The Fantom Foundation finds itself contending with a significant breach that has cast a shadow over its blockchain networks.

Nefarious actors managed to execute unauthorised transfers of digital assets, collectively valued at an estimated $657,000.

pic.twitter.com/gShkT3C9XV
— Fantom Foundation (@FantomFDN) October 17, 2023
a

Of notable concern is the impact on both the Fantom and Ethereum networks, both of which are integral components of the Fantom Foundation's ecosystem.

This breach resulted in the depletion of more than 35 cryptocurrency wallets, and the reverberations of this incident were first brought to light through internal communications within the Fantom Foundation's community, notably on platforms such as Telegram.

Reports Of Fantom Foundation's Security Breach

It was the vigilance of users within the community that initially flagged these disconcerting developments.

A silver lining amidst the turmoil is the fact that the foundation's substantial assets, primarily safeguarded within cold wallets, remained untouched.

It is essential to clarify that the security breach did not compromise Fantom's network itself, but rather, the foundation's wallets were the target of this attack.

According to reports surfacing on Reddit, Fantom Foundation fell victim to what is known as a "zero-day" exploit within the Google Chrome web browser, resulting in the loss of a considerable sum of FTM tokens.

A screenshot purportedly from a Telegram conversation shared by a Fantom admin revealed the acknowledgment that "some" of their wallets were, indeed, "drained."

An administrator on Telegram wrote:

"There was zero day exploit on chrome because of that some of Fantom foundation wallet got drained. Fantom losses were in the hundreds of thousands of dollars and we are actively tracking the movements of lost funds."

Zero-Day Exploit or Private Key Theft?

A "zero-day" exploit, as its name suggests, is a vulnerability that remains unknown to the developer or their technical team, making it susceptible to exploitation until a patch is developed.

This characteristic elevates the gravity of such exploits, particularly for decentralised finance (DeFi) protocols whose infrastructure hinges upon secure software.

In the same screenshot shared on Reddit, a representative of Fantom Foundation disclosed that they had not updated their browser to the latest version.

Significantly, the latest Chrome browser update, version 118.0.5993.70, was released on 11 October.

The intrusion was officially corroborated by the blockchain security watchdog CertiK, although their confirmed figure for the compromised sum stands in contrast to community reports, which estimated the financial loss to be a relatively modest $657,000.

#CertiKSkynetAlert 🚨

Fantom Foundation wallets have been drained on Ethereum and Fantom

So far we can confirm:

Fantom: Foundation Wallet 20 lost ~$470k on FTM
Fantom: Foundation Wallet 18 lost at least ~$187k on ETH

We will continue to track https://t.co/KnyqgaO4CB<br/>— CertiK Alert (@CertiKAlert) October 17, 2023<br/> a

Deeper analysis of blockchain activities reveals the extent of the assailants' actions, as an entity operating under the pseudonym "Fake_Phishing188024" received various cryptocurrencies from the foundation's wallets.

The situation takes a darker turn when we examine the data, which indicates another transfer, this time involving over 1 million Fantom tokens moved from Wallet 20 of the foundation to an entity operating under the alias "Fake_Phishing32" on the Fantom network.

Such transactions are indicative of private key theft, a critical security compromise for any blockchain entity.

In a separate report by "Spreakaway" on X (formerly known as Twitter), it was alleged that a member of Fantom's team also incurred a substantial loss of $3.4 million.

Following the attack, Etherscan data indicates that the culprits consolidated the ill-gotten funds into a single account, which now holds a value of at least $7 million, composed of various coins.

This address has already been flagged and identified as a facilitator of multiple phishing campaigns targeting cryptocurrency and DeFi projects.

Currently, the funds lost are being actively tracked and investigated.