out the basic cause of it. Confirm the hacker accounts, especially the ones that store the stolen tokens. Contact with the top 21 BPs, host a zoom call that the BPs can join (so you can explain to them what happens, provide them with on-chain evidences and how you want them to help)."


"The token recovering is unprecedented tough, we are trying the best and will update with the community if there is any progress." "The classic way of dealing with hacking incidents since 2018 was to ask all 21 BPs to blacklist the target hacker accounts. If all 21 BPs ban the target accounts, the transactions from the target accounts will all be rejected. And the problem is it’s almost impossible to ask all 21 BPs to keep the black list."


"We took both approaches but made the second one our main direction, because as mentioned above, it’s almost impossible to get all 21 BPs to add certain accounts to a blacklist. From 9pm to 00:30, it took three and half hours to actually draft the proposal that could limit the target accounts’ actions. In order to make it happens, it requires 15/21 approvals from the producing BPs. All BPs were being extremely helpful, we spent one more hour to explain and review the ongoing situation and the proposal itself. At 01:47 am, eventually, we got the approvals from 15 block producers (check the image below for a detailed list)."


"However, the hacker created 1.37 millions EOS accounts over the past 4 and half hours and sent 98% of the stolen tokens to these accounts. In average each account got around $6~7. Also, as a revenge for the PIZZA team to call the BPs, the hacker airdropped many tokens to random accounts. So basically here was a “you call the cop and the robbers kill several hostage as a warning” situation."


"[W]ell, some accounts were not so random, “gaotiancheng ” for example, this account was created right bef\ore his huge airdrop, with suspicious initial EOS transaction and suspicious KYC info in both Huobi and Alipay. However, in the next day we managed to collect the list of the 1.37 millions hacker accounts, we didn’t include the “gaotiancheng” because 100% confirmed."


"12/11, continued to verify the target accounts, tested the proposal. Contact with BPs and provided them with review methods. Set target action time to 12/12 night. 12/11 Midnight, the hacker asked for $3 millions ransom and threat to send all stolen funds to normal users if BPs attempt to restrict his accounts."


"12/12, 2 am, fight or flight. Evaluated the cost of resource the hacker had to take to transfer all tokens. Decided to bring the plan forward. Set target action time to 12/12, 10 am. Contacted all 21 BPs. 12/12, 10:30 am, proposal voting started. 12/12, noon, hacker saw the proposal and threaten to send all tokens to normal accounts. 12/12. afternoon, negotiations. Between PIZZA and hack, and also among the BPs. 12/12, 4 pm, 15 approvals received. Hacker agree with the $500K ransom."


"Exchanged 500K DAI with itsspiderman's 1.37 millions accounts. We also asked for a temporary access to the active permissions of both "itsspiderma1" and "itsspiderman", in order to make clearing more efficient. We will return these two keys back to Mr.Spider when things settles."


"Under this circumstances, we snapshot the current prices of the target tokens, and will compensate the depositors with equivalent USDT tokens. Snapshot time: 12/15, 08:15pm, UTC+8. Thank you." "Regathering tokens from a millions accounts back to one account is 10x more difficult than sending them from one account to one million accounts. Damaging is always easier than building/fixing."


"12/23, all services on PIZZA Lend Resumed. PIZZA started to work with ENF to design a recovering framework to provide a more convenient and standardized process to resolve similar incidents in the future." "After this hack, PIZZA will only open a very limited list of collaterals. The truth is that we have too many collateral choices that really qualifies, and this is obviously not an excuse to set a lower standard."


"There is also a patch that introduces a lending cap to the PIZZA platform, it will filter out most of the unexpected extreme price movements or infinite inflated tokens like what’s in this eCurve hack. In the end, there will also be a new ENF working group: Recover+. PIZZA team will work with the EOS network foundation to design a crisis management framework to help EOS projects coping with hacking incidents. The phase one work is expected to be done by the end of April."


"We are minting a NFT series to honor this great recovering. The NFT is for all parties who help to get back the money. Including those who voluntarily return the lost tokens. Leave comment if you have any ideas or suggestions. Thank you!"


"Thanks everyone who help in this incident, without your kindly support PIZZA might have just been crashed and never be able to continue contribute like it was. We can’t thank you more enough, it’s only hard work and contribution to the community can repay the debts we owe you. Let’s together go for a better future."

Pizza DeFi includes an EOS lending platform which was vulnerable and targeted by hackers. The way the EOS network works, it's possible for block producers to vote to freeze accounts or return funds. However, the hacker moved the funds to 1.37M different accounts, and threatened to send all the funds to normal accounts if a $3m bounty was not paid. Through negotiations, a $500k bounty was agreed upon, and the rest of the funds were returned.


The Pizza DeFi algorithm was audited by both Peckshield and SlowMist. However, smart contract hot wallets can still contain problems even with multiple audits. For this reason, it's recommended to limit the funds which are online in hot wallets, and store the majority of funds in offline multi-signature setups. Once a protocol has enough confidence, more funds can be placed online, backed by self insurance, industry insurance, or smart contract insurance underwriters.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.