Dear NULS Community:
As previously reported, NULS mainnet was recently compromised and 2 million NULS tokens were stolen from the NULS team account. After thorough investigation of the compromise, a vulnerability was discovered in the NULS transaction signature verification logic. The hacker(s) used a sophistically constructed transaction to bypass the verification link, the node confirmed the transaction and transferred 2 million NULS from the NULS team account (NULSd6HgbfkSuRGKSLJJzAPAihgDQtaUhuE4L) to the hacker’s address (NULSd6Hgie AzRMb6e1fKLu1xrfijnuRVRXY). These assets were then dispersed to multiple addresses with the intention of moving them to secondary market exchanges.
After detecting the compromise, the NULS team immediately contacted the exchanges to freeze the assets, urgently troubleshot the problem and fixed the vulnerability. The team then released a new version of the mainnet wallet and decided to perform a hard fork at the block height of 878000. At present, the adverse effects of the incident have been completely mitigated by the NULS team.
Of the 2 million NULS transferred by the hacker(s) from NULS team account, 548354.34696095NULS have entered the trading market, and we have communicated with the relevant exchanges to attempt freezing those assets. After the hard fork, the 1451645.65303905NULS that did not enter the trading market will be destroyed by permanently freezing them to avoid any further potential loss.
Asset security is the life of a blockchain project, and this security incident is a wake-up call for the NULS team, which will conduct more rigorous and comprehensive code reviews. Thank you to the NULS community members, node operators, trading platforms and industry media for their attention and support during this unfortunate incident.
As a result of these conservative security measures, there may be some NULS assets inadvertently locked on one of the major exchanges wallets. If you believe you have NULS assets that may have been inadvertently frozen, please contact the team and we will open a community proposal within the NULS governance mechanism to begin the process of unlocking those frozen assets.
Lastly, through the cooperation of some of the exchanges, we have obtained sufficient evidence against the perpetrators, and we will take legal action to hold them fully accountable.
Thank you for your patience and continued support.
NULS Team
December 24. 2019
Attached to this document is a list of all the accounts involved.
NULS Team Wallet Address
NULSd6HgbfkSuRGKSLJJzAPAihgDQtaUhuE4L
Hackers Address
NULSd6HgieAzRMb6e1fKLu1xrfijnuRVMHRXY
The following are the addresses the perpetrator(s) disbursed the NULS to and have been frozen
NULSd6HgdZh1GWTN7a6P92zThPC77EuDPt3N2
NULSd6HgjVAEJi5ZZZs7hyrPt4xMv3uGTucGj
NULSd6HgfSqGPCh97oXmGDD9rQqodNZbLivzc
NULSd6HgiVWU4LMyQts6YXPFYsuQz8vDZss7J
NULSd6HgfHVsVx1DYv9RouqKUyKnx6qwDtQMr
NULSd6HgU1DEYKJMwMnvxQmwY9C4CAMFsEGov
NULSd6HgX6CRCL8PnDU2rWCDWAo45Bv3nnHJa
NULSd6HghrwiGsdkvPLk6h3AmgiEayK9XgPcD
NULSd6HgexB2yTuB3UEvo1z62V2XeHeksWnNf
NULSd6HgTwwcmqb1AAxXFMjHQtwx5r96bjarV
NULSd6HgZn6h34EdiPZW3uftAwktqaxEP7Jr1
NULSd6HgYq9bZFPPYAT2AGfskNd2xBocE9DDG
NULSd6HggLHaWAgr57BzAujWujK7cnkdfUpDv
NULSd6HgY2RHpL5qUzSZY3e5dDXTS7kKTwwkE
NULSd6HgZn9PCmNMYEVLktW12NojNymk6JoFD
NULSd6HgcjP6h7xbVgBzTXEWVKSZrAW5JMgEe
NULSd6HghNkGyb8XHcFrsLj9mdxyHB3dwqLYh
NULSd6HgXjnzZjPQUqhxdsDnGQxinDPJ1wyUU
NULSd6HghLcS3B6kAc9929wSSX6F2gxTsCfjF
NULSd6HgfUkXZduCFcWieYA1t9sieEnz7jjxL
NULSd6HgeLcgDeAU3fJpwwf196kQdtJ6WhAyP
NULSd6HgfTFrdqGCiB1SXZY5WZBjSUtgPLVCJ
NULSd6Hggmxe4LDEcuYkfUVxJboJFdMA9vS2m
NULSd6HgZfkCMz4oVMm2Dp9qPu53zL9XpMDGo
NULSd6HgiW5AGRUqshNb6TqEZraRg1QUMaQ44
NULSd6HgaFggHtSTyBA9H8uCJo14FEcivvXzf
NULSd6HgiUvUtuyo2AK8xaXKBR7byo5AuK34T
NULSd6HgiCnpKWd22i3FKqy4EZSRcvyDGKWNb
NULSd6HgbvthvopoJjwcs8Y9xQbMTTgwLFjoz
NULSd6HgeLxxtebLWDhTuULMHe1NFTPDo6swg
NULSd6Hgd9RipQqzW19cpymhbLW1Pjeq4WkJA
NULSd6HgaAqUVTRWGGsdz3AhzGKAshUbRQiKX
NULSd6Hgeujp7b2Eox8TZzBHTfQYERzaMmCot
NULSd6HgWQJbdYVjA3NUsrVP9g8hbvimJsKLr
NULSd6HgjYpHJXbZ5mpzvRgG923nssNPRP188
NULSd6HgWCZHGDuAHgRnJSjoLhXoDmPFv5Sbm
NULSd6HgaYBps2XoqtGTJBp95Q3ET6M87oD36
NULSd6HgX6tbavRbQBzYdiUAWG1BW8gzSmFq9
NULSd6HgVtCN6CpceEKhRexa1zCJw6sXdBtqM
NULSd6HghSFFmFHPECZXrqv1Jo1ZmUZBbwuFM
NULSd6HgdeVgSdz6653mWv6VdQeoUMkEuYGgi
NULSd6HggqMzNMQ1khS6sHxmPss79pCYPPEgS
NULSd6HgfqCPU5AdwCbxQK62hd4q4USP27nAY
NULSd6HgVwvoGs69TfvUNcPm5W4x9UYcW1QdR
NULSd6HgXjfFD5HLYLm7vcNxjCM9x3iVZSvWR
NULSd6HgfY5oVvjkCLz7vyBRdPQXppCcRxkCR
NULSd6Hgd9mLzsEjGHFQ8igyzUEiGxCzG7mwg
NULSd6Hgh3NYZAnsEqb83iYzzHrKxpZQNpbyS
NULSd6Hgib3NyJWaGcNeMUyrAwBRhNp2zXYzi
NULSd6HgieAzRMb6e1fKLu1xrfijnuRVMHRXY
NULSd6HgWAwX7MbvcFSLYqMoyn88d5x3AcUww
NULSd6HgaHjr4Z7GdnGc3vNLgFvXWP55hzNNX
NULSd6HgZdGvSnxFPLHrLzpVzda4gtWvHKibT
NULSd6HgZSxNKeFG7AwEL8MVDGZa1KwE39fPP
NULSd6HgYLpfpPuZV9umGvYjJJX7EkKsUVukS
NULSd6HgcCf8NfvCBjmdvDWbanWL5cFYiB8DM
NULSd6HgZwFFYvEKppidUp7irjQFKADspQXaX
NULSd6HgfNf8oRpKL8gsiFsR9ZwXVebHrcDAz
NULSd6HgfuE7eRNu4wJrQV6fXKupuioL9cKri
NULSd6HgWZmG6MSNighAjziatrvuhM1LpCF9o
NULSd6HgbjaWQZrq3CoDZEed9RwAU3zyTeUAP
NULSd6HgawRRELcuKfvf4TeyidGLqFsHo9hgM
NULSd6HgaXkFL7uYEhvC8zqjkYDNY5GQwrHos
Access to exchange accounts :
NULSd6Hgfe2bkky5T1mgywEjvH3gSHj6pM867
NULSd6HgaXkFL7uYEhvC8zqjkYDNY5GQwrHos
NULSd6HgWjSEvk62icTJUUMHZEpJYoEuKjBR3
NULSd6HgdWEn39SoN4kYN5m5sSn27tSFwcBno
NULS — Nothing Makes Blockchain Easier
Join our social media and explore NULS!
Twitter Follow now
Reddit Subscribe now
Telegram Join now
YouTube Subscribe now
