Notice on Recent Security Breach

2 min readFeb 10, 2023

Neo would like to inform the community of a security breach that was detected at approximately 21:19 (UTC) on Feb. 8th. No user funds are at risk.

Suspicious transactions were spotted on two N3 migration wallet addresses:

  • NV96QgerjXNmu4jLdMW4ZWkhySVMYX52Ex
  • NV8D4oeDohSvV6yHPVpeu9nmV5ycVLKT5J

These wallets held tokens that would be transferred into a Neo N3 user’s account upon migration from Neo Legacy. Only a portion of the migration funds were held in these wallets.

Approximately 3.4 million NEO, 730,000 GAS, and various other NEP-17 were moved from these wallets to three new addresses:

  • NWa7NWZueuAwbN4y6GWGWy56V76LyyrB33,
  • NiFtgekYY6KY1XxwahVAyMtgX1WoJkrQXd, and
  • NM1hSXxP8GSQcvxUNFAJgkuA4Btyz2ZMG1.

The Neo Council took immediate action and successfully blocked the attacker’s addresses from performing further transactions using the “BlockAccount” method in the native Policy contract. Signatures were required from 11 of the 21 Neo Council members. This prevented the attacker from liquidating the tokens and limited the damage to the Neo ecosystem.

Prior to the accounts being blocked, the attacker used Flamingo to convert fUSDT, FLM, fwBTC, fwETH, and pONT to 223,461 NEO. The attacker is now unable to access these funds.

The attacker also bridged fUSDT, fwETH, fwBTC, and FLM out of the ecosystem to the value of approximately US $520.

The migration service from Neo Legacy to Neo N3 had been temporarily paused. An announcement will be made when the service has been restarted.

We have reason to believe the keys for the individual migration wallet addresses were compromised, though the details of the breach are still being investigated.