A Chronological Walkthrough of Ascendex Hack & GTH Token Contract Pause / Redeployment
Posted by Isil Kilkis on January 6, 2022
On December 12th, Ascendex was hacked, and the hacker stole various tokens including GTH and the GTH token contract was paused as soon as possible. They informed us that their hot wallets were compromised. 8 Million GTH was moved from AscendEx to the hacker’s wallet.
After deliberating internally on the same day, at 12: 41 PM GMT +4 all token transfers have been paused. We had taken this measure as the hacker had not moved the stolen $GTH. We then did an internal strategy to move forward with a token redeployment method, keeping that in mind other exchanges had been notified about the paused contract and were informed about the hacker’s wallet to have it blacklisted.
On December 14th, we had a meeting with Ascendex for further damage control/reimbursements and then revealed the strategy of token redeployment and moved with the next steps.
On December 18th, for the users who are in the LP pool, a blog post was announced with all the instructions.
A new contract was written, termed the LP recovery contract. This contract will only be accessed by LP multi-signature wallets & will allow Gather to withdraw tokens and optionally automatically re-deploy them to the new ETH Pool.
GTH Token Holders won’t have to claim or swap, Gather will Airdrop all tokens to existing holders.
By December 25th, 89.4% of Liquidity Providers successfully moved their existing LP tokens to two multi-signature contracts. A new deadline was announced of January 31st for the rest of the liquidity providers who have missed the first deadline, only with the removal option.
On January 6th, the new GTH contract is going live with the addition of a blacklisting function and making the contract upgradeable.
In light of this event, we had engaged two different external security specialists to audit and periodically try to breach and conduct regular scans, all audits were completed successfully.
New GTH Token Contract:
New Uniswap Pool:
Multi Signature Contract Address: 0xf6c3FaFD9b8c6e93C39CAEB20022A16342Fc9085
Vesting Pool Contract Address: 0x16D899eA94456E4B2Cfb6374f3016bFC5EDc3483
Post the swaps and redeployments, the original contract will remain frozen, hence leaving the hacker with no options to liquidate the stolen tokens.
BSC bridge will be launched next week along with other major updates.
There will also be a new LP Pool on Binance Smart Chain. Details will be announced very soon.
All in all, even though the hack was unfortunate, we have been able to mitigate any loss of funds by freezing the contract.
We are thankful to our team and community who have been by our side this time.