A Real-World Million Dollars DeFi Incident Response

Victor Fang, AnChain.AI, 2020/10

Disclaimer: Based on a recent real world incident response conducted by AnChain.AI team in San Francisco. Due to the client’s confidentiality agreement, this article has removed all PII data.

Image for post
Image for post
Schrodinger’s Cat in DeFi Dark Forest

1 — The million dollar cat lost in quantum state

“Victor, there? ”t

A text message from my investor. It was 8:27pm in San Francisco.

I frowned. When a VC calls at night, it is either something extremely good, or extremely bad.

I had a feeling it was going to be bad:

“My friend’s Metamask got hacked. DeFi. Millions. 😢 ”

I texted back: “Ask them to call me.”

Minutes later, a “650-” phone number called. Catherine, in a trembling anxious voice, explained what happened. She’s an investor in a San Francisco based VC firm, and her Metamask wallet was hacked. …

Image for post
Image for post

What kind of manpower is required to explore a cryptocurrency500+ DeFi Detectives tracing over 25,000 distinct transaction trails and billions of dollars in cryptocurrency unraveled some of the most critical mysteries of the DeFi ecosystem in just 2 weeks! From the biggest whales in the ecosystem, to its most definitive hacks and controversies, our participants solved mystery after mystery in pursuit of the grand prize.

DeFi Detectives attracted fierce competitors from all walks of life, from experienced blockchain security specialists like winner Peter Kacherginsky, Principal Blockchain Security Engineer at leading exchange Coinbase, to students, bartenders, and active-duty military, the diversity of our participants may be the thing we’re most proud of. …

Last night, seemingly without cause, Bitcoin’s price plunged by 3%, a $6.3 billion dip in its total market cap. Slowly, over the course of the ensuing hours, the news trickled in: cryptocurrency exchange OKEx suspended withdrawals amidst an investigation by Chinese authorities.

Image for post
Image for post

Four questions naturally arise:

  • What happens before a Bitcoin price jump or drop?
  • What are the main drivers?
  • Is there any way we can predict it before it happens?
  • Who are the main players responsible for that price change?
Image for post
Image for post
Fig 1: An 11% spike in Bitcoin price on July 27th 2020, associated with a $1.63B trading volume

You’ve probably asked yourself one of the above questions at least once. These are the golden questions investors are trying to answer everyday. Retail investors simply hope that the price movement will be positive so that they won’t lose the savings that you decided to invest in cryptocurrencies. But most probably you don’t really have time to follow the market everyday and your investment is mostly a bet on Bitcoin as a whole. …

To view the full version, including a more detailed analysis of the code, visit our Github here.


On Sep 20, 2020, the liquidity mining project DeFi Soda.Finance was hacked by malicious actors, who subsequently liquidated over 400 ETH (around $160,000) from the Soda loan pool. In this blog, we will walk thru the hack incident, and show how we can apply formal verification could have prevented it.

Image for post
Image for post

Here are some screenshots of the hacking transactions:

Image for post
Image for post

In just the first half of 2020, over $8 Billion in transaction volume passed through cryptocurrency mixers. Major exchanges such as Binance have become increasingly wary of any affiliation with mixer transactions. But what exactly is a cryptocurrency mixer? What does it do? How does it work?

Image for post
Image for post
Figure 1: All of the world’s leading exchanges experience significant exposure to mixer inflow and outflow

CoinJoin, Wasabi, Whirlpool, and more. Most have heard these names, many more have used these and other services, but taking a deeper look into their methods will help us all better understand why exactly they are so controversial.

The Fundamentals

For the most part, cryptocurrency mixers do exactly what their names would imply: they provide services that mix and shuffle cryptocurrency. For a small fee, mixers allow users to obscure the exact chain of custody of their funds and, consequently, secure their privacy. …

Image for post
Image for post

AnChain.AI, the leading blockchain security firm, has announced that Gala Games, the blockchain gaming platform headed by the legendary Zynga co-founder Eric Schiermeyer, has successfully passed its comprehensive smart contract security audit.

AnChain.AI performed a rigorous security audit of the Gala smart contract, ensuring that all implementations are following best practices on all attack surfaces. By leveraging both the patented CAS auditing sandbox and expert manual audit, it covers: static, dynamic, and statistical analysis, business logic auditing, gas analysis and governance auditing. The successful completion of this security audit provides the highest degree of community confidence and protection.

Said AnChain.AI CEO and Co-founder Dr. Victor Fang of the engagement, “In 2018, MIT Tech Review featured AnChain.AI 3 times in a widely circulated article regarding blockchain security. In the past 2 years, we are proud to be trusted by industry leaders like Eric Schiermeyer, who prioritize the decentralized community’s digital asset security above all…

Image for post
Image for post

Welcome detectives! Not sure where to start your investigation? Not to worry, we’ve created this quickstart guide with the specific intention of giving you a head start in your DeFi sleuthing.

If you still have questions that need answering, leave a comment, reach out to us on Twitter @AnChainAI, or email us at info@anchain.ai

Signing Up

You’ll need to sign up in order to be eligible to win over $700 in ETH prizes or participate in the raffle! If you haven’t signed up already, you can do so here.

The Case Files

DeFi Detectives features two different case files to provide ample challenge for detectives of all experience levels. …

September 5th, 2020 8am PST; Victor Fang, AnChain.AI

At 5:00 am PST, 9/5/2020, the red hot DEX SushiSwap’s founder, Chef Nomi, suddenly “migrated” 5 million Sushitoken and pocketed 17,971 ETH ($6.3 million). Immediately the Sushitoken price crashed by half to $2, vaporizing $130 million market cap. DeFi investors are anxiously and rightly wondering: is SushiSwap another exit scam?

Image for post
Image for post
Fig 1 : 5 Million Sushi tokens large volume transactions detected by AnChain.AI CISO. Left center is Chef Nomi’s developer team’s wallet.

Image for post
Image for post

While AnChain’s own Dr. Victor Fang delivered his keynote presentation at DEF CON 28’s Blockchain Village on August 8th, it wouldn’t be a proper DEF CON experience without a challenge to go along with it.

The AnChain.AI team is proud to announce the successful conclusion of the world’s first blockchain investigation contest: Bitcoin Bounty Hunters. We’re committed to democratizing blockchain investigation, and we couldn’t be more thankful to the incredibly diverse pool of over 100 participants from DEF CON, Blockchain Village, and beyond!

I really enjoyed using the CISO tool to visualize the network like this! It made examining and tracing transactions a breeze. I liked how the questions increased in difficulty, forcing you to probe deeper into the network. …

On August 8th, 2020, AnChain’s own Dr. Victor Fang presented the keynote at DEF CON Blockchain Village — Twitter’s Tax Day Disaster: The Beginning (and End) of Mainstream Crypto Scams. The full presentation can be found here.

#Safemode became the unintended theme of DEF CON 28 in the wake of COVID-19’s ongoing rampage, but even still we were proud to welcome an audience of over 20,000 to the convention. We couldn’t have asked for a better crowd to receive our latest news, as we offer the community the ability to operate more safely than ever before on the blockchain.

And perhaps no event better encapsulated these capabilities than the July 15th Twitter hack. …



Blockchain data analytics firm providing security, risk, and compliance solutions.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store