Let’s look at the story so far. The EthereansOS token ($OS) was built on a beta version of their standard token Item v.2. The team founded a possible malicious exploit before hackers and used it to save people before any bad actor in the Ethereum network discovered it!
Summary
A White Hat Rug Pull
Now, let’s look deep in the thing:
In just under 10 hours, despite requiring multiple simultaneous actions, the funds were returned to users, and everything was back to normal. It is more remarkable considering that such an event occurred in the week that more than three protocols were hacked, and investors lost hundreds of millions.
A ‘White Hat Rug Pull’ is a highly complex operation in which the team behind a project performs a Rug Pull (removing all the liquidity of a token on a DEX) for non-malicious purposes (as is usually the case) but to save users’ funds and return them. The name “White Hat” comes from “White Hat” Hackers, who, having found a bug in the security of software, do not exploit it for personal gain (e.g., stealing money from a DeFi protocol) but contribute to its resolution before others can notice it and take advantage of it.
For the EthereansOS team, the Rug Pull of funds was the only possible solution after discovering a major bug in the old token (now renamed on-chain “WrongOS”). With this bug, any user could have minted an infinite number of tokens and made a rug pull of all the liquidity on AMMs pools.
The old token (not supported anymore by the EthereansOS team) has this contract: 0xfdb29741f239a2406ae287913ef12415160378d3 (don’t buy or trust this wallet, it is no longer supported by the team and is mintable by anyone).
The team exploited this bug in their token’s code before anyone else noticed, which requires a lot of speed and organization to manage all the necessary actions. Let’s look at the main ones:
- Bug resolution and deployment on Ethereum of the new $OS token (and of the new Item protocol)
- Minting of old tokens in sufficient numbers to dump them into OS-USDC and OS-ETH Uniswap pools
- Rug Pull by dumping the old OSs into the above pools. They were all sold to take the ETH and USDCs to be returned to users.
- Users’ ETH and USDCs went directly to the “Claim” contract, through which everyone can now take back what they owned (including new $OS). This action was made possible by the snapshot described above. In addition, when claiming their tokens, users receive an ETH reward of 0.02 if there were at least 20 $OS in the wallet and 0.15 if $OS and ETH were locked in farming contracts.
- Snapshot at block 13506003 (the exact block before this WHH). Thanks to this operation, the amount of OS/ETH/USDC present in all wallets or pools (both farming and non-farming) has been saved, and users can claim the exact amounts of $OS they held (also both OS, ETH, and USDC from LP fees, LP liquidity and farming rewards) via the website https://os.ethos.eth.link
All of the amount claimable are in the new token Ethereans (OS) which has this contract: 0x6100dd79fcaa88420750dcee3f735d168abcb771. Ethereans is built on top of the upgraded and final version of Items v.2 with the infinite mint issue solved and more functionalities.
EthereansOS team anticipates hackers
But that’s not all. While CTO Marco Vasapollo and the rest of the team sorted out the problem, CEO Alessandro Toschi was live on YouTube for the duration of the operation to reassure and answer questions from anyone concerned about what was happening.
The live record is available here:
More info about the issue on Medium.
A lesson in Crisis Management
The result is an extraordinary lesson in Crisis Management for any crypto project (and not only), having solved the token bug and replaced the old one without any economic impact for users. The opportunity was even taken to add more functionalities to the Item protocol.
A perfect example of how to turn a problem into an opportunity.
Item standard, part of the Ethereans Operating System is a very innovative and complex protocol that is able to transform objects on top of Ethereum (Erc20, ERC 721, and ERC 1155) into portable dapps, with complex logic, batch transactions (more than one transactions in a cheaper way using the batch_tranfer functionality), extendible via advanced logic, also a dynamic Metadata framework, fundamental for the next generations of Ethereum Games. Also, Items works both with DeFi dapps (ERC20 standard) and NFT dapps (ERC 1155 standard).
The nature of the exploit was via a special transfer functionality that they added to the standard. With some special calls into the SafeTransfer functionality, users were able to mint infinite Items. This exploit doesn’t affect Items V.1 but only the beta version of Items v.2, not accessible to external developers at the moment, and the only token minted on top of it, $OS.
The problem is solved with the new upgrade of Items v2. Is very unlikely in blockchain that the team is able to front-run hackers and save people money.
Conclusion
What was exceptional about the event was that they managed to do everything with complete peace of mind and professionalism, unlike so many other teams in the DeFi world who use similar situations to run away with the money (blaming “anonymous hackers”) or fail by not being able to handle the problem.
Behind every crypto, technology, or other innovative product, there are people more or less able to handle such huge issues, and it is precisely by overcoming them that you become stronger and pave the way for future success.
The E-Day is coming
Nov 21 is a special day for every $OS holder and for the entire project! In fact, in this day, the Ethereans OS team is about to release the first version of Ethereans OS, an operating system to build on top of ethereum complex and secure dapps, via a lego composable and extendable Factories system (Factories), the first granular governance protocol (Organizations), secure integration with DeFi for farming, routines, and swaps (Covenants) and factory-based secure and interoperable objects (Items).
With the E-Day also the super innovative granular governance structure of OS will be fully functional, the first On-Chain organization that works without the needs of the core team, by earnings, dividends, investment funds, and also grant to delegations, more info on the official site.