Mastodawn

The Resolv hack: How one compromised key printed $23M

https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/

The Resolv Hack: How One Compromised Key Printed $23 Million

Web3 security lessons from the Resolv hack: how a compromised key enabled a $23M exploit, what went wrong, and how DeFi protocols can prevent similar attacks.

Chainalysis

Show thread

primitivesuave

Missing from the article - the hacker first compromised Resolv Lab's AWS account, took a private key from KMS that was used to control minting, then managed to extract $25 million into ETH before all protocol functions were suspended.

Show thread

thebiblelover7 Mar 23

Do you have a source for that information? I'd like to read more on it.

Show thread

layer8 Mar 24

https://www.chainalysis.com/blog/lessons-from-the-resolv-hac...

https://xcancel.com/zacodil/status/2035658779706974556

The Resolv Hack: How One Compromised Key Printed $23 Million

Web3 security lessons from the Resolv hack: how a compromised key enabled a $23M exploit, what went wrong, and how DeFi protocols can prevent similar attacks.

Chainalysis

Show thread

abrookewood Mar 24

It's explicitly mentioned in the article:

A step by step breakdown of the attack
Step 1. Gaining Access to Resolv’s AWS KMS Environment

Show thread

leonidasv Mar 24

The link was changed, the old one did not mention it (apparently): https://news.ycombinator.com/item?id=47498220

We've changed the URL to that link from https://bfmtimes.com/hacker-mints-80-mil... | Hacker News

Show thread

WatchDog Mar 24

> took a private key from KMS

They used KMS to sign the minting operation, but they didn't "take" the key, AWS KMS doesn't let you extract keys.