The Nuls team have revealed that 2 million NULS tokens worth $480,000 have been stolen in a hack on an internal wallet. The source of the hack was Nuls’ current platform version, and the issue has now been dealt with, leaving hackers only able to sell just over a third of their haul.
*Security Update* pic.twitter.com/GN41agKgi1
— NULS (@Nuls) December 22, 2019
Hard Fork Locks Tokens
A Medium post from the team states that an account belonging to a team member was attacked by hackers, although the method of the attack is not stated. 2 million NULS tokens were transferred out of the account, of which 548,354 “has entered the trading market and couldn’t be traced.”
To invalidate the remaining 1,451,645 tokens, the team decided to implement a hard fork at block height 87,800, a process that isolates and effectively destroys the tokens, rendering them useless and ensuring that the thieves only gained $132,000, at most, from their actions. The Nuls team did reveal that the source of the attack was the current version of the software, and have issued a fix:
The reason for this attack is due to a security vulnerability in NULS 2.2 version, which has been fixed. We have contacted the exchanges and they are cooperating with us actively. We are completing the hard fork process and will release it as soon as possible. Sorry for the inconvenience.
Echoes of VeChain Hack
The Nuls attack comes a week after VeChain suffered an attack in which they lost some 1.1 billion VET tokens ($6.45 million), which was put down to a combination of human error within the team and malicious activity from opportunistic hackers. In the Nuls case the team managed to act quickly and perform a hard fork which isolated the stolen tokens, but it reveals that there are still huge flaws in the nascent technology which will need addressing if blockchain companies are to attract the kind of investment they are seeking.
