Rogue Dev Rugs SocialFi Project
On January 25th, 2023, SaharaFi, a groundbreaking SocialFi project on the Cardano blockchain, experienced a rugpull orchestrated by an anonymous developer contracted to work on the platform.
On January 25th, 2023, SaharaFi, a groundbreaking SocialFi project on the Cardano blockchain, experienced a rugpull orchestrated by an anonymous developer contracted to work on the platform. This unfortunate incident resulted in the theft of nearly 100,000 ADA, compromising both deposited user funds and protocol-generated fees. Despite the setback, SaharaFi initially gained significant traction as the first SocialFi project on Cardano before the security breach occurred. This article delves into the SaharaFi platform, its launch, the hack it faced, the concept of SocialFi, and more.
More about SaharaFi and SocialFi
SaharaFi, an innovative social media platform, redefined the landscape by introducing the concept of SocialFi — melding social interactions with financial elements. Users were required to deposit 20 ADA to authenticate their profiles, setting the stage for a unique blend of social networking and investment opportunities.
On SaharaFi, users could buy and sell “keys” linked to individuals’ profiles. As more users invested in a person’s keys, the price of those keys would rise. This dynamic marketplace allowed users to not only connect with others but also invest in the success of their peers. Effectively, SaharaFi turned social profiles into tradable assets, creating a novel form of social investment.
The financial aspect of SaharaFi became a double-edged sword. The platform’s success in fostering a community where users could profit from social interactions led to over 92,000 ADA accumulating in the platform’s wallet. Unfortunately, this financial success attracted the attention of a rogue developer who exploited a vulnerability, draining the wallet and transferring the funds to a Centralized Exchange (CEX).
Launch and the Days After
SaharaFi made its debut on January 22nd, 2024, garnering widespread enthusiasm from the Cardano community eager for a decentralized social media network. The platform attracted numerous users who verified their accounts by depositing 20 ADA. A unique trend emerged as users began purchasing each other’s keys, augmenting the value of their social profiles. By the morning of January 24th, SaharaFi boasted 1090 users, 7267 posts, and 1341 messages.
Shortly after, Hyena Coin, the platform’s creator, announced an upcoming upgrade for SaharaFi. Approximately 30 minutes later, the upgrade commenced, temporarily disabling withdrawals. Hyena Coin promised users a vastly improved platform post-upgrade, featuring enhanced speed, error-free deposit and withdrawal processes, and heightened security.
Amid the upgrade, concerns arose when the founder of the Hyena group informed the Discord community that an attempted exploit on user funds however all funds were secure and there was nothing to worry about.
Later that evening, the Cardano community learned about the potentially missing funds through a Tweet by Noodz, founder of The Alexandra Project, who posted a Wallet Profiler screenshot of the SahariFi funds wallet showing a balance of 2 ADA. This led to much speculation among the community about what happened to the funds.
Discovery of Missing Funds & Aftermath
The next morning the Hyena Coin account confirmed on X that funds had been drained from the SaharaFi wallet totalling 94,000 ADA and were taken by the projects lead developer known as “LovelyDev” on discord. The ADA was withdrawn to the wallet and then later sent to a centralized exchange. The project advised it is working with authorities and centralized exchanges.
Mr. Whiskers, founder of the Hyena Group, later announced that the funds had been deposited on Gate.io a popular centralized exchange. SaharaFi reached out to authorities as well as the exchange in an attempt to freeze the funds and recover them to refund users of the SocialFi platform.
A day later, blockchain detective Bobcorn’s tweet on X uncovered an intricate scenario surrounding LovelyDev and another discord account called Climax, with allegations of identity deception. Despite LovelyDev denying involvement and pointing fingers at Climax, subsequent evidence revealed in private messages indicated that both discord accounts were controlled by the same individual.
Latest Updates
On the afternoon of January 27th, the official HyenaCoin account on X provided a crucial update, stating that their incident report to authorities has been finalized. Additionally, the Gate.io exchange has confirmed the identification of the thief’s account and expressed a willingness to collaborate with the project. Importantly, the funds in the thief’s account have been successfully frozen, allowing authorities to initiate an investigation with the potential to recover funds for project refunds.
The project also communicated that they held discussions with several teams to determine the next steps and affirmed their commitment to ongoing platform development. While reiterating that they currently lack the 92,000 ADA required for community refunds, the project assured stakeholders that they are actively working towards a resolution to facilitate the reimbursement of funds. The envisioned strategy involves utilizing generated revenue from the SaharaFi platform, directing it towards refunds until all affected users of the hack have received their funds.
Takeaways
Secure Multi-Signature Wallets: Projects should prioritize the use of secure multi-signature wallets, employing multiple trusted key holders to enhance the security of project funds.
Developer Identification: While developers may opt for anonymity in the public eye, it is crucial for projects to have knowledge of the individuals they hire. Understanding the identity of team members can reduce the likelihood of malicious actions, fostering a more transparent and accountable development environment.
Vigilance in Project Oversight: Regular and thorough oversight during platform upgrades and maintenance periods is essential. The SaharaFi incident highlights the importance of maintaining vigilance during such phases to promptly address potential vulnerabilities and ensure the security of user funds.
Conclusion
The SaharaFi saga serves as a cautionary tale within the evolving landscape of decentralized platforms. From its promising launch to the unfortunate security breach, the incident underscores the imperative for heightened security measures, careful team selection, and continuous vigilance in the dynamic realm of blockchain projects. Users who engaged with SaharaFi are urged to revoke app permissions here.
SNEKbot by DexHunter on CARDANO
Cardano's Telegram Trading Bot live on Cardano mainnet!TRADE NOW!
