Social money issuer Roll was hacked for nearly $5.7M of creator tokens held in hot wallets on the platform over the weekend.
Using Roll’s private keys, the hacker made off with tokens from 400+ creators on the platform. They immediately sold into Uniswap pools created around the vulnerable social tokens and transferred the ETH via Tornado Cash.
“It seems like a compromise of the private keys of our hot wallet and not a bug in the Roll smart contracts or any token contracts,” stated Roll’s post-mortem
<iframe src="https://thedefiant.substack.com/embed" width="480" height="320" style="border:1px solid #EEE; background:white;" frameborder="0" scrolling="no"></iframe>
Of all the tokens affected, Whaleshark’s WHALE token and Friends With Benefits FWB were hit the hardest, losing ~1400 ETH and ~800 ETH respectively.
The affected communities scrambled to address the situations, quickly turning to Discord voice chats to inform their tokenholders to what happened. Looking across the board, all social tokens dipped by at least 50%, depending on the number of tokens held in Roll at the time of the hack.
Roll responded with a post-mortem, saying the team intends to take legal action on the malicious actor if found and offering a $500k creator bounty to all communities affected.
Social Token Community Rallies
Despite the devastating losses, the wider social token community banded together to support those in need. After addressing the issue internally, Whaleshark set out to provide liquidity to other projects as a sign of support.
The Friends With Benefits token dropped by 99% at the time of the hack. Despite a crisis event, the community rallied together to vote in favor of a new FWB Pro token, expected to launch later this week. The project will airdrop tokens to existing members and speculators at various rates, resetting the slate with a DAO at the helm.
What could have been a crippling blow for the emerging sector turned into a sign that social token communities can respond well in the face of danger.
This event showed that many social tokens still suffer from centralization issues as a result of accessibility, as the reason tokens were being held in Roll in the first place was to prevent creators from having to download Metamask to get started with social money.
In the event that a creator retained complete control of their supply, there would have been no tokens at risk when the issuer was hacked. While the space is rapidly growing, let this serve as a reminder that self-custody is an education course worth emphasizing.
✊ Head to THEDEFIANT.IO for the best in DeFi news 📰