It has been revealed that the main target of the attack was an employee of the Fantom Foundation.
The Fantom Foundation, a non-profit organization that supports the Fantom blockchain network, suffered a data breach apparently, due to a zero-day security vulnerability in Google Chrome.
Apparently, the attackers were able to exploit the flaw to steal the private keys to the Fantom Foundation’s wallets, which allowed them to steal over $550,000 in cryptocurrency. This was confirmed by the Foundation on its official Twitter (Now X) account, though the incident is still under investigation for a definitive conclusion.
While information regarding the hack is scarce, discussions among users on The Fantom Foundation’s Telegram channel suggest that the exploited zero-day vulnerability may be related to a heap buffer overflow vulnerability within Google Chrome’s WebP format, assigned a high 8.8 CVSS score (CVE-2023-4863). This vulnerability enables a remote attacker to execute an out-of-bounds memory write through a specially crafted HTML page.
According to the Fantom Foundation, only a small number of wallets were compromised and the significant majority of Fantom Foundation funds (more than 99%) were unaffected and remain secure. It was also disclosed that the primary target of the attack was an employee of the Foundation.
“A Fantom employee’s personal wallets were compromised. Some of these impacted wallets were labelled “Foundation Wallets”, but they were no longer being utilized by the organization and had been reassigned to a Fantom employee, making this a targeted personal attack. The funds lost by the employee are currently being tracked and investigated.”The Fantom Foundation
On the other hand, Crypto and Blockchain security firm CertiK has also confirmed the data breach by tweeting that “Fantom Foundation wallets have been drained on Ethereum and Fantom. So far we can confirm that Fantom: Foundation Wallet 20 lost ~$470k on FTM and Fantom: Foundation Wallet 18 lost at least ~$187k on ETH.“
The Fantom Foundation has stated that it is working with authorities to investigate the attack. The foundation has also advised its users to update their Google Chrome browsers to the latest version.
The Fantom Foundation data breach is a reminder of the importance of employee cybersecurity training, regular software updates, and strong security measures to safeguard data. It also highlights the inherent risks in cryptocurrency usage.
What is a zero-day vulnerability?
A zero-day vulnerability is a security flaw that is not yet known to the software vendor or the security community. Attackers often exploit zero-day vulnerabilities to launch attacks before the vendor has a chance to patch the vulnerability.
How to protect yourself from zero-day vulnerabilities
The best way to protect yourself from zero-day vulnerabilities is to keep your software up to date. Software vendors regularly release security updates that patch known vulnerabilities. It is important to install these updates as soon as they are released.
You can also use security software, such as antivirus software and a firewall, to protect your computer from attack. Security software can help detect and block malicious activity, even exploiting a zero-day vulnerability.
Finally, it is important to be careful about what websites you visit and what attachments you open. Attackers often use malicious websites and attachments to exploit zero-day vulnerabilities. If you are unsure about a website or attachment, it is best to err on the side of caution and avoid it.
- Zero-Day Exploit Threatens 200,000 WordPress Websites
- Critical Chrome Update Counters Spyware Vendor’s Exploits
- US Police Recover $3M Stolen by Pakistani Crypto Scammers
- Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware
- Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group