paint-brush
Tales From Crypto: Attacked But Not Defeated - We'll Come Out Strongerby@axion
1,051 reads
1,051 reads

Tales From Crypto: Attacked But Not Defeated - We'll Come Out Stronger

by AxionNovember 26th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

A subcontractor working for one of Axion's partners took advantage of their access and our trust to slip some unapproved code into our codebase prior to our mainnet launch. They then used the vulnerability to launch an attack that drained our Uniswap liquidity pool. The price of our token – Axion – fell to near zero, but the attack could have been a fatal blow. Thanks to the overwhelming support of our community, we were able to raise over $500,000 in only a few days – more than making up for what the attacker took from our liquidity pool.

Company Mentioned

Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - Tales From Crypto: Attacked But Not Defeated - We'll Come Out Stronger
Axion HackerNoon profile picture

Over the last few months, we at Axion have been hard at work building a groundbreaking investment-grade cryptocurrency option for the masses.

From the beginning, we've put our users first – secure in the knowledge that we were building something great that would create a steady income stream for all those investing in our vision.

But nothing worth doing happens without some adversity. And we've hit a significant bump in the road that threatened to destroy everything we've worked so hard to build.

It happened because a subcontractor working for one of our partners took advantage of their access and our trust to slip some unapproved code into our codebase prior to our mainnet launch. They then used the vulnerability to launch an attack that drained our Uniswap liquidity pool.

In the process, the price of our token – Axion – fell to near zero. It could have been a fatal blow.

It wasn't.

Thanks to the overwhelming support of our community, we were able to raise over $500,000 in only a few days – more than making up for what the attacker took from our liquidity pool. As a result, we were able to relaunch Axion on November 13th, less than two weeks after the attack.

But in the interest of full disclosure, we want everyone in the community and all those who will undoubtedly join us in the future to understand exactly what happened – and to understand what we're doing to make sure it can't happen again. And we also want to give you an update on how Axion's relaunch is proceeding.

A Detailed Account of the Attack on Axion

On November 2nd, we launched the Axion token, as had been planned for months. In getting to that point, our code had been examined for flaws no fewer than five times, including by cybersecurity industry standouts CertiK and Hacken. Everyone involved agreed that we were ready for a picture-perfect launch.

Unbeknownst to us, though, the code at launch didn't match what was approved by us and our auditors. A subcontractor working for Rock'n'Block, who we'd hired to handle some of Axion's development, made some changes designed to create a vulnerability in Axion's minting process.

That developer, Ilya Maximovich Solovyanov, did so to make it possible to execute the very attack we witnessed just a few hours after launch.

According to a press release from RockNBlock, they knew right away what had happened. They said:

…it is obvious that one of [our] engineers consciously substituted the code (which was tested and audited) for his own code containing the vulnerability. A few hours after the deployments, the suspect verified the code on Etherscan, thus proving malicious intent - only with source code with a vulnerability can the contract be verified. Then he took advantage of the vulnerability and withdrew the funds.

In a flash, Solovyanov minted and sold 79 billion Axion tokens. Needless to say, such an abrupt selloff decimated Axion's price, netting the attacker over $500,000 in the process.

A Heartening Response from the Axion Community

After some initial confusion – which we apologize wholeheartedly for – we at Axion and our amazing community of supporters came together to take stock of what had happened and find a way forward.

In the process, many of our early investors stepped up to staunch the bleeding and right the ship. We've also received plenty of support from CertiK, who understood right away that we'd done everything right and were the victims of an unfortunate and premeditated attack.

And we've also seen a small army of high-level developers from the community come forward to assist with our renewed development and deployment plans.

Because of that, Axion's relaunch on November 13th was possible. With the offending code removed and multiple sets of eyes on every step of the process, we were absolutely certain that we'd planned for every contingency and would achieve the success we should have seen the first time around.

Investors - Axion Stands With You

We recognize that while Axion was victimized, it was our individual investors and supporters who paid the price. And we want you all to know – we had no intention of letting you shoulder that burden alone.

To make good on our promise to you, the relaunch of Axion included steps that will help all of our stakeholders recoup their losses.

At launch, every holder or staker of Axion (or its predecessor, HEX2T) received an airdrop of the newly-reminted Axion tokens at a 1:1 ratio. There were no transaction fees and investors didn't have to do anything to make it happen. The new tokens should have just appeared in your wallets.

And it's important to note, we understand that many of you interpreted the unfortunate events on launch day as an intentional scam on our part to take advantage of your trust.

We don't blame you at all if you tried to divest your Axion and salvage some of your capital. And we know most of you didn't make back nearly what you put in.

That's why we also gave every holder of Axion a 1:1 airdrop based on their holdings before the flash crash. We wanted to do whatever it took to make sure to take care of everyone who was hurt by this malicious attack.

If you're still waiting on your make-good tokens, don't worry.

Just give us the time it will take to address all of our investors – we'll do right by each and every one of you.

We didn't even leave out investors who swooped in after the crash to scoop up the devalued Axion tokens because they believed they were a bargain. We know that not everyone follows our social channels and we weren't about to penalize them for making what they thought was a smart buy.

So, we compensated those post-crash buyers at a rate of $0.00025 per token (paid out in reminted Axion based on the value of the ETH they spent at the time). To protect ourselves, though, the offer was only valid for Axion purchased up until Nov. 3rd at 8:36 AM PST, which was when we announced the attack and our initial plans to relaunch.

A Relaunch into a New Era of Income Investing with Axion

We know that the unfortunate events of the past few weeks have been hard for everyone in our community. But many of you have stepped up to offer your support, encouragement, and continued faith in us and the Axion project. For that, we are eternally grateful.

And we're happy to report that Axion's relaunch is exceeding all of our expectations of success. Within the first hour of trading, the new Axion token drove over a million dollars in volume – validating our hopes that the community was still behind us.

Amazingly, that was just the beginning. With Axion debit cards and a mobile app for real-time tracking on their way, the only way to go is forward.

At the time of this writing, there were already 141 billion Axion tokens locked into our staking system. And that represents over 15,000 individual stakes. More importantly, many of you have chosen to commit to a long-term investment in the platform. In total, 840 of you have staked some or all of your holdings for the maximum - 5,555 days.

Those 15-plus year stakes include four billion tokens and counting. That's over $1 million in long-term investments in only five days. It's a remarkable show of support and confidence that we're humbled to have witnessed.

And there's every reason to believe that the best is yet to come.

On Friday, November 20th, we held the first of our weekly scheduled token auctions. We included a bit over 14 billion tokens, which raised about $8 million. The auction was a success raising over 1800 ETH in bets and helping Axion reach a new all time high.

As you know, 80% of the auction proceeds go toward open-market token buybacks – which is going to generate some serious upward price movement for Axion and a proportional share of token distribution to stakers. So, expect some great news in the coming weeks.

But in the meantime, we also wanted to announce one more thing. In appreciation of our wonderful community, and out of a desire to make Axion a positive force in the wider world, we've come to a decision.

Going forward, we're planning to donate 1% of auction proceeds (from the 20% reserved to further develop the network) to the Eden Reforestation Projects.

And because of the steadfast support we're getting from all of you, the first weekly auction has yielded enough funds to plant over 125,000 trees in deforested regions of the world.

Inch by inch, that will bring us closer to the goal of achieving carbon-neutrality as well as help to lift people out of poverty by paying living wages in the places the project operates within.

We also want you all to know that we'll be forever in awe of how amazing the whole Axion community has been through these difficult weeks. But thanks to everyone involved, Axion's back on track to fulfill its promise to everyone who believes in our vision for the future of income investing. And we can't wait to celebrate Axion's next great milestones with you.

Thanks to you all, Axion's safe, secure, and profitable. Axion survived because of the very people it's designed to serve.