Lagrange X Account Phishing Fake Token Launch

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Lagrange Logo/Homepage

Lagrange offers a decentralized network to assist with preparing and using zero knowledge proofs. On October 16th, their X account started promoting a new LGR token. This token was not launched by Lagrange, and the tweet was not authored by them. The X account was ultimately restored on October 22nd. It is unclear how the X account breach occurred, if anyone was affected, and any plans to assist affected users.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22]

About Lagrange

"Hyper-Parallel ZK Coprocessing" "Build and scale more data-rich applications with offchain verifiable compute with the first SQL-based ZK Coprocessor."

"Lagrange Labs has launched a decentralized prover network to support a variety of protocols using different proof types. The first two protocols offered are the ZK Coprocessor and State Committees. This documentation shares the concepts, architecture, and deployment guides for each of Lagrange’s protocols."

"Lagrange’s ZK Coprocessor operates in a parallelized and distributed way: A computation is divided into multiple small tasks that can be distributed to multiple machines. The clusters of machines to execute computations and generate proofs scale horizontally, so as more machines participate, proofs can be generated faster over ever-growing datasets."

"Lagrange pre-processes blockchain data into a prover-friendly Verifiable Database which can handle unlimited storage slots, that smart contracts can make SQL queries over. While others can prove single storage slots but rely on the smart contract or an expensive proof to execute computations beyond a single storage slot, Lagrange’s ZK Coprocessor can query 8888 storage slots per block, more than an order of magnitude larger than other coprocessor solutions today."

"Typically, ZK coprocessing involves proving the historical state of a chain and then proving a series of computation on top of the existing data set. Lagrange’s ZK Coprocessor can execute dynamic proving on top a Verifiable Database of historical contract storage state to target updating proofs of only what has changed. This approach, enabled by our Reckle Trees research, drastically reduces proving time and lends itself well to applications that need to compute specific datapoints over large sets of data."

"With our ZK Coprocessor, developers can use ZK proofs to compute over historical storage, receipt or transaction data, directly from their smart contracts using SQL queries. No need for writing complex circuits or working with intermediaries."

"Lagrange’s ZK Coprocessor enables Lagrange State Committees, which are ZK light clients each comprising a decentralized network of operator nodes. Each State Committee supports an unbounded set of nodes, so it can scale with the protocol as it grows. Integrating with EigenLayer’s restaking further extends Ethereum’s economic security and creates a robust shared security zone made up of a dynamic set of nodes."

"Exciting news! We're thrilled to introduce our new $LGR token, designed to supercharge data-rich applications. Token allocation is boosted based on interactions with partners like Azuli, Gearbox Protocol, Etherfi - and more. Check Allocation"

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"ZK startup Lagrange's X account has been allegedly compromised, and a scam link related to the LGR token has been posted. Please stay vigilant and be cautious of potential risks."

Key Event Timeline - Lagrange X Account Phishing Fake Token Launch
Date Event Description
May 8th, 2024 Additional Funding Round Completed The "team at Lagrange Labs announced our $13.2M seed round, led by Founders Fund, with participation from Archetype Ventures, 1kx, Maven11, Fenbushi Capital, Volt Capital, CMT Digital, Mantle Ecosystem Fund and various friends, supporters, partners and angels. We’ll use this funding to continue to accelerate the development of Lagrange’s hyper-parallel ZK Coprocessor and State Committee products, as well as to continue to expand our ever growing ecosystem of partner projects."
October 16th, 2024 12:44:00 PM MDT Update Posted While Hacked The Lagrange X account posts a legitimate update mentioning their "state of the art Prover Network". A number of users comment to warn that the account is hacked. It's unclear why this update was posted following the hack, however it may have been scheduled ahead of time.
October 16th, 2024 10:53:00 PM MDT First Warning On X The first mention of the hacked X account in a tweet by anyichinem65580.
October 16th, 2024 11:35:00 PM MDT Scam Sniffer Post Made Scam Sniffer posts an update about the overtaken X account.
October 17th, 2024 9:12:00 AM MDT Banner Warning On Website 1c4m3by posts a screenshot where a banner was showing up on the Lagrange website to warn about the breached X account.
October 22nd, 2024 1:01:00 PM MDT Lagrange X Account Recovered Lagrange announces the recovery of their account on X.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Lagrange's X account was compromised and posted phishing tweets."

Ultimate Outcome

"Confirming that the Lagrange Labs team has regained access to this account

All communications involving Lagrange Labs, our ecosystem and our products will resume from the @LagrangeDev X account"

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @realScamSniffer Twitter (Accessed Nov 8, 2024)
  2. Lagrange (Accessed Nov 8, 2024)
  3. Lagrange: The Next Chapter for Lagrange (Accessed Nov 8, 2024)
  4. Home | Lagrange Docs (Accessed Nov 8, 2024)
  5. @lagrangedev Twitter (Accessed Nov 8, 2024)
  6. @lagrangedev Twitter (Accessed Nov 8, 2024)
  7. @aditmadhur9 Twitter (Accessed Nov 8, 2024)
  8. @blknoiz06 Twitter (Accessed Nov 8, 2024)
  9. @1c4m3by Twitter (Accessed Nov 8, 2024)
  10. @anyichinem65580 Twitter (Accessed Nov 8, 2024)
  11. @insomniac_ac Twitter (Accessed Nov 8, 2024)
  12. @fishincondom Twitter (Accessed Nov 8, 2024)
  13. @kitcat_x Twitter (Accessed Nov 8, 2024)
  14. @connor_aug13078 Twitter (Accessed Nov 8, 2024)
  15. @AnonVee_ Twitter (Accessed Nov 8, 2024)
  16. @0xpoulsen Twitter (Accessed Nov 8, 2024)
  17. @0xM0RA Twitter (Accessed Nov 8, 2024)
  18. @Whitehair1987 Twitter (Accessed Nov 8, 2024)
  19. @King_Staccz Twitter (Accessed Nov 8, 2024)
  20. @xenowits Twitter (Accessed Nov 8, 2024)
  21. @aditmadhur9 Twitter (Accessed Nov 8, 2024)
  22. @0xmeder Twitter (Accessed Nov 8, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Lagrange_X_Account_Phishing_Fake_Token_Launch&oldid=6337"