Report about the volatile price movement today
Today, the MINT price suddenly dropped by a large amount, and at the same time we received a message from a holder asking us for help in locking the wallet (which is actually not possible). He mentioned that his wallet was hacked and all of his MINT tokens were moved to PancakeSwap and dumped out quickly. Due to that incident, the MINT price dropped massively and then moved back up by 50% thanks to the strong community support.
Timeline of this incident
1:00 pm UTC - We received a report that one whale who had about 77B MINT tokens was hacked and he asked us if it's possible to ban or lock the wallet (0xc965a9789e960dfc3f5109df2b6d0c2c51292925). When we checked his wallet, all the MINT tokens were already dumped out quickly via the PancakeSwap.
1:09 pm UTC - We reported this case via the Binance Labs hotline to see if we can monitor and suspend the hacker’s wallet withdrawal just in case the hacker tries to cash out via the Binance exchange.
1:15 pm UTC - The hacker used a Tornado mixer to make it hard to track the transactions.
1:50 pm UTC - Due to this incident, there was huge traffic on the Mint.club website and the realtime user counts spiked up over 3K, so the server was slow temporarily.
2:00 pm UTC - We fixed this issue and now the website is fully back up.
Any security issues?
No, there are NO security issues. We have checked the Mint Club smart contract, company wallets and also done a site security check, etc. and found that all important pipelines are safe and well controlled under our strong security policy. This incident was from one big whale’s wallet getting hacked. It had nothing to do with Mint Club.
Who is the victim?
Due to data protection, we’re not able to reveal his identity. He received the MINT tokens during the 2 week period of token swap by burning 776,349 HUNT tokens (at that time the HUNT tokens were worth ~$240K tokens).
And he moved his 77B MINT to 0xf27fe55625933fd438d69344b2bbc4e4df28d5ea today. He explained that he tried to stake the tokens on Nutbox from this wallet. But he said for some reason the wallet button did not work. He mistakenly thought that this was the problem of his wallet, so he moved the tokens to another wallet 0xc965a9789e960dfc3f5109df2b6d0c2c51292925 to try again.
Unfortunately, the wallet he moved the tokens to seems to have already been hacked but he did not know about this. As soon as he moved to that wallet, the tokens were immediately dumped out via the PancakeSwap.
About the rumour (why was the victim’s token originally issued from 0x000 address?)
Probably some newbies on this project do not know about how the MINT tokens were launched with the fair launch spirit.
MINT token did not have any token sales and no free team allocations. MINT token was ONLY minted by swapping HUNT token (ERC20 token, listed in Upbit exchange) during the pre-sign up period in order to create a solid early community base. The swap ratio was 1 HUNT : 100,000 MINT.
This is why the victim's address (0xc965a9789e960dfc3f5109df2b6d0c2c51292925) got the MINT tokens from the 0x000 address. ALL THE MINT holders who swapped by burning their HUNT tokens received MINT from 0x000 wallet, so please DO NOT SPREAD FALSE RUMOURS that the wallet is from the team. The team has NOTHING TO DO WITH this whale or this incident.
Any solution to help the victim?
Unfortunately, there may be very little to help him at this moment. The hacker already used the Tornado mixer to prevent tracking. Also, the MINT tokens were already swapped to BNB by the hacker.
Next steps for the team
Because of this incident we have discovered that the following tasks should be more prioritised at the moment.
1. Server upgrade
Luckily our backend structure was really well designed and highly efficient, so there were no servers down even though the Mint Club website traffic was way higher than the max capacity. However, we concluded that the server capacity should be upgraded so that we can be ready for the mass adoption to the Mint Club ecosystem.
We will schedule the server upgrade work soon. When this task is performed, the website may be temporarily down due to the server migration. We will notify the community of the schedule first before we do this work.
2. Liquidity pool
When the hacker dumped 77B MINT tokens (about 7% of the total supply) into the liquidity pool, the price dropped too quickly. Mint Club is NOT a yield farming platform, so creating a large LP is kinda limited. But we will do our best to improve the liquidity capability to meet the large trading volume with the following tasks:
We will create a well-designed liquidity pool providing page on the Mint Club website so that any newbies can easily provide their MINT and BNB tokens on the liquidity pool and earn the trading fee rewards. Also we will list our 3rd party staking partners on the page together so that our users can maximise their yield.
We will look for more partnership opportunities with other yield farming platforms to gather more liquidity providers for MINT/WBNB pool.
We will make the centralised exchange listing discussion a higher priority so that the large trading volume can be consumed with CEX together.
To be concluded
Mint Club is very new and the vision of this project is also new to the crypto scene. We have huge potential to grow and we have a very strong growth plan during the Binance Labs Incubation program. Luckily, many people in the crypto world can see the potential in our vision and Mint Club has become a very hot platform in the BSC ecosystem.
We will utilise this incident as a lesson learned to help the Mint Club ecosystem jump higher and make a sustainable tokenization platform for all with zero complexity.