Several days ago some sensors were triggered regarding a potential problem with Itheum KYC in Maiar Launchpad. At first, some users claimed that they can make multiple valid KYC with the same ID but different wallets.

That was soon confirmed and multiple users began to abuse this bug, I will use a specific address to explain the approach.

On the 23rd March, a transaction of 236.13 egld from Binance wallet was made to the following address: erd1dgsmcj9y3jj3srft3mm33qa4g0adyleujrez7044tve22cqnl28st3me38

Soon after it started to transfer 2.3 egld to wallets that were created with a script: 1 egld to delegate to staking and the rest was kept for buying the ticket. A total of 1282.41 egld were transferred from Binance to this wallet.

You can see the behavior on one of the addresses that were purposed for the KYC on Maiar Launchpad:

Over 700 addresses just like the one above were created. All validated by KYC and all able to buy a ticket to the Itheum lottery.
I choose to post this now after the KYC has ended because I didn’t want to encourage others to do the same. I consider the approach fraudulent. Hopefully, the Elrond Team will consider it the same and steps will be taken in order to limit the damage while increasing the trust in the ecosystem.

What do you guys think will happen? Will this be considered legal? Will Elrond Team mitigate this? Should Elrond Team take measures against this practice such as invalidating the tickets but not returning the egld paid for the tickets? Feel free to comment below, I would love to see your take on this. A follow-up post will be made regarding the end results of this hack.