AirDropsDAC HireVibes Airdrop Private Key Leak

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:35, 24 January 2023 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/airdropsdachirevibesairdropprivatekeyleak.php}} thumb|AirDropsDACThe HireVibes protocol ran an airdrop through the AirDropsDAC project. The private keys of the smart contract were apparently breached, and the tokens were taken and liquidated. The airdrop was run without AirDropsDAC being involved, and a bonus was given for all participants. This is a global/international...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

AirDropsDAC

The HireVibes protocol ran an airdrop through the AirDropsDAC project. The private keys of the smart contract were apparently breached, and the tokens were taken and liquidated. The airdrop was run without AirDropsDAC being involved, and a bonus was given for all participants.

This is a global/international case not involving a specific country.

About AirDropsDAC

"AirdropsDAC provides Airdrops As A Service to dapp developers in the EOS ecosystem looking to tokenize their project. AirdropsDAC looks to be the foremost authority in airdrops, offering the most options for innovative airdrops, legal-friendly tokens, community engagement tools and marketing to ensure the project’s users are ready and engaged to adopt the dapp."

"HireVibes (ticker symbol: HVT) is a decentralized jobs platform that incentivizes people to crowd-source candidates for jobs positions. It was built and operates as a decentrilized application on top of EOS blockchain. It is the flagship project of EOSVibes." "HireVibes aims to disrupt traditional Human Resources (HR) and recruiting."

"The demand for Web3 talent is rising faster than supply. Bitcoin and blockchain technology are helping us create a better world. We're creating an open source standard for hiring in the Web3 era."

"Showcase your employer brand by using a cryptocurrency powered hiring platform to build world changing teams. Whether you're a growing technology company or a fledgling DAO; HireVibes has you covered."

"A large number of HVTs in the AirDropsDAC contract account were transferred to the sym111111add account under abnormal operation. The account was then exchanged for 2,514 EOS at Newdex, which was subsequently transferred to the gizdkmjvhege account."

"In light of the recent exploit which took place on November 12th 2018, the HireVibes development team would like to reassure our community that HireVibes keys and token smart contract and were never compromised. They are secure and under the supervision of the HireVibes team."

"This incident involved a third party that was providing an airdrop service to HireVibes at the time of the exploit. The HireVibes development team treats security as the utmost priority. A member of the HireVibes team alerted our service provider of the exploit, which is currently being investigated."

"HireVibes are taking a neutral position while the facts are established. Meanwhile, development is continuing as normal as we work towards the release of HireVibes Beta early in 2019."

"As a bonus to all accounts that did claim HVT by Monday December 3rd at 1300 UTC, as well as accounts which were missed on the airdrop, HireVibes will give an extra % of HVT to those accounts. The exact bonus % will be announced, and the delivery of tokens will happen by Wednesday December 5th."

"We are doing this because we listened to the needs our community and it also means HVT will be a more widely distributed token, which is essential for a vibrant token economy."

"While we are appreciative to AirdropsDAC to get a chance to trial a new innovative airdrop method (claim invitations), the HireVibes team will complete the airdrop, and distribute tokens to everyone on the snapshot."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - AirDropsDAC HireVibes Airdrop Private Key Leak
Date Event Description
November 12th, 2018 12:00:00 AM First Event This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Private keys need to be stored offline. One of the easiest ways to protect against this would have been to set up a multi-signature requirement on the primary wallet. Additional training for operators is also useful.

References

SlowMist Hacked - SlowMist Zone (Dec 19)

AirdropsDAC – Airdropping Since June 2018 (Dec 29)

HireVibes - Attract Your Tribe (Dec 29)

https://everipedia.org/wiki/lang_en/hirevibes (Dec 29)

https://www.coingecko.com/en/coins/hirevibes/eos (Dec 29)

Hirevibes Statement Regarding Recent Exploit (Dec 29)

Airdrop Update Hvt For Everyone (Dec 29)

Hirevibes Airdrop And User Prototype Release (Dec 29)

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=AirDropsDAC_HireVibes_Airdrop_Private_Key_Leak&oldid=393"