DeFiance Capital rescues $13.3 million at risk of being stolen

Quick Take

  • Not only did DeFiance Capital founder Arthur Cheong lose $1.7 million in NFTs and crypto in a phishing attack, but a second wallet was exposed.
  • From the second wallet, the hacker stole more than $720,000 of Lido tokens and had the potential to steal a lot more — but it was prevented.

It’s been a bad week for DeFiance Capital. 

On Tuesday, it was reported that DeFiance Capital founder Arthur Cheong fell foul to a phishing attack by clicking a malicious link in an email. His personal crypto wallet was compromised, losing $1.7 million in NFTs and cryptocurrency. What wasn’t reported is that a second wallet was also compromised, initially losing more than 200,000 Lido tokens ($720,000) of money belonging to the firm.

And worse: it contained a further 3.7 million of vested Lido tokens, worth $13.3 million, that were steadily getting unlocked — which either the hacker or DeFiance Capital could transfer out of the wallet, whoever got there first.

The vesting did, however, provide some respite. Even though the hacker had access to the staked Lido tokens, they could not sell them all because they were locked in a ‘linear vesting’ contract. Linear vesting is a system in which crypto protocol holds funds for a scheduled period and a tiny amount is released with each new block. 

Only a small number of Lido tokens kept getting unlocked at a time. Cheong told The Block that it used flashbots — a messaging protocol that can enable you to get priority when making transactions — to rescue most of the funds that were getting unlocked.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro