Halborn Logo

// Blog

Explained: The Truflation Hack (September 2024)


profile

Rob Behnke

October 2nd, 2024


Truflation is a blockchain-based data platform providing real-time economic and inflation that is backed by some of the biggest names in the industry, including Coinbase Ventures and Chainlink. In September 2024, it suffered a $5.2 million hack due to a malware infection on the organization’s systems.

Inside the Attack

The Truflation attacker targeted the protocol’s treasury wallet and personal wallets on Ethereum and seven other blockchains. Only project funds were stolen by the attacker; customer and staking funds remained untouched.

The treasury wallet was protected by multi-sig, a blockchain security best practice that uses multiple different private keys to digitally sign transactions and protect against this type of attack. However, while this makes this type of attack more difficult to perform, it doesn’t eliminate the risk.

In this case, the attacker used malware believed to be injected into a computer during the Token2049 event. This malware then gained access to the private keys used to access various Truflation blockchain wallets. With this access, the attacker was able to transfer the $5.2 million from the protocol’s accounts.

After the attack was discovered, Truflation posted an on-chain message to the attacker offering a $500,000 bounty in exchange for the return of the remaining funds. However, the attacker rejected the offer.

Lessons Learned from the Attack

The Truflation hack shows the importance of a comprehensive cybersecurity strategy. Truflation implemented blockchain wallet security best practices, such as multi-signature wallets, which put them ahead of many blockchain projects, especially those compromised via exposed private keys. Often, private key hacks involve a hot wallet protected by a single private key.

However, multi-sig wallets only increase the difficulty of compromising an account; they don’t make it impossible. The malware attack on Truflation demonstrates this, as the attacker was able to infiltrate the project’s IT systems and collect enough of the private keys to take control of the wallets. While this could mean that many private keys were accessible from the same system — undermining the security that multi-sig wallets provide — it could also indicate that the attacker compromised several computers in their quest to collect the keys.

When designing a security program for a blockchain project, it’s important to consider the organization’s IT infrastructure and security processes as well as blockchain-specific best practices. In this case, taking a computer to a conference allowed it to be infected with malware that cost the project dearly. For help in securing your project against attack, reach out to Halborn.

© Halborn 2024. All rights reserved.