Lympo, a sports NFT minting platform and an Animoca Brands firm, was hacked and lost 165.2 million LMT tokens worth $18.7 million, the platform said in a blog post on 10 January.
According to the short Medium report, the hack exploited ten separate project wallets. Most of the stolen tokens were sent to a single address where the funds were swapped for Ether on SushiSwap or Uniswap before being sent to other addresses.
Lympo claims that during the attack the threat actors connected to its internet-facing crypto wallet and used it to send/receive cryptocurrency.
“In response to this attack, Lympo enacted safeguards to ensure that no additional LMT could be stolen by the hackers. We are temporarily removing LMT from various liquidity pools in order to minimize disruption to token prices following the hack,” the company’s blog post read.
Following the security breach, the price of LMT has dropped to $0.01882, which is the current all-time low of the token, Coinmarketcap reported.
In response to this, the LMT team tweeted on 11 January that they were trying to stabilize the platform and are temporarily removing LMT from various liquidity pools in order to prevent further disruption of the token’s price. This is a remedial measure since after suspending the liquidity pool of the token, larger order volumes by traders are not fulfilled instantly, and traders also do not face any losses.
Lympo’s parent firm Animoca, a Hong Kong-based game venture capital company, stated that it is ready to support its subsidiary to deal with the challenges caused by the hacking. Animoca’s CEO, Yat Siu, released a statement that read:
“We are working with Lympo to assist them on a recovery plan, but we don’t have any specific mechanisms.”
This is the second hot wallet hack in the last week, with Liechtenstein-based crypto exchange LCX losing $7 million worth of tokens last Saturday. The hacker converted most of the stolen tokens to ETH and then sent them to the privacy mixer Tornado Cash. The team behind LCX has already stated that they will use their own funds to compensate the affected users.