DeBox Social External EOA Wallet Private Key Leak

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:48, 21 January 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/deboxsocialexternaleoawalletprivatekeyleak.php}} {{Unattributed Sources}} thumb|DeBox Social Logo/HomepageDeBox is a Web3.0 social platform which reportedly has significant community engagement. On December 1st, 2024, a wallet with a large amount of box token was compromised, leading to a significant drop in price as those tokens were quickly liquidated. DeBox h...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

DeBox Social Logo/Homepage

DeBox is a Web3.0 social platform which reportedly has significant community engagement. On December 1st, 2024, a wallet with a large amount of box token was compromised, leading to a significant drop in price as those tokens were quickly liquidated. DeBox has posted on social media to address the issue. Very few external firms appear to be tracking the funds, and it does not appear that any recovery is in progress.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51][52][53][54][55][56]

About DeBox Social

DeBox is an all-in-one Web3.0 social platform designed to simplify interaction within the Web3 ecosystem. It has achieved significant milestones, including $383 million in transaction volume, over 10 million users, and substantial community engagement. DeBox offers various services, including DeSwap for decentralized swapping, and the DeBox Guardians NFTs, which are part of its community and ecosystem. With a focus on making Web3 easier to navigate, the platform aims to empower users through its token, $BOX, and create a user-friendly environment for both developers and investors.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"DeBox officially announced that due to the leakage of the private key of an operational account's personal EOA wallet, 31.03 ETH and 4.879 million BOX tokens were stolen."

Key Event Timeline - DeBox Social External EOA Wallet Private Key Leak
Date Event Description
December 1st, 2024 12:41:23 PM MST Transfer Ethereum 13.55 Ethereum are transfered.
December 1st, 2024 12:42:47 PM MST Transfer Box Token 2,980,839.475869626818219902 box tokens are transfered.
December 1st, 2024 5:47:00 PM MST Social Media Discussions The start of social media discussions, with concerns of a rug pull happening by 0xCryptoUni. "Whether it was stolen or the project owner dumped the project and ran away, there is no clear official statement yet, so let us wait and see."
December 1st, 2024 10:27:00 PM MST Debox Announcement Tweet Debox posts a tweet on their social media where they highlight the loss and attribute it to the compromised private key.
December 7th, 2024 7:08:11 AM MST CoinPedia Article Published CoinPedia publishes an article which includes details on the DeBox breach.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

"Asset Loss Overview: •ETH: 31.0282 •BOX: 4,879,079.3995"


The total amount lost has been estimated at $275,000 USD.

Immediate Reactions

"Whether it was stolen or the project owner dumped the project and ran away, there is no clear official statement yet, so let us wait and see."

"Debox rug, remember everyone also played scratch lottery, damn. The official said it was stolen, or did he run away? All the pools on the chain have been withdrawn. Magic blockchain, a new melon every day, each melon is different."

"The official announcement states that due to the leakage of the private key from the operator’s personal EOA wallet, 31.03 ETH and 4.879 million BOX were stolen. The official emphasized that this incident does not involve the security of platform users’ assets, assuring the community that their funds are safe."

"The social project #Debox @DeBox_Social was drained today. The price of the coin has fallen by 95% since September. Is it a Rug or stolen? Keep watching"

"Breaking: The previously popular DeBox in the Chinese-speaking community seems to have run away! Oh my God! This shows that anything related to "DE" or "X" is not safe! Everyone, please check if you have linked DeBox and disconnect it to avoid further asset losses! #DeBox @DeBox_Social"

"The once-popular DeBox project in the Chinese-speaking community seems to have run away, with funds already cashed out through exchanges and liquidity pools withdrawn from the blockchain. The project team claims the wallet was stolen, but due to the frequent occurrence of "insider theft" in the industry, further updates are awaited. Please stay tuned, and we will continue to follow up on the situation."

"It is really shocking that there is no multi-signature wallet and the asset management of the project is too casual."

"It's just a few lines of words, but behind them are tens of thousands of dollars of tuition fees"

"It's 2024, is there any EOA account private key leak? It is recommended to replace the CTO"

Ultimate Outcome

"II. Action Plan:

1. Stabilization Fund Deployment: The Stabilization Fund will be used to purchase back all stolen tokens from the exchange, with completion expected within one week.

2. Token Allocation: All repurchased tokens will be injected into the BOX DAO assets. The community will vote to decide their use.

3. Account Security Update: The DeBox Social operational account will transition to a multi-signature wallet once DeBox App supports multi-signature logins.

4. Accountability and Recovery: A professional security firm will handle the investigation and asset tracing. Updates on the recovery process will be provided regularly. Any recovered assets will be managed through BOX DAO voting.

DeBox will continue to trace the theft address and reserves the right to take all necessary legal actions to pursue accountability.

DeBox has always placed the community at its core, striving to build an open, transparent, and sustainable ecosystem.

We sincerely appreciate your understanding and support. Together, we believe DeBox will emerge stronger and more resilient."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @debox_social Twitter (Accessed Jan 20, 2025)
  2. DeBox: The all in one Web3 community tools. (Accessed Jan 20, 2025)
  3. @Crypto_He Twitter (Accessed Jan 20, 2025)
  4. @0xCryptoUni Twitter (Accessed Jan 20, 2025)
  5. @DeSwap_Official Twitter (Accessed Jan 20, 2025)
  6. @elonmusk0520 Twitter (Accessed Jan 20, 2025)
  7. @numbzc888 Twitter (Accessed Jan 20, 2025)
  8. @blockamotoo Twitter (Accessed Jan 20, 2025)
  9. @okkp7537 Twitter (Accessed Jan 20, 2025)
  10. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  11. @blockamotoo Twitter (Accessed Jan 20, 2025)
  12. @jintiankankan11 Twitter (Accessed Jan 20, 2025)
  13. @bpaynews Twitter (Accessed Jan 20, 2025)
  14. @zhendehengeili Twitter (Accessed Jan 20, 2025)
  15. @BenWAGMI Twitter (Accessed Jan 20, 2025)
  16. @hexad_army Twitter (Accessed Jan 20, 2025)
  17. @w3__debox Twitter (Accessed Jan 20, 2025)
  18. @johnmorganFL Twitter (Accessed Jan 20, 2025)
  19. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  20. @0xotmk Twitter (Accessed Jan 20, 2025)
  21. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  22. @Yee92480343 Twitter (Accessed Jan 20, 2025)
  23. @_koling_ Twitter (Accessed Jan 20, 2025)
  24. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  25. @sinanz00 Twitter (Accessed Jan 20, 2025)
  26. @spacen1ght Twitter (Accessed Jan 20, 2025)
  27. @genfenggoudaib1 Twitter (Accessed Jan 20, 2025)
  28. @1453Gurbuz Twitter (Accessed Jan 20, 2025)
  29. @BenWAGMI Twitter (Accessed Jan 20, 2025)
  30. @DeBox_CN Twitter (Accessed Jan 20, 2025)
  31. @john28463719 Twitter (Accessed Jan 20, 2025)
  32. @cryptonewsz_ Twitter (Accessed Jan 20, 2025)
  33. @metavers_bit Twitter (Accessed Jan 20, 2025)
  34. @CodeShelby Twitter (Accessed Jan 20, 2025)
  35. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  36. @yuexiaoyu111 Twitter (Accessed Jan 20, 2025)
  37. @blockamotoo Twitter (Accessed Jan 20, 2025)
  38. @DeBox_CN Twitter (Accessed Jan 20, 2025)
  39. @QHKX888 Twitter (Accessed Jan 20, 2025)
  40. @CryptoXin127 Twitter (Accessed Jan 21, 2025)
  41. @0xCryptoUni Twitter (Accessed Jan 21, 2025)
  42. @pandaBA007 Twitter (Accessed Jan 21, 2025)
  43. @numbzc888 Twitter (Accessed Jan 21, 2025)
  44. @DeSwap_Official Twitter (Accessed Jan 21, 2025)
  45. @yuexiaoyu111 Twitter (Accessed Jan 21, 2025)
  46. @MemeSiguoyi Twitter (Accessed Jan 21, 2025)
  47. @btcbagua Twitter (Accessed Jan 21, 2025)
  48. @XChainNews Twitter (Accessed Jan 21, 2025)
  49. @MetaEraCN Twitter (Accessed Jan 21, 2025)
  50. BlockThreat - Week 48, 2024 (Accessed Jan 21, 2025)
  51. @crynetio Twitter (Accessed Jan 21, 2025)
  52. Crypto Weekly Hack Report: Why Multi-Factor Authentication Is Crucial in 2024 (Accessed Jan 21, 2025)
  53. @MistTrack_io Twitter (Accessed Jan 21, 2025)
  54. @laochen12 Twitter (Accessed Jan 21, 2025)
  55. @tungzay1 Twitter (Accessed Jan 21, 2025)
  56. $0.02 | DeBoxToken (BOX) Token Tracker | Etherscan (Accessed Jan 21, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=DeBox_Social_External_EOA_Wallet_Private_Key_Leak&oldid=6451"