I’ve been deep in the trenches the last ~36 hours dealing with the Terra exploit where Astroport unfortunately caught a stray. Mostly I’ve spent my time working with people to try and figure out the attacker’s identity.
It’s been pretty eye-opening what I’ve learnt about the process.
It’s insane what a group of smart, motivated people can uncover. Not to give too many specifics but IP addreses, the attacker’s probable name, their likely location, links with other projects they must have had knowledge of, and so on. I would never have thought it was possible to get so much.
There is an inspiring amount of goodwill in the community - large numbers very smart people willing to give up hours of their time to help sleuth, teams lending us their security specialists - it was amazing to see. So many smart people in Cosmos still. And the support we at Delphi Labs and Astroport received is deeply appreciated.
Stealing $2.5m+ is a serious crime - many years in prison if caught. You’d have to be crazy to take this risk given how easy it is to slip in some hard to foresee way and leave a trace.
Anyway, we are at a point where we believe we’ve identified the attacker(s) and will be going to law enforcement with what we’ve learnt. We’ll leave it to the professionals after then.
All we really want are the assets back though. Astroport has published the address of a community multisig where the attacker can anonymously return the funds. I would suggest they do that.
nitter.app/astroport_fi/status/18…
Many thanks to Spaydh and the Neutron team, Rarma, Ray Raspberry, Philipp from ERIS, Jacob, LitBit, everyone at TFL, the Terra validators, Sunny, Jack and some teams which may want to remain unnamed. Plus of course the relentlessly unkillable Astroport chads.
To the attacker: Get in touch with the team and return the stolen funds to the following address.
0x345F7008E3b27706D85BaceCd6C2f065bf1Bb1D5