AutoChain Global Contract Hacked
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
AutoChain is a smart matrix model which allows users to earn money by promoting a multi-level marketing scheme to their friends or family as passive income. On June 14th, the protocol suffered an attack. Although no public announcement of the specific hack was provided, the protocol appears to have been updated nearly immediately to limit the participation of MEV (miner extractible value) bots. Other sources also did not explain the mechanism behind the attack, and it is unclear what restitution will be made to affected users, if any.[1][2][3][4][5]
About AutoChain Global
"Autochain is a transparent sharing network built on the Blockchain. Sharechain's model is a smart matrix model that maximizes income for the community. The first blockchain that Sharechain has chosen to develop on is Binance Smart Chain. Binance Smart Chain offers low transaction fees and fast transaction processing speed, ensuring the network operates with high efficiency without interruptions. Join Sharechain today to start earning money right away."
"We connect into a global decentralized financial mutual aid community. With the Mission to help 100 million users have stable jobs and become rich!"
"Mining ATC with monthly profit
up to 30%
Join Autochain network today to build a passive income source for your life."
"Build passive income easily with Autochain. Just dedicate a little bit of your initial time to join and develop the network, and you will receive incredible and regular rewards every day. Sharechain is a sustainable model and the latest trend in earning money online today."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
"AutoChain Global's contract on BNBChain was suspected to be attacked, with a loss of approximately $113,000."
| Date | Event | Description |
|---|---|---|
| June 14th, 2024 7:24:41 AM MDT | Blockchain Transaction | The attack transaction which removes $113k from the smart contract. |
| June 14th, 2024 7:54:00 AM MDT | Bot Mev Attack Testing | The AutoChain project Tweets that they are "currently performing attack testing transactions from Bot Mev" and that the "platform may not work properly for a short time". |
| June 14th, 2024 9:34:00 AM MDT | MEV Bot Testing Program Complete | The AutoChain project tweets that they have completed a MEV Bot Testing Program. |
| June 14th, 2024 7:34:00 PM MDT | Limit MEV Bot Solution | The AutoChain project announces that they "have completed the solution to limit MEV BOTs on Autochain" and that "[u]sers who have participated in mining on the http://Autochain.info platform will always be protected". |
| June 15th, 2024 6:00:00 AM MDT | Protocol Upgrades In Progress | The AutoChain project announces that the P2P exchange for their FKD token will temporarily halt for an upgrade at 3:00 PM on June 15, 2024. They are working hard to upgrade the Autochain ecosystem. |
| June 16th, 2024 9:44:00 PM MDT | ChainAegis Post | ChainAegis posts about the suspected breach transaction. The suspected attack transaction is provided. No specific details are provided about the mechanisms of the attack itself. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $113,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"We have completed the solution to limit MEV BOTs on Autochain. Users who have participated in mining on the http://Autochain.info platform will always be protected. Please note: Large quantity purchases of ATC Tokens during the testing phase may be restricted."
"The P2P exchange for FKD will temporarily halt trading for an upgrade at 3:00 PM on June 15, 2024. We are working hard to upgrade the Autochain ecosystem."
"Welcome back Bot Mev. We are currently performing attack testing transactions from Bot Mev. The platform may not work properly for a short time. Please do not make any transactions with ATC Tokens"
"We have completed the MEV BOT testing program. But all transactions are still being checked again. All mining transactions are not affected. We welcome any contributions from the community. Best regards"
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Accessed Jun 20, 2024)
- ↑ BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Accessed Jun 24, 2024)
- ↑ @Autochainglobal Twitter (Accessed Jun 24, 2024)
- ↑ AUTOCHAIN (Accessed Jun 24, 2024)
- ↑ @ChainAegis Twitter (Accessed Jun 24, 2024)