Roll Wallet suffered a major security breach on the morning of 14th March, costing users millions of dollars. The hacker was able to sell off various personal tokens built using Roll’s service.
The Roll Network
Table of Contents
Roll mints branded digital tokens, unique to a user’s presence, allowing one to own, control and coordinate the value they create cross-platforms.
Ethereum wallets capable of making transactions from the Ethereum blockchain and within the Roll Network are also provided, one of which got hacked. A simple link-based system is operated to make sending and receiving social tokens as simple as sending a text.
The Hack
In the official report, the team at Roll mentioned that the hackers were able to steal all the tokens from the wallet and sell them on Uniswap for ETH. At the time of writing, it seems like the private keys were compromised, instead of a bug in the Roll smart contracts or any token contracts.
Social tokens, namely— WHALE, RARE, and PICA tanked more than 50% during the early hours, reported the data provider CoinGecko. Meanwhile, the RLY token of competing social money platform Rally spiked to all-time highs.
“Earlier today, the private keys to our hot wallet were compromised. We’re investigating this with our infrastructure provider, security engineers, and law enforcement. Additionally, we’re putting together a $500,000 fund for creators affected by this”, tweeted the network, confirming the attack.
Security incident detail can be accessed here shared by the team: https://tryroll.com/security-incident/
Highlights
- Roll, a hot wallet for crypto got hacked.
- Total value lost ~ $5.7M
- The network’s private keys were compromised
- A fund of $50k is put together for refunding the losses
For now, we know that it wasn’t a bug that led to this hack but you never know. We hope such incidents are effectively reduced but until then it’s on you to stay safe and choose wisely. Connect with the team at ImmuneBytes for all your solidity contract security.
About ImmuneBytes
We are a team of India-based security professionals who are skilled in their niche. Although a start-up, you’ll never have to compromise with anything from us. We strive to push forward and provide overall surveillance and quality service to our customers. Get in touch with us to get a security audit for your smart contract.