April 22nd, 2021
On April 19, 2021, EasyFi, a DeFi Polygon Network-powered protocol, was the victim of a hack. The attacker was able to extract 2.98 million EASY tokens and $6 million in USD, DAI, and USDT for a total value of about $81 million.
The EasyFi attack is very similar to the Nexus Mutual hack that was performed in December 2020. In both cases, the attacker injected a malicious version of Metamask into the target computer. By doing so, the attacker was able to steal mnemonic/private keys and use them to perform transactions.
The compromised machine in the EasyFi hack was a machine used solely for performing official transfers on behalf of the project and is kept offline the rest of the time.
At the time of the attack, the machine had been offline for over a week, demonstrating that the attacker had previously compromised the keys and waited to perform the attack.
Since the machine was not in active use at the time, the response was delayed, enabling the attacker to drain liquidity from the protocol.
The EasyFi hack was obviously a targeted attack performed by a sophisticated attacker. The machine compromised in the attack is offline most of the time, and the attacker managed to gain access to the system and modify the MetaMask binary from there.
The EasyFi project took appropriate precautions to protect against this threat (i.e. using a dedicated machine connected to the network only when needed).
Without further information on the attack vector used to compromise the machine, it is difficult to say how other projects can defend themselves against similar threats in the future.