The Cyberattack Against HeroFi: What Happened, and what we are doing about it
HeroFi has recently experienced a security attack with the $ROFI Token. What really happened, and what did HeroFi do to fix it?
The last week has been humbling for all of us at HeroFi, with a series of events taking place. In order to provide the best user experience possible, update patch 1.00.05 was released with many important changes, particularly the reward mechanism for different star ratings in the Game. However, this is barely anything compared to the $ROFI Token attack on December 5th.
Now that things are under control, we wanted to take a moment to provide updates and some perspective from our development team, as well as what measures we’ve taken and will implement to protect users from similar incidents in the future.
On December 5th, HeroFi’s security system was the target of a security attack that targeted the data assets of tens of thousands of users, along with the team’s control of the $ROFI token. Fortunately, the Hacker has not been able to access user data in this attack. Nonetheless, the control of $ROFI was “stolen,” forcing us to immediately shut down all $ROFI-related operations.
We — the development team — place a high value on data security and system safety, and we are committed to upholding that responsibility. Unfortunately, this time we were out of luck.
Security breaches against technology companies are not uncommon, and the frequency of events involving Blockchain-based security systems is increasing, according to the development team’s best estimates. What we can do is always try to put in place security measures that keep us one step ahead of them. We sincerely apologize for failing our duties.
As of today, with the remedial efforts progressing well and the system returning to normal, we believe it is necessary to update information on the situation, as well as explain clearly explain the steps we are taking to regain trust from the gaming community and investors.
What happened?
The $ROFI attack drained the old Contract address of liquidity, plunging the $ROFI price into the abyss and sending many users and investors into a frenzy.
Because this is a privacy-related event, we may not be able to share too much information. But, in a nutshell, the bad actor leveraged their knowledge of technical systems, along with specialized tools and capabilities, to gain access to the network, and then used algorithms to mass generate $ROFI token and sell them on the market.
People can check out the villain’s actions at:
https://bscscan.com/address/0x395bc45ae73fe964d0f40ea03371eb55e7b88d2f#tokentxns
- ROFI was hacked at: https://bscscan.com/block/13207540
- Time of snapshot: https://bscscan.com/block/13207778
In short, this individual had succeeded in breaking in and taking control of $ROFI.
Plan of action — Maximizing customer benefits
Immediately, the HeroFi team halted all $ROFi-related activities on DEX exchanges, as well as closed the https://app.herofi.io page, which included the Marketplace, Shop…, and rushed to develop declaring treatment and remedial plans.
As a result, the following is the sequence of steps:
- $ROFI Contract Change
After being attacked, $ROFI’s liquidity was depleted, and the price of $ROFI plummeted precipitously. The best option is to use methods to ensure stricter and more secure security when changing the new Contract address.
The $ROFI address will be changed to:
0x3244b3b6030f374bafa5f8f80ec2f06aaf104b64
https://bscscan.com/address/0x3244b3b6030f374bafa5f8f80ec2f06aaf104b64
2. Add Liquidity for a New Contract
We added liquidity for $ROFI Token as soon as the new Contract address with full security method was confirmed before communicating it to the community.
During this process, we will return the new $ROFI to its pre-attack price of $4/ROFI.
3. Distribute $ROFI to each wallet address up to and including the time of the attack
Before implementing any solution or plan to deal with the consequences, the HeroFi team agreed that it is critical to ensure that all $ROFI of users’ security is preserved before the time when $ROFI is attacked.
Please add the new $ROFI contract to the wallet for users/investors who did not trade between the time of the hack and the time of the snapshot. Tokens will be automatically returned to users’/investors’ wallets.
- For users/investors who traded between the time of the hack and the time of the snapshot, please fill out the form below as soon as possible to receive a refund of BUSD/BNB (depending on the case). Specifically:
- For ROFI buyers, the capital will be refunded in BUSD/BNB, but no ROFI tokens will be returned.
- For ROFI sellers, the ROFI number will be refunded in the same manner as before the transaction, subject to the return of the respective swapped BUSD/BNB part.
User/Investor transactions from the time of the hack to the time of the snapshot will also be refunded in BUSD/BND after completing the following form: https://forms.gle/oerBYNeQcQDkCuiG7
4. Run the BUYBACK $ROFI command
“If you want to go far, you have to go together,” is a quote that the HeroFi team uses every day.
HeroFi is a project with the development team that aims to bring GameFi to the world. Because this is a long-term project with a lot of passion, we’ve decided to:
- Use all Marketplace sales in the last 30 days ($150,000) to execute a BUYBACK $ROFI. order
- After BUYBACK, all $ROFI will be BURN.
Playing together, going together, developing GameFi together, HeroFi always puts the User/Investor first before making any major decisions.
The fact that BUYBACK $ROFI with the development team’s income is only an action to solve and overcome the consequences of the cyberattack, but it is a sincere intention and is proof of a key project from the HeroFi development team.
In the near future, the BUYBACK order will act as a subsidy for $ROFI; whenever the average price of $ROFI falls below $4/ROFI, a BUYBACK order will be executed.
✅ Check out the BUYBACK Wallet: https://bscscan.com/address/0x4618cd99a5adbfd80e2de38467ca988741a204e5
✅ Check out the BURN transactions at:
https://bscscan.com/tx/0x1931363401c0325867c6a05c159fc6b98ef47ae1932496d5e5f871deb0d3a969
Our Path Forward
We know that the bad actors out there will continue to evolve their method every single day. However, it is not because cyberattacks are becoming more common that we, the HeroFi development team, are once again ignoring security options. HeroFi is taking significant steps to strengthen security layers and raise awareness of the cybersecurity approach.
A series of events awaits in the fourth quarter of 2021, accompanied by an upgrade to the security system. Legend Guardians will be added to ROFI Multiverse in the Open Beta version — another world, a whole new game experience.
ROFI Multiverse and HeroFi are officially BACK!!!!
