CryptoCart — Post Mortem and Recovery Timeline

Here is a short timeline establishing the facts of what happened.

- On 1st November at 1:16 UTC liquidity was removed from Uniswap.

Identifying Security Flaws and learning lessons.

First and foremost, liquidity was unlocked at the time that this happened, putting the liquidity pool at a higher risk of a breach. The only way we understand that liquidity can be pulled is if an unauthorized person had access to the private key for the deployer wallet, which was the owner of the liquidity lock on UniCrypt V2 and therefore UniSwap.

Preventing breaches in future — Security Improvements

After some discussions we have brainstormed the safest and most secure way to re-launch the token with multiple additional layers of security that will make security breaches of this nature completely impossible and prevent unauthorised individuals from gaining access to the deployer wallet. Additionally, there will be multiple redundancy measures put in place so that if the deployer was ever compromised and anyone did gain access to the deployer wallet, they would not be able to do anything nefarious or carry out any transactions at all, even if they had full access with the private key.

The Roadmap Ahead — Recovery and Summary

We have compiled a short timeline below to summarise our four recovery steps, some of which have been achieved already, and the rest of which we aim to achieve very shortly so that we can get back on track and live with CC V2.

1. Secure & Investigate
2. Learn & Prevent
3. Audit & Redeploy
4. Airdrop & Automation

Firstly, we have secured and investigated all aspects of this breach with all of the resources we could pull together, resulting in this post-mortem article.

What about BSC?

Some additional aspects to note are that, with regards to the current V1 BSC CC token, we will be attempting to counteract some of the sell pressure caused by panic sellers as best as we can on the BSC token temporarily, using our own personal funds to buy back and burn CC tokens. This will not be done using the recovered funds, and we will be using our own personal funds.

Final words from the team

Most importantly, we would like to apologize for everything that has happened in the past few days. We understand the immense stress and human impact this incident has caused to each of our holders, stakers, advisors, and everyone involved in the project. Our hope is that the steps we have taken
and are continuing to take are sufficient in showing everyone just how committed we are to the success and continuity of CryptoCart moving forward.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store