TL;DR
- Truflation confirmed a malware attack that resulted in the theft of approximately $4.6 million in TRUF tokens.
- The project temporarily suspended its staking service and is working with experts and authorities to track down the attackers.
- The platform assured that customer funds were not compromised and warned about scammers trying to exploit the situation.
Truflation, a blockchain project backed by Coinbase Ventures, confirmed that it was the victim of a malware attack on September 25, 2024.
The incident was detected when the team noticed unusual activity in their systems, which led to a quick response to protect the funds. Investigations are still ongoing. Although the total amount compromised was not disclosed, security firm Cyvers reported that the attackers managed to steal approximately $4.6 million in TRUF tokens.
On September 25th, 2024, the Truflation team detected some abnormal activity. An attacker launched an attack using malware.
We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement. The…
— Truflation (@truflation) September 25, 2024
The attack allowed hackers to take control of Truflation’s safe address. Leading to the loss of funds from both the project’s multisig treasury and personal wallets. A blockchain investigator known as ZachXBT also confirmed this attack. Estimating the losses at around $5 million, including various cryptocurrencies such as Ethereum (ETH), Dai (DAI), and Binance Coin (BNB).
The CEO of Truflation Was Also a Victim of the Hack
In response to the attack, Truflation temporarily suspended its staking service as a precautionary measure to ensure the safety of the remaining assets. Additionally, the platform offered a reward to security experts who could help track down the attackers or recover the stolen funds. The team is closely collaborating with industry partners and law enforcement to clarify the situation and safeguard the remaining assets.
Truflation assured that customer funds had not been compromised, according to a message posted on their social media. The company’s CEO, Stefan Rust, explained in a video that the malware was injected into the team’s computers. Likely during the Token2049 event in Singapore. This access allowed the attackers to breach the project’s treasury wallets.
Rust also noted that his personal account was hacked and warned users about scammers attempting to take advantage of the situation. These individuals are pretending to be members of the Truflation team. Asking users to send their TRUF tokens with the promise of burning them. Something the team completely denied.