Vulcan Forged Hack 2021 — $140M Exploit Analysis

Attackers compromised private keys for 96 Vulcan Forged user wallets through a breach of the platform's centralized key storage.

Details

Full Description

Vulcan Forged's semi-custodial wallet system stored private keys on centralized servers. Attackers breached the server and extracted private keys for 96 wallets, then systematically drained each one. The centralized key management was a fundamental architectural flaw — users believed they held self-custody but keys were server-side.

Laundering Analysis

Stolen PYR immediately sold on decentralized exchanges, crashing the price. ETH proceeds moved to Tornado Cash. Vulcan Forged CEO Jamie Thomson pledged personal funds and company treasury to compensate users, reimbursing $140M from treasury. Users migrated to fully self-custodial wallets post-incident.

Sources

Transaction Hashes

Related Hacks

Back to Browse