Kawakami Farm Exploit — The Initial Report
Dear Kawa community, partners and friends, we appreciate you all for all your support and commitment during this troubling time.
The KawaFarm was subjected to an exploit leading to the loss of all the tokens staked in every pool on the farm.
Kawakami remains committed to our community, partners, and users, and we are working with authorities to track the attacker and have plans in place to recover our losses.
This report includes information about the attack and the actions we’ve taken and will continue to take.
At approximately 20:00 pm on February 11 (UTC), KawaFarm was exploited for approximately 61 ETH.
The hacker gained control of the staking contract deployer address previously in control by the contract developer and then managed to change the farm contract ownership to his address, allowing him to do an emergency withdrawal and empty the pools.
We regained control of ownership after realizing what happened and before they could sell the rest of the tokens in the contract, but the damage was done.
- The team decided to raise the buy & sell transaction taxes for both $KAWA and $xKAWA to 99% preventing further dumping by the hacker, as well as unaware people buying
- The team decided on a fresh contract launch of the $KAWA token
- The team has plans in place to compensate those staked in non-native pools (Kishu, Floki, Saitama, ShibGF, and Shib) in full
- The team is continuing to track the exploiter and monitor the affected assets
- The team will proceed to drain the liquidity in the KAWA and xKAWA V2 pools to fund liquidity for the relaunch.
We would like to invite all the community members and investors who wish to be part of the successful v3 launch to send their v2 KAWA and xKAWA tokens to our development fund address so that we can drain the liquidity pools. The addresses are listed on our Telegram and Discord channels.
We’d also like to ask any KAWA v1 holders with significant amounts of the original KAWA token to send it to us so that we can drain that pool too.
We encourage the attacker to reach out and begin dialogue for the return of our users’ funds. We will honor a bug bounty of 20% upon the return of the funds.
There will be more reports as we plan our relaunch and compensation, with the next one coming tomorrow, February 13, which will be in the form of FAQ. Once again, we want to thank our community, partners and friends for their understanding and support!