Recent NULS Security Compromise Update

Image for post
Image for post

Dear NULS Community:

As previously reported, NULS mainnet was recently compromised and 2 million NULS tokens were stolen from the NULS team account. After thorough investigation of the compromise, a vulnerability was discovered in the NULS transaction signature verification logic. The hacker(s) used a sophistically constructed transaction to bypass the verification link, the node confirmed the transaction and transferred 2 million NULS from the NULS team account (NULSd6HgbfkSuRGKSLJJzAPAihgDQtaUhuE4L) to the hacker’s address (NULSd6Hgie AzRMb6e1fKLu1xrfijnuRVRXY). These assets were then dispersed to multiple addresses with the intention of moving them to secondary market exchanges.

After detecting the compromise, the NULS team immediately contacted the exchanges to freeze the assets, urgently troubleshot the problem and fixed the vulnerability. The team then released a new version of the mainnet wallet and decided to perform a hard fork at the block height of 878000. At present, the adverse effects of the incident have been completely mitigated by the NULS team.

Of the 2 million NULS transferred by the hacker(s) from NULS team account, 548354.34696095NULS have entered the trading market, and we have communicated with the relevant exchanges to attempt freezing those assets. After the hard fork, the 1451645.65303905NULS that did not enter the trading market will be destroyed by permanently freezing them to avoid any further potential loss.

Asset security is the life of a blockchain project, and this security incident is a wake-up call for the NULS team, which will conduct more rigorous and comprehensive code reviews. Thank you to the NULS community members, node operators, trading platforms and industry media for their attention and support during this unfortunate incident.

As a result of these conservative security measures, there may be some NULS assets inadvertently locked on one of the major exchanges wallets. If you believe you have NULS assets that may have been inadvertently frozen, please contact the team and we will open a community proposal within the NULS governance mechanism to begin the process of unlocking those frozen assets.

Lastly, through the cooperation of some of the exchanges, we have obtained sufficient evidence against the perpetrators, and we will take legal action to hold them fully accountable.

Thank you for your patience and continued support.

NULS Team

December 24. 2019

Attached to this document is a list of all the accounts involved.

NULS Team Wallet Address

NULSd6HgbfkSuRGKSLJJzAPAihgDQtaUhuE4L

Hackers Address

NULSd6HgieAzRMb6e1fKLu1xrfijnuRVMHRXY

The following are the addresses the perpetrator(s) disbursed the NULS to and have been frozen

NULSd6HgdZh1GWTN7a6P92zThPC77EuDPt3N2

NULSd6HgjVAEJi5ZZZs7hyrPt4xMv3uGTucGj

NULSd6HgfSqGPCh97oXmGDD9rQqodNZbLivzc

NULSd6HgiVWU4LMyQts6YXPFYsuQz8vDZss7J

NULSd6HgfHVsVx1DYv9RouqKUyKnx6qwDtQMr

NULSd6HgU1DEYKJMwMnvxQmwY9C4CAMFsEGov

NULSd6HgX6CRCL8PnDU2rWCDWAo45Bv3nnHJa

NULSd6HghrwiGsdkvPLk6h3AmgiEayK9XgPcD

NULSd6HgexB2yTuB3UEvo1z62V2XeHeksWnNf

NULSd6HgTwwcmqb1AAxXFMjHQtwx5r96bjarV

NULSd6HgZn6h34EdiPZW3uftAwktqaxEP7Jr1

NULSd6HgYq9bZFPPYAT2AGfskNd2xBocE9DDG

NULSd6HggLHaWAgr57BzAujWujK7cnkdfUpDv

NULSd6HgY2RHpL5qUzSZY3e5dDXTS7kKTwwkE

NULSd6HgZn9PCmNMYEVLktW12NojNymk6JoFD

NULSd6HgcjP6h7xbVgBzTXEWVKSZrAW5JMgEe

NULSd6HghNkGyb8XHcFrsLj9mdxyHB3dwqLYh

NULSd6HgXjnzZjPQUqhxdsDnGQxinDPJ1wyUU

NULSd6HghLcS3B6kAc9929wSSX6F2gxTsCfjF

NULSd6HgfUkXZduCFcWieYA1t9sieEnz7jjxL

NULSd6HgeLcgDeAU3fJpwwf196kQdtJ6WhAyP

NULSd6HgfTFrdqGCiB1SXZY5WZBjSUtgPLVCJ

NULSd6Hggmxe4LDEcuYkfUVxJboJFdMA9vS2m

NULSd6HgZfkCMz4oVMm2Dp9qPu53zL9XpMDGo

NULSd6HgiW5AGRUqshNb6TqEZraRg1QUMaQ44

NULSd6HgaFggHtSTyBA9H8uCJo14FEcivvXzf

NULSd6HgiUvUtuyo2AK8xaXKBR7byo5AuK34T

NULSd6HgiCnpKWd22i3FKqy4EZSRcvyDGKWNb

NULSd6HgbvthvopoJjwcs8Y9xQbMTTgwLFjoz

NULSd6HgeLxxtebLWDhTuULMHe1NFTPDo6swg

NULSd6Hgd9RipQqzW19cpymhbLW1Pjeq4WkJA

NULSd6HgaAqUVTRWGGsdz3AhzGKAshUbRQiKX

NULSd6Hgeujp7b2Eox8TZzBHTfQYERzaMmCot

NULSd6HgWQJbdYVjA3NUsrVP9g8hbvimJsKLr

NULSd6HgjYpHJXbZ5mpzvRgG923nssNPRP188

NULSd6HgWCZHGDuAHgRnJSjoLhXoDmPFv5Sbm

NULSd6HgaYBps2XoqtGTJBp95Q3ET6M87oD36

NULSd6HgX6tbavRbQBzYdiUAWG1BW8gzSmFq9

NULSd6HgVtCN6CpceEKhRexa1zCJw6sXdBtqM

NULSd6HghSFFmFHPECZXrqv1Jo1ZmUZBbwuFM

NULSd6HgdeVgSdz6653mWv6VdQeoUMkEuYGgi

NULSd6HggqMzNMQ1khS6sHxmPss79pCYPPEgS

NULSd6HgfqCPU5AdwCbxQK62hd4q4USP27nAY

NULSd6HgVwvoGs69TfvUNcPm5W4x9UYcW1QdR

NULSd6HgXjfFD5HLYLm7vcNxjCM9x3iVZSvWR

NULSd6HgfY5oVvjkCLz7vyBRdPQXppCcRxkCR

NULSd6Hgd9mLzsEjGHFQ8igyzUEiGxCzG7mwg

NULSd6Hgh3NYZAnsEqb83iYzzHrKxpZQNpbyS

NULSd6Hgib3NyJWaGcNeMUyrAwBRhNp2zXYzi

NULSd6HgieAzRMb6e1fKLu1xrfijnuRVMHRXY

NULSd6HgWAwX7MbvcFSLYqMoyn88d5x3AcUww

NULSd6HgaHjr4Z7GdnGc3vNLgFvXWP55hzNNX

NULSd6HgZdGvSnxFPLHrLzpVzda4gtWvHKibT

NULSd6HgZSxNKeFG7AwEL8MVDGZa1KwE39fPP

NULSd6HgYLpfpPuZV9umGvYjJJX7EkKsUVukS

NULSd6HgcCf8NfvCBjmdvDWbanWL5cFYiB8DM

NULSd6HgZwFFYvEKppidUp7irjQFKADspQXaX

NULSd6HgfNf8oRpKL8gsiFsR9ZwXVebHrcDAz

NULSd6HgfuE7eRNu4wJrQV6fXKupuioL9cKri

NULSd6HgWZmG6MSNighAjziatrvuhM1LpCF9o

NULSd6HgbjaWQZrq3CoDZEed9RwAU3zyTeUAP

NULSd6HgawRRELcuKfvf4TeyidGLqFsHo9hgM

NULSd6HgaXkFL7uYEhvC8zqjkYDNY5GQwrHos

Access to exchange accounts :

NULSd6Hgfe2bkky5T1mgywEjvH3gSHj6pM867
NULSd6HgaXkFL7uYEhvC8zqjkYDNY5GQwrHos
NULSd6HgWjSEvk62icTJUUMHZEpJYoEuKjBR3
NULSd6HgdWEn39SoN4kYN5m5sSn27tSFwcBno

NULS — Nothing Makes Blockchain Easier

Join our social media and explore NULS!

Twitter Follow now
Reddit Subscribe now
Telegram Join now
YouTube Subscribe now

Written by

Nothing Makes Blockchain Easier

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store