The Fantom Foundation, a non-profit organization supporting the Fantom blockchain network, recently suffered a data breach in which hackers managed to steal over $550,000 in cryptocurrency. The breach was attributed to a zero-day security vulnerability in Google Chrome, which allowed attackers to exploit the flaw and steal private keys from the Foundation’s wallets.
Furthermore, although discussions among users on The Fantom Foundation’s Telegram channel suggest the zero-day vulnerability may be linked to a heap buffer overflow within Google Chrome’s WebP format, the incident is still under investigation for a conclusive understanding. The attack primarily targeted an employee’s personal wallets, which had been reassigned from the organization, making it a targeted personal attack.
Fortunately, only a small number of wallets were compromised, and more than 99% of the Fantom Foundation’s funds remained secure. Crypto and Blockchain security firm CertiK confirmed the data breach and reported losses in two Foundation wallets.
Additionally, the Foundation is actively working with authorities to investigate the incident and has urged users to update their Google Chrome browsers to mitigate such risks. This breach serves as a stark reminder of the importance of employee cybersecurity training, regular software updates, and robust security measures when dealing with cryptocurrencies. It underscores the inherent risks involved in cryptocurrency usage and the vigilance required to safeguard valuable assets.