Zircon Finance Hack

Hello everyone,

You are probably aware of what happened with Zircon Finance on Moonriver.

I have been personally affected by this hack and have lost a significant amount of money. I would like to explain why I decided to use this platform in the first place. When I saw Moonbeam’s Twitter promoting Zircon and awarding a Moonriver grant of 15K $MOVR, I became very interested in this project. I have been a follower of Moonbeam since the beginning, having participated in the crowdloan on Kusama and the Take Flight event. In short, I am one of your early supporters.

However, it appears that the code of this project was vulnerable, and anyone with a little knowledge of development could have exploited it. I am trying to understand how and why you had trusted them, and why you promoted them multiple times.

I do not blame you for what happened, as I take full responsibility for my actions. However, I would like to point out that your support for Zircon influenced my decision to use their products. It is important that this does not happen again in the future. That is why I am writing this message, to encourage you to question your actions and support for certain projects without conducting proper research.

Furthermore, it appears that Zircon was audited by Chain Troopers, who claim to be collaborators of Moonbeam and Moonriver. However, I believe their audits may not be reliable.

https://chaintroopers.com

According to my research, approximately 6450 $MOVR tokens were drained by the hacker. I do not even know if it is possible, but my despair still prompts me to ask the question: can the foundation or the treasury consider helping its early supporters like me?

It can be a way to show that we are a solid and united community.

This hack has had a significant impact on me, and I believed that everything was secure due to the fact that Zircon was supported by Moonbeam. I hope that we can prevent this from happening again and protect other early supporters from experiencing the same loss.

Thank you for your attention.

Thank you for your post. I am sorry that you were impacted by the Zircon hack and I know there were others affected by this unfortunate incident.

As a permissionless network where anyone can deploy code, it’s impossible to guarantee that any application or smart contract is safe to use. While we hope that all teams in the broader ecosystem adhere to best practices and security audits, it is the burden of the developer to properly vet their code before deploying it. Even then, code reviews or audits are no guarantee of user security. Zircon, like many other projects building in the web3 space, are building the next generation of technology. However, with anything cutting edge and ground breaking, there are inherent risks. We at the Moonbeam Foundation have always strongly advocated for every user to do their own diligence and use Moonbeam at their own risk.

The Moonbeam Foundation will continue to try to help educate the Moonbeam community on different projects launching and different use cases but by no means should this be seen as an endorsement of the project including the project’s security…

Again, I’m sorry this has happened to you. Despite this unfortunate setback, the Moonbeam community remains vibrant and committed - I hope that you and other affected users continue to see the value in what we’re building together and continue to participate in the Moonbeam community for a long time to come.

Hey CryptoKichta,

Thank you for contacting us and sharing your concerns about the recent hack of Zircon Finance. I’m really sorry this happened to you. I understand that this has been a difficult situation for you, and I sympathize with the loss you have suffered.

I would like to express my opinion exclusively regarding this case, but other members of the Moonriver community or the Moonbeam Foundation may have a different view.

I firmly believe that whenever Moonriver / Moonbeam social sources share information about a project or a grant received on any social network or other platform, it is solely for informational purposes and is not intended as an endorsement or incentive to use the project. while Moonriver / Moonbeam aims to introduce users to the innovations that projects bring to the Moonriver / Moonbeam ecosystem, it is important to note that we cannot guarantee the safety or reliability of any third-party project built on top.

I understand that Zircon’s frequent presence at various events may have influenced your decision to use their products, and I sincerely regret the losses you suffered due to the hack. however, I want to emphasize that the Moonbeam Foundation does not have the ability to inspect every line of code of projects deployed on top of Moonriver.

Regarding Chain Trooper’s audit of Zircon, please note that Chain Troopers is an independent audit firm that is not owned or operated by the Moonbeam Foundation, and thus, Moonbeam Foundation has no control over the results of their audit or their independence.

As for your request for assistance from the the treasury, I understand your position, but please note that treasury funds are allocated for specific purposes, and I believe that the Foundation cannot provide direct compensation for losses incurred due to third-party hacks.

As you already know, Zircon submitted a proposal for the Ecosystem Grant, and I remember that you had positive comments about them, acknowledging their cutting-edge technology and saying that they deserve a chance. however, it appears that your previous comments have been deleted. unfortunately, it seems that they made a mistake that resulted in the loss of user funds. as a user, it’s important to be mindful of the risks involved. nevertheless, I hope that Zircon will be able to rectify the situation and will be able to demonstrate its innovation and efficiency

What I don’t understand is how they were able to receive a grant on Moonriver without on-chain voting or any further research on their skills.

They don’t seem to be very qualified or experienced. I know that Moonbeam is permissionless, but the grant process is not.

I don’t trust any project that launches on Moonbeam just because it’s on Moonbeam. However, they had receive support in some way, and it has a certain influence on the community. I think it’s not just me who feels this way.

Yes, I did delete my comments because I no longer have confidence in them and do not want to mislead anyone with my statements. After witnessing their unprofessionally executed work, I lack trust in them and most likely any upcoming projects on Moonbeam.

I take full responsibility for my actions, but I would also like to urge you to be more mindful of what you share on your social media platforms in the future. You may not realize the impact that your posts have on your followers and the negative perception they may create after events like this. I say this with utmost kindness.

Thank you for your attention.

I’ve lost some as well.

OMG!! why like that???
one of project i have joined, it was bankrupt too.
and many people is keep losing their assets due to hacking and fraud