$140 000 USD

MARCH 2021




"CyberFi mission is to create a user-friendly DeFi experience and add a new layer of features available. Users of our platform will experience zero-stress, automated DeFi trading and farming, smaller fees and tools for Impermanent Loss mitigation."


"I put all my tokens in a staking contract for 30 days." The contract expires "April 2nd". "It's a project I believe will easily 10x."


"Had an issue with a recently staked token not showing any balances. I went to the official telegram of the token. There I asked an admin to assist me on this issue. No response from an official admin so I tinker around and found that a simple refresh after metamask connect solved the problem. Cool."


"I get off and take a nap. Woke up with a well known admin messaging me if I need help. My brain is slowly waking up. I tell him it's all good."


"Then he tells me that people are no[w] getting integrated into their system for bonuses. So asks me if I received full integration. As a noob, I'm like I don't think so. Then he sends me this link."


"Tells me to integrate to take advantage of all the new bonuses and allotments. (New project with a lot of promotions and collabs). So I eagerly click on it and give my seed phrases. Doesn't dawn on me until I hit enter to check the admins credentials. I check it and it's a copy of his profile. Stomach hits my feet."


"Seems like a group targets CFI investors. They have legit looking sites and telegram."


"In my mind I'm accepting this as a loss. But still going to try." "[CyberFi i]s just starting out and it's going to kill me to see it go to the moon without me."


"[M]y coins were locked in staking. Had 3 weeks before unlock. I begged every white hat in the world and finally one said ok.... he got a group of people to put eth sweepers in while hijacking my coins by bribing a miner. Was awesome to see in real time. Was very intense and nail biting."


"Alex saved me too." "H[e] extracted my CFI tokens that were in a time locked contract. Safely sent them to another wallet without gas using flash bots." "I almost lost 140k but manage a rescue, thank god." "$139k today's prices $11k - 2eth tip. $7k. Well still glad I have it than the hacker."


"I'm in a good place with the mistake. Not the end of the world. Just sucks I'm in a "would of/could of" scenerio if I lose it. If I buy more of the coins, I'm taking away from another project. So if the lost coins 100x I'm gonna always have a gut punch, and if I repurchased said coins the other project I liquidified 100x I'll go insane. So im not going to enjoy that aspect of it all. But my other projects are doing well, so make up sooner than later. Thx for your words."

CyberFi was a staking platform growing in popularity around March 2021. Reddit user BetItAllJonny was an investor who had staked their assets for 30 days, along with other coins also, totalling $140k, in the same wallet. It was a hot wallet they were interacting with using MetaMask.


After a nap, they were tricked by a fraudster who pretended to be an administrator in CyberFi on Telegram. They were sent to a malicious website, where they promptly entered their seed phrase. Their assets were immediately taken, except for the CyberFi which was still staked.


They were able to convince a white-hat hacker to assist them in front-running the attacker and retrieve the staked CyberFi at the contract expiration date. It doesn't appear that their wallet address has been published, and none of the other funds have been reported to be recovered.


The primary protection is to never enter the seed phrase anywhere online. It is best to use a hardware wallet, in which case the seed phrase is only ever entered into the device itself. Losses could have been limited by separating assets into more wallets, ideally keeping most assets on an offline wallet which is fully disconnected and not used for regular transactions.


The CyberFi platform can use an alternative system for providing support, which does not allow anonymous strangers (without prior history) to privately contact users of the platform. It is recommended to have some support resources available to assist phished users whose cases can be shown to be valid. This could take the place of resources to track down theft quickly and assist with police report filing, or a shared fund to partially reimburse users.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.