Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$334 000 USD

SEPTEMBER 2020

GLOBAL

CORAL FINANCE

DESCRIPTION OF EVENTS

"Earn Coral tokens by staking Tokens or providing liquidity." "In most cases, you will have to stake your LP tokens to receive rewards, like on Coral.network. If you stake your LP tokens, it means that you’re kind of renting out the rights to withdraw your liquidity to the platform. However, you can typically reclaim your LP tokens at any time if you want to get your liquidity back."

 

DefiBox Foundation released the following statement concerning Coral, “Coral Finance is independently developed by the community, it has completed multi-signature of contract and open source code. The Defibox Foundation appreciates this. Therefore, after the Coral Finance project contacted Defibox Foundation, we decided to support it.“

 

"The wRAM of the EOS ecological DeFi liquidity mining project Coral was attacked by hackers and lost more than 120,000 EOS."

 

"On September 10, the wRAM of the EOS ecological DeFi liquidity mining project “Coral” was attacked by hackers and lost more than 120,000 EOS."

While there is limited information available online, the Coral Finance is another example where a project with a smart contract hot wallet was breached and user funds were lost. In this case, the exploit was related to the way EOS uses wRAM. It does not appear that anything was done to assist affected users in this case, as the project appears to have disappeared.

HOW COULD THIS HAVE BEEN PREVENTED?

There are a number of ways to prevent and mitigate this situation. It is far more secure to have the majority of funds in a multi-signature wallet where keys are stored offline by multiple operators. This would limit the potential loss to only those funds being actively needed. Audits can be used to reduce the risks on the hot wallets further, and we advocate at least 2 reviews would be required prior to a project launch. Having known platform operators would ensure a best effort is made to assist them, with a comprehensive industry insurance fund as a fallback in the worst case.

 

Check Our Framework For Safe Secure Exchange Platforms

SlowMist Hacked - SlowMist Zone (Nov 8)
Slowmist 2020 Blockchain Security And Privacy Events (Jun 5)
Beginners Guide To Defibox (Dec 19)
Coral Finance (Dec 19)
#Defibox - Search (Dec 20)
https://coinmarketcap.com/currencies/eos/historical-data/ (Dec 20)

Sources And Further Reading

More case studies

Eterbase Hot
Wallets Breached

YFDexF Finance
Exit Scam

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.