Mastodawn

The Resolv hack: How one compromised key printed $23M

https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/

The Resolv Hack: How One Compromised Key Printed $23 Million

Web3 security lessons from the Resolv hack: how a compromised key enabled a $23M exploit, what went wrong, and how DeFi protocols can prevent similar attacks.

Chainalysis

Show thread

Aurornis 4d ago

According to a writeup at https://www.chainalysis.com/blog/lessons-from-the-resolv-hac... this started with a plain old hack that compromised their signing key.

They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.

So there was a traditional hack at the core of this heist, not just a smart contract exploit.

The Resolv Hack: How One Compromised Key Printed $23 Million

Web3 security lessons from the Resolv hack: how a compromised key enabled a $23M exploit, what went wrong, and how DeFi protocols can prevent similar attacks.

Chainalysis

Show thread

amarant 4d ago

Is there any proof, or even indication, that this wasn't an inside job?

Show thread

bravoetch 4d ago

Usually I would expect proof for a positive - like that it was an inside job, or there being an indication of it. I'm not saying whether it was or not, just that it seems unusual for you to ask about proof of it NOT being an inside job.

Show thread

kibwen

When it comes to crypticurrencies, no, the "hack" that turns out to be an inside-job rugpull is so common that the correct burden of proof is on the people who think this wasn't an inside job.