Truflation Confirms Malware Attack, Blockchain Analysts Estimate $4.6M Loss

Truflation, a Coinbase Ventures-backed blockchain project, confirmed on Wednesday that it suffered a malware attack but did not disclose the value of compromised funds.

“On September 25th, 2024, the Truflation team detected some abnormal activity,” the platform wrote on X. “We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement.”

The team noted that it is working round-the-clock with leading industry partners and trying to contact the attacker to retrieve lost assets.

Per Web3 security firm Cyvers, the attackers took control of Truflation’s safe address, leading to a loss of $4.6 million worth of TRUF tokens.

Blockchain investigator ZachXBT also flagged the threat on Telegram, mentioning that the project lost around $5 million in a hack. According to the blockchain sleuth, the funds were drained from “treasury multisig and personal wallets.”

Following the hack, Truflation halted its staking services to ensure the safety of assets. It also opened a reward to any white hats offering assistance in the investigation or recovery efforts.

No Customer Funds Compromised: Truflation

The platform confirmed to a user in an X chat that “no customer funds compromised.”

Further, the blockchain project also updated on the ongoing active investigations. “We are closely monitoring all systems to prevent further breaches,” Truflation said.

The project posted a video of CEO Stefan Rust who said that the malware was injected into the computers, most likely in Singapore during Token2049, held last week. “That resulted in getting access to treasury funds,” he added.

“There are no customer funds at risk,” he confirmed. “We are as transparent as we can and keeping you abreast of the situation.”

“We are working with the best investigators and crypto security experts to ensure that we can track this down.”

According to Zapper, attackers drained $3.89M in TRUF, $1.07M in ETH, and $236.7K in DAI from the team’s Ethereum wallets. They also stole other tokens including BNB, WETH, qSQTH, among others.

Screenshot from the video. Source: X

CEO Stefan Rust also noted that his personal account was hacked. Additionally, he warned about scammers who impersonate as Truflation team to ask user’s TRUF tokens.

“We will not ask you for tokens. There are already additional scammers coming out there and asking you to deposit a stake and return your TRUF tokens and they will burn it. Don’t listen to those sites.”

This comes at a time when Truflation is coming up with a bunch of exciting announcements. “I am super excited and disappointed,” Rust added.