Post-mortem: BiFi-BTC illegal address registration

Overview

Event Analysis

Attacker Information

  • address:bc1qmgh7w47myz7kt7x34zqlr5azck7u8j8ewg3u2j
  • pubkey hash: 0xDa2fe757Db20Bd65F8D1a881F1D3a2C5BdC3c8F9

Timeline

  1. 2022. 07. 08 11:13 AM UTC: Attacker registered the deposit address into the BiFi BTC contract. (using the stolen key in the manipulated message)

Measures Taken

--

--

Universal Multichain Middleware for DApps: https://thebifrost.io/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store