chaindrainMVP
Preview surface — demo data. Where real data exists today (e.g. RealT, BlackRock BUIDL, Lift Dollar) we render it; everywhere else we render synthetic enrichment generated deterministically from public signal and clearly marked Demo or Inferred. The Phase 3 roadmap replaces every synthetic source with live ingestion — see Methodology → Exposure Graph & Similarity Engine.
← back to incident ledger

kms misconfigurationDemo

Oct 16, 2021 · $32.7M · infrastructure

Narrative

On 2021-10-16, Bank of England wholesale CBDC pilots suffered a kms misconfiguration incident resulting in approximately $32,668,464 in losses. The exploit targeted the infrastructure layer. Attribution: dprk_lazarus. This is a demonstration entry — not a real incident.

Victims

Classification

Root cause
kms_misconfiguration
Secondary causes
private_key_leak
Attack layer
infrastructure
Strategy
human_exploit
Actor role
target
Attribution
dprk_lazarus
Attacker address
Flash loan
no
Audited at time
yes
Bounty at time
no

AADAPT mappings

DEMO:AADAPT.TA0006DEMO:AADAPT.TA0005DEMO:AADAPT.T1552.005

Evidence

Disclosure date
Oct 17, 2021
Funds recovered
Audit firms at time
Spearbit, Halborn
Post-mortem URLs (synthetic)
  • https://medium.com/bank-of-england-wholesale-cbdc-pilots/post-mortem-bank-of-england-wholesale-cbdc-pilots-2021-10-16
  • https://rekt.news/bank-of-england-wholesale-cbdc-pilots-rekt
  • https://blog.bank-of-england-wholesale-cbdc-pilots.xyz/incident-report
tx hashes (3)
  • 0xc09c831364c6dea93019c9e913215f28bdbbeb6fa8064f55ea0a25f383c54bf6
  • 0x9f967d8d9e7a871aebb321e74fbcff43ccb9dd53440877ae93674bb0660e21a5
  • 0xa7b1732d779be2c3832ed322eb98bea68a1be3e1233790535003f7d97b37f921