The Fusion Foundation has announced its token swap wallet has been compromised, leading to the theft of 13.5 million tokens at a value of $6,750,000. Withdrawals and deposits of FSN tokens on Huobi, Bitmax, Citex, Hotbit have been suspended following “abnormal wash trading” on the exchanges and the suspected sale of some of the stolen tokens. The revelation of the theft will come as a blow to the project which only launched its mainnet three months ago.
Fusion provides official update on the Foundation wallet that was compromised on the 28th of September. https://t.co/Jrbv1c3cyX
— FUSION (@FUSIONProtocol) September 29, 2019
Private Key Theft Leads to Loss
Fusion announced the hack via a blog post on Saturday, stating that the wallet was compromised via theft of the private key, were made up of 10 million native FSN tokens and 3.5 million ERC20 tokens. The news resulted in an immediate crash in the FSN price, which plummeted over 50%, from $0.5 to $0.21. Although no user wallets were affected, the hack will have major implications for a project that saw its mainnet go live at the end of June, where the token price hit a yearly high of $1.60. Since then however the token price has drifted down almost 70% before this blow, potentially reflecting the lack of uptake in the project after launch.
Inside Job Suspected
Fusion doesn’t go into much detail about the hack itself, although it does suggest that “there is uncertain evidence showing that theft may have been caused by personnel related to the Fusion Foundation.” An inside job would be the most obvious explanation as to how a private key to millions of dollars’ worth of tokens can be accessed so easily. It wouldn’t represent the first such case by any means, with the Bithumb hack in March this year being put down to employees being too tempted by the contents of the company’s accounts. The Foundation states that it is now “working closely with exchanges” to collect information and evidence that might lead them to a clearer understanding of what happened. Fusion calls itself “The Best Platform for Decentralized Financial Applications”, but instances like this, where a piece of information as critical as a private key can be stolen, will not exactly fill would-be users of the platform with confidence.
