It would seem that over the weekend, Roll (opens in new tab)—a blockchain infrastructure site aimed at content creators—was subject to a cyberattack that cost it's customers $5.7M worth of cryptocurrency tokens.
The site, which allows custodians of online communities to create, mint, and vest social money in the form of Ethereum-based tokens, has since paused all withdrawals of social money until it's hot wallet system has been successfully migrated.
Unfortunately, the hacker has already redeemed the tokens for Ethereum and made off with the swag.
As with any wallet connected to the internet, there are inherent security risks, but there's no word yet on exactly how the hacker managed to gain access to the hot wallet. A post on the Roll blog (opens in new tab) (via TechCrunch (opens in new tab)) indicates that the company suspects the hacker was able to compromise the system by deciphering private keys used to access its hot wallet system, and that the breach was not a result of a bug in the system itself.
By way of apology, Roll has introduced a $500,000 fund to compensate "any creators and their communities affected by this," which the company has begun reaching out to individually. But as a result of the attack, creators have been struck with crippling losses.
Earlier today, the private keys to our hot wallet were compromised. We're investigating this with our infrastructure provider, security engineers and law enforcement. Additionally, we're putting together a $500,000 fund for creators affected by this. https://t.co/fQ2QbFgVAT pic.twitter.com/93pfyRGhi2March 14, 2021
One reply to Roll's announcement of a compensation fund on Twitter criticises the meagre amount, declaring that their community "just lost EVERYTHING."
It's a sad day for online communities that distribute their currency via Roll, but at least the site is taking steps in the right direction. For some, though, it's clear that this may not be enough to keep them above water.