Cyber Incident Victim: Poolz

On March 15, 2023, a hacker exploited the token contract governing Poolz’s vesting system, resulting in the illicit acquisition and sale of tokens allocated to public buyers of the POOLZ token. The Poolz team detected the breach and halted trading of the token within two hours to prevent further unauthorized transactions. A rapid response team was immediately assembled to contain the incident and implement measures to prevent recurrence. Within hours, Poolz coordinated with blockchain explorers to flag the hacker’s wallet address, restricting its ability to interact with decentralized exchanges. The team also removed all remaining liquidity associated with POOLZ from Uniswap and Pancakeswap, effectively isolating the compromised asset and protecting users from additional exposure. This swift containment limited the incident’s scope, preventing broader contagion across the platform’s ecosystem.

The same day, Poolz initiated the development of a replacement platform token, POOLX, which entered auditing by Certik, ArcadiaGroup, and ChainPort to ensure enhanced security protocols. A community fundraiser launched in response to the breach secured $600,000 within 12 hours to fund platform security upgrades and operational stabilization. Poolz confirmed its treasury remained unaffected, ensuring financial stability throughout the incident. Founder Liam Cohen publicly emphasized the team’s commitment to compensating POOLZ holders through a 1:1 token exchange for POOLX upon deployment of the new contract, with liquidity pools to be reestablished based on pre-attack exchange rates. The company additionally announced plans for a dedicated compensation model tied to POOLX distribution, though specifics were not disclosed. No user funds beyond the targeted vesting allocations were reported compromised, and the platform maintained operations across its supported blockchains during the remediation process.