In the spirit of full disclosure and transparency to the community and delegates, we are sharing all the
details as we know them. This post will be broken into a few parts to make it easier to read.
Oct-23-2022 03:46:59 PM +UTC, the
Sundara.eth Orchestrator wallet (
0.03 ETH out to an unknown wallet (
0xfb8c3ba8a46014400487f2fb4d539a5ff7bc367d) on Layer 1.
While this seems like a tiny figure, Titan-Node correctly pointed out, in effect, the wallet on L1 was cleaned out, a fact that seemed almost surreal to us having moved to L2 with funds still intact there.
Since this wallet was never interacted with manually (after moving to Layer 2 only the Livepeer binary uses it) it was, after careful review, unfortunately deemed to be compromised.
The issue was brought to my attention on Twitter by https://twitter.com/annhandt09 which I ignored as a poor scam attempt. The Twitter user dropped me an email explaining that his wallet lost approximately $600 worth of ParagonDAO tokens after my wallet sent 0.03 ETH to an unknown wallet which then sent him ETH post which he lost his tokens. He could search for details thanks to ENS and Twitter where
Sundara.eth is linked in my bio. As English is not their first language, the tone of the email did not come across as genuine made worse by the fact that the email had two videos as attachments.
I took this as another attempt to ship malware embedded in a video and ignored it.
The irony of attempting this on a Livepeer Video Orchestrator was not lost on us.
It was only after they started posting on random Github projects and the Livepeer Discord accusing me of being a scammer that we actually bothered to look into the issue.
The fact that the
Sundara.eth wallet held over
1 ETH on Layer 2, with
0.25 ETH and
71 LPT in the Livepeer contract which was not yet stolen lulled us into further complacency, no excuses.
We could not get ourselves to believe that a hacker would
- Clean the wallet on Layer 1 (approximately
0.03 ETH) but…
- Leave $2500 worth of ETH + LPT on Layer 2 untouched on the same wallet (WTF!)
It simply did not add up and we spent way too much time trying to figure out if either of the two partners with access to the wallet had accidentally mistyped an address and mistakenly sent funds to
Today we withdrew all funds from the Livepeer contract and are in the process of rebonding to a new Orchestrator wallet and are informing our delegates of the issue requesting them to re-stake with the new wallet address: 0x5CaaaB7626eDc7123cF8484EdBC66a875DD32CC9 which will resolve to Sundara.eth shortly.