Several days ago some sensors were triggered regarding a potential problem with Itheum KYC in Maiar Launchpad. At first, some users claimed that they can make multiple valid KYC with the same ID but different wallets.
That was soon confirmed and multiple users began to abuse this bug, I will use a specific address to explain the approach.
On the 23rd March, a transaction of 236.13 egld from Binance wallet was made to the following address: erd1dgsmcj9y3jj3srft3mm33qa4g0adyleujrez7044tve22cqnl28st3me38
Soon after it started to transfer 2.3 egld to wallets that were created with a script: 1 egld to delegate to staking and the rest was kept for buying the ticket. A total of 1282.41 egld were transferred from Binance to this wallet.
You can see the behavior on one of the addresses that were purposed for the KYC on Maiar Launchpad:
erd18hr0d7rng960tmap7wa782e03670pz6akwcp2qyzhywchhcreufshtu83q
I choose to post this now after the KYC has ended because I didn’t want to encourage others to do the same. I consider the approach fraudulent. Hopefully, the Elrond Team will consider it the same and steps will be taken in order to limit the damage while increasing the trust in the ecosystem.
What do you guys think will happen? Will this be considered legal? Will Elrond Team mitigate this? Should Elrond Team take measures against this practice such as invalidating the tickets but not returning the egld paid for the tickets? Feel free to comment below, I would love to see your take on this. A follow-up post will be made regarding the end results of this hack.
Should remove all and leave only one wallet per ID: with the biggest staked amount.
All egld should be confiscated and airdroped back to community in form of giveaway or raffle format 😀
Well thats the beauty of decentralised blockchain. They cannot confiscate any egld
Thanks, the team has responded….
Such accounts have been flagged, they will be unable to buy tickets, and will have the following status:
“Account rejected due to suspicious activity”