A smart contract was compromised using a key that only the original Meerkat developer was meant to have access to.
After $31 million worth of crypto assets was swiped from the wallets of Meerkat Finance, alarm bells started to ring.
It had only been a day post-launch, but the finance project, which was built on the Binance Smart Chain, had apparently been compromised.
Meerkat Finance took to its official Telegram channel yesterday to alert users that its smart contract vault had been tampered with.
Shortly after the message went live, about 73,000 Binance Coin and 13.96 million BUSD were swiftly transferred out of the project’s wallets, landing in several new blockchain addresses.
It appears that the smart contract which contained the project’s core business logic had been altered, using the key that only the original Meerkat developer was supposed to have been able to access.
Was a Private Key Compromised?
The fact that a Meerkat developer’s private key was used has roused suspicions that this was an inside job, rather than the possibility that the private key was compromised.
Further allegations of fraud were made after both the Meerkat website and its Twitter account were subsequently taken down. It's also been claimed that the founders can’t be reached, which has made most believe that this was a rug pull, where developers could have run off with the cash.
Many of those who lost money have taken to the Binance community page in the hope that someone can help them claw back their investment, while others have been combing the data to track the stolen funds.
If the Binance team can confirm that it was a rug pull, there’s a possibility that they could rollback transactions on the blockchain — something that’s only possible due to the centralized nature of the Binance blockchain.
