DeFi Dark Forest Adventure: This is how I recovered millions of dollars

Summary: The biggest problem is that the hacked wallet had pledged $1.2 million in ERC20 USDC stablecoins on a DeFi smart contract, and it was using a liquidity mining model (investing funds in different DeFi protocols to earn the maximum return).

The biggest problem is that the hacked wallet had pledged $1.2 million in ERC20 USDC stablecoins on a DeFi smart contract, and it was using a liquidity mining model (investing funds in different DeFi protocols to earn the maximum return).

01 The multi-million dollar cat lost in a quantum state

— Schrodinger's Cat

“Victor, are you there?”

At 8:27 PM in San Francisco, I received a text message from an investor friend of mine.

I frowned. Usually when I receive a call from a VC at night, it's either good news or bad news.

My hunch is that this is bad news:

“My friend’s Metamask (Ethereum wallet) was hacked. It was used to invest in DeFi projects and had millions of dollars in it.”

I responded: “Tell them to call me.”

A few minutes later, a number starting with "650" called. On the other end of the line, Catherine explained what happened in a trembling and anxious voice. She was a VC investor in San Francisco, and her Metamask wallet had just been hacked.

• At 9 pm that evening, I called an emergency meeting with Tomo and Ralph.

• A day ago, Catherine fell into a social engineering scam, which led to the theft of her Metamask Ethereum wallet and the leakage of her private key.

• The wallet was emptied and 4 ETH were transferred to the hacker's wallet.

• The biggest problem is that the hacked wallet had pledged $1.2 million in ERC20 USDC stablecoins on a DeFi smart contract, and it was using a liquidity mining model (investing funds in different DeFi protocols to earn the maximum return).

The pledged DeFi assets are still there, but the $1.2 million could disappear at any time.

These pledged assets are like Schrodinger's Cat: just like the Copenhagen quantum physics experiment, they are lost in quantum states and locked in a sealed cold hard box. As a result, only when the box is opened (connected to the stolen wallet) will we know whether the pledged assets are still there.

It is unclear whether the hacker was aware of the existence of the pledged DeFi assets, or if he was secretly monitoring the wallets:

• Hypothesis 1: The hackers knew about this a long time ago. Maybe they are waiting for higher DeFi returns before taking action?

• Assumption 2: The hacker is unaware. But if we keep interacting with Ethereum, sooner or later the hacker will find these pledged assets.

We can try it out and the answer will appear.

But this method also has problems, and the final result may be that curiosity kills the cat.

Most users come to AnChain.AI because their cryptocurrencies have been stolen and they want to try to recover their losses through blockchain security services. But usually it is too late, and even if we do the last remedy, we can only get back part of the money.

But the theft in DeFi has brought us new opportunities. If we play this game well, it is possible to recover the lost $1.2 million.

“Your wallet could be stolen at any time,” I wrote in my response. “You need to call in emergency experts. Here are our suggestions, whether or not you choose our services.”

1. Disconnect from the Internet and shut down your computer.

2. Use a brand new computer to surf the Internet.

3. Do not share your private key with anyone, including security companies.

4. Do not connect your wallet to any DeFi product.

As I wrote this last piece of advice, the words “Dark Forest” came to my mind.

At 7am, I woke up to a signed email that had been sent a little after 4am. It must have been a long night for Catherine. After verifying that the assets belonged to her, the incident response team began to deal with the stolen wallet.

As described in Liu Cixin's science fiction novel "The Three-Body Problem," the "Dark Forest Principle" holds that if one civilization is very afraid of another civilization, they will eventually dare not reveal each other's problems because they are both worried that they will be immediately regarded as a potential threat and destroyed.

Ethereum is like a dark forest. The AnChain.AI team can feel the intimidating green eyes of the dark forest we are about to explore staring at us, as if anyone could become its next prey. Although no one has asked for this, we all know it. Whether this million-dollar Schrodinger's cat can be saved is the key to the problem.

02 Analysis of the Devil in the Dark Forest: Hacker Characteristics

The most famous emergency response team in the world is FireEye Mandiant, which adheres to the principle of cybersecurity first and has a principle manual written by CEO Kevin Mandia and employees.

After leaving FireEye Mandiant, I founded AnChain.AI, bringing the best cybersecurity practices and co-creating AnChian.AI's blockchain emergency response project team.

Compared with network or cloud security, blockchain security presents its own unique challenges in the West where decentralization is prevalent.

Emergency response mainly faces two problems: investigation and handling.

Among them, the purpose of the investigation is to find out the answer: "Who is the hacker?" The hacker characteristics are to infer the hacker's TTP-including theft methods, techniques and steps.

What tools do hackers use?

• Computer Monitoring: In addition to social engineering phishing websites, computers can also be hacked through malware and illegal means using the Metamask wallet plug-in of the Chrome browser on Catherine's computer.

• Blockchain Forensics: Investigate the hacker by setting up software related to blockchain transactions and liquidity. The Chief Information Officer (CISO) investigation tool visualizes the hacker's on-chain activities. We did not find any changes on the smart contract except for the transaction of tokens.

I opened AnChain.AI’s CIO investigation tool and started researching the addresses of the victims and hackers. It seems that 6 people have fallen into the hacker’s phishing scam trap. The same method was used in the 2020 Twitter hack investigation, and the stolen funds in that theft case have been transferred to other wallets.

Thank God, our customers' DeFi collateral assets are still there.

Where is the hacker's address?

Unlike web servers that can track IP addresses and user agent strings, the Ethereum blockchain ledger can only anonymously record wallet addresses and the state of smart contracts. A fast Python script calculates relevant wallet statistics and then displays the probability density function when the hacker is active. The results show that the hacker is likely in East Asia.

The probability distribution graph helps us figure out the best golden time to attack. If we start the incident response too early or too late (too early to know about the hacker), the hacker may already know the existence of the emergency response team. If the hacker finds us, our plan will be ruined. In order not to attract the attention of criminals, our best time is 10 am to 8 pm Eastern Time.

According to our description of the Black Forest Demon, this is a geek located in East Asia who is good at hacking computers. But it is very likely that this person does not understand DeFi and smart contracts.

03 Develop a response plan

The Art of War by Sun Tzu says, "Know yourself and know your enemy, and you can fight a hundred battles with no danger of defeat . " This laid the foundation for our response plan.

Our remedy was to transfer the $1.2 million in stablecoins to Catherine’s new hardware wallet (a safe place).

Our greatest hope lies in DeFi’s smart contracts, especially the plans developed by the emergency response team:

• Plan A: Can the funds be withdrawn to a different wallet, bypassing the victim’s wallet?

Tomo received the code of the DeFi smart contract:

However, there is no recipient for withdrawals, and the assets can only be withdrawn to the original wallet. It is worth mentioning that Uniswap has taken this situation into consideration and set up relevant response procedures.

• Plan B: Can we freeze the assets so the hacker can’t move them?

In DeFi governance, freezing is a critical function.

But as shown in the figure, for stablecoins, there is no lock function in the transaction.

• Plan C: Most well-designed DeFis have a “pause” admin button for emergencies.

However, setting “pause” can only suspend transactions of a certain token contract, and does not apply to personal wallets, which is not suitable for this theft case.

It’s clear that this DeFi product didn’t take this emergency into account, which is disappointing.

At the same time, I also contacted the DeFi product team's Telegram group, email, Twitter, LinkedIn and their investors. Maybe it's a gamble, but they do have a good reputation in the market.

However, we did not get the response we expected (which was also expected).

Because poor customer service is a common problem among DeFi products.

We replied to Catherine: “Unfortunately, we have just summarized three solutions to recover your losses directly from the DeFi wallet, and finally only plan Z is suitable. But this plan is risky, are you ready?”

As an avid fan of the Japanese anime "Dragon Ball Z", I think this Plan Z is a sure-fire move just like the special moves in the game. We will know if we try it.

04 Plan Z: Precision Restorative Surgery

My colleague Dr. Anderson, a surgeon at the institute, never drinks coffee the day before his surgery because it affects his fingers. He once waved his hands and laughed at me, saying that he needed surgical precision.

Emergency handling also requires "precision repair", and excessive tension will lead to plan failure.

Plan Z is our last hope. Although it is full of risks, it can be simply divided into the following three steps:

1. Transfer ETH as a handling fee to the victim’s wallet;

2. Withdraw the pledged assets from the DeFi mining pool to the victim’s wallet;

3. Move all to a safe place.

I walked Catherine through the steps of the plan and quickly realized that it was even more drastic than it sounded on paper. It sounded like a horror story: “What if the hackers get there before you?”

"Plan Z is all about speed. Our automated defense mechanisms will increase our chances of success. Let me explain."

I came up with a game theory strategy from my analysis, listing all the possible solutions. This is how I like to analyze things when I’m faced with complexity and uncertainty.

The hacker may not be aware of our plan or may be quietly transferring the assets to other wallets, or it may have been set up automatically long ago.

Even if the hacker uses the automatic settings, our engineers assured me that we have an 80% chance of success. Game theory shows that we have a 93% chance of winning this battle, which is a high probability. But with such a large amount of money, a 7% failure rate is also nervous.

As mentioned earlier, Plan Z is all about speed. Specifically, our goal is to minimize the time difference between redemption and transaction. This is divided into two key steps:

1. Redemption speed. The best transaction fee for miners is the key. In 2020, due to the explosion of the DeFi market, Ethereum's transaction fees have risen sharply and have been criticized. In June, the average gas fee even reached 700 ETH!

2. In a 33-second verification time, 200 ETH is already the top-ranked transaction fee in the Ethereum transaction pool for us. The transaction fee of more than $12.8 when redeeming DeFi products makes me feel bad, but it is insignificant compared to $1.2 million. Every second is critical.

3. Offensive tools: Python scripts on web3 conduct illegal front-end transactions in the Ethereum transaction pool for adversarial transactions, so our ERC20 stablecoin transactions can be carried out first in the mining pool and transferred to the safe place we set. Please see below for related operations of illegal front-end transactions.

The attack tool is ready, we named the file:

>>FrontrunDarkForest.py

Plan Z was ready after we tested the Rinkeby testnet.

(Note: Due to the offensive nature of the tool, we will be omitting the technical details.)

05 “Saving Schrodinger’s Cat”

At 2 p.m., the million-dollar "Schrödinger's Cat" rescue plan officially began after two tests.

After taking a deep breath, Catherine opened the DeFi redemption website, logged into the metamask wallet plug-in, and connected the stolen wallet to DeFi.

Soon, Catherine began to scream hysterically, tears streaming down her face.

"Balance is zero!? What's going on!?"

The DeFi webpage shows that the wallet has a zero balance in the collateral pool! Everyone was silent for a while, but it just showed that there were collateral assets. After rational analysis, the hacker may have checked the assets in the wallet a long time ago. But we didn't see the smart contract at the beginning, and the hacker had no way to steal the money.

I took a look at Catherine’s DeFi webpage. Shouldn’t the connected Ethereum address be displayed in the upper right corner?

“Can you try connecting to your Metamask wallet again?”

Catherine held her breath, closed the browser, reopened the DeFi webpage, and reconnected to Metamask.

It shows that 1.2 million USDC are still in the mining pool.

Everyone breathed a sigh of relief, and everyone laughed at the absurdity of it all. But we don’t have time to discuss the irrationality of the UI of this DeFi product with a locked value of up to $200 million.

Tomo sent the Python script FrontrunDarkForest.py to transfer the ETH transaction fee to the victim’s wallet and then showed that our tool is ready.

Catherine clicks “Withdraw”, confirms the 200 ETH fee, and the transaction is displayed on the Ethereum network.

Time seemed to stand still and only the sound of our heartbeats could be heard.

When all the chips are in front of us, confidence will suddenly disappear at this time.

Thousands of CPU miners around the world, spread across SparkPool, Nanopool and F2Pool mining pools, are desperately trying to get a piece of this deal.

After 30 seconds, the smart contract's withdrawal transaction was successful, and the 200 Gwei insurance premium took effect.

Soon, the script FrontrunDarkForest.py started running and the following message popped up:

[INFO]Pre-trade successful. USDC withdrawn to a safe location.

3 seconds later, the Ethereum browser confirmed the transaction. USDC arrived at the set secure wallet.

Technically, by 2:15 p.m., the emergency response mission was complete. It took only 33 seconds to rescue the $1.2 million Schrodinger's cat from the Black Forest. The world is still at peace, and the "Asian devil" is apparently still dreaming.

We waved goodbye and walked out of my office building. It was another sunny day in San Francisco, the soothing fragrance of the osmanthus calmed me, and only when the early autumn breeze brushed against me did I realize that my shirt was stained with sweat.

As the Tesla calmly cruised along Highway 101, I started playing my favorite song, David Bowie's "Starman," just like in the movie "The Martian." The exotic Dorian mode instantly changed the cosmic atmosphere, and then sang:

The Star Superman is waiting in the sky,

He told us not to screw up.

Because he knew it would all be worth it.

I recalled Catherine’s big smile when she saw $1.2 million worth of cryptocurrency sitting on a hardware wallet address and she asked, “What would a hacker feel when they see this?”

The hacker will soon see this unusual Ethereum transaction happening at lightning speed. He may feel that "Starman" has rescued Schrodinger's cat from his dark forest and handed it over to its rightful owner.

06 Lessons Learned

• In Part 1 of their Incident Response Bible [1], FireEye Mandiant and AnChain.AI advise to “prepare for the inevitable.” You won’t be as lucky as Catherine, who just happened to know our investors. To be on the safe side, make sure you have at least one incident response team member in your contact list.

• Beware of social engineering scams. Catherine was hacked by a phishing site that tricked her into stealing her private key. As shown in Figure 1, she is not the only victim. Don't think you are always smarter than the hacker. Again, you should never give out your private key or password under any circumstances. Those 12 or 24 words, remember?

• I have three questions for the anonymous DeFi team: When billions of dollars of assets are injected into the liquidity pool, who will we contact for reliable customer support? Who do we suggest better user interface and user experience? Who can insure investors' endangered assets like the Federal Deposit Insurance Corporation? I don't understand how DeFi will be banked in the future unless these three points can give me convincing answers. What do you think?

Acknowledgements:

I would like to thank Daniel Robinson of Paradigm and Sue Xu of Amino Capital for their valuable feedback.

Quote:

[1] Jason T. Luttgens, Matthew Pepe, Kevin Mandia, “Incident Response & Computer Forensics, 3rd Edition”, ISBN:9780071798686, McGraw-Hill Education, 2014

[2] Dan Robinson, https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff

[3] Sam Sun, https://samczsun.com/escaping-the-dark-forest/

Original link:

https://www.linkedin.com/pulse/rescuing-schrodingers-cat-defi-darkforest-victor-fang-ph-d-/

Original article from Linkined

Author: Victor Fang, AnChain.AI

Translator | Katie Gu

Produced by | Odaily Planet Daily (ID: o-daily)

Disclaimer: This article is a real case of the "DeFi Million Dollar Theft" recently solved by the AnChain.AI team in San Francisco. Based on the signed user confidentiality agreement, no personal information of any user will be involved.