Lossless Protocol Recovers $800,000 Stolen from Vulcan Forged Users

4 min readNov 29, 2023

Lossless fail-safe mechanism has been put to use in retrieving 119,000 PYR tokens from Vulcan Forged users with previously exposed private keys. Vulcan Forged products remain unaffected.

Another Web3 crisis was averted after Lossless, a Web3 security protocol, had frozen and retrieved the funds drained from several members of the Vulcan Forged community. Attackers appear to have targeted Vulcan Forged users who had used third-party Venly wallets, taking advantage of an already-known vulnerability.

Vulcan Forged had previously supported Venly wallet integration for their My Forge platform but has changed track after a widely publicized exploit two years ago. Vulcan Forged successfully integrated their new EVM-compatible Layer-1 blockchain called Elysium Blockchain in July 2023 as a replacement for Venly. Nevertheless, some users appear to have been unaware of the Venly vulnerability and continued to use their compromised private keys by importing them directly to MetaMask.

The Vulcan Forged team was swift to get in touch with Lossless after first receiving reports of some addresses being drained for $LAVA tokens, which were then traded over for $PYR. Luckily, $PYR tokens were recently relaunched with Lossless protection and were thus recoverable.

The Lossless protocol works by wrapping project tokens in an additional layer of transactional security. Suspicious transactions may be flagged as suspicious by anyone from the project’s active community of Finders and Stakers. Malicious transactions can then be frozen and reverted based on the outcome of an independent investigation.

In this case, Lossless and Vulcan Forged teams cooperated closely in mitigating the damage by tracing and freezing the malicious transactions, as well as identifying the compromised accounts. The recovery process was carried out in accordance with the Lossless Protocol rules, resulting in the retrieval of some 119,000 PYR tokens, valued roughly at $800,000.

Such episodes are rare in the current Web3 landscape. A positive outcome for Vulcan Forged community members could be contrasted with the much more common faith shared by some five million Atomic Wallet users. After Atomic was compromised last June, some saw their entire crypto portfolios wiped out.

Commenting on Vulcan Forged success, Dominykas A. van Otterlo, Chief Business Development Officer at Lossless, stressed the importance of this accomplishment for both the project community and the people rooting for a safer Web3 future. “Even small recovered amounts quickly add up, and the boost in community confidence is usually even greater,” he added.

Further to that, Jamie Thomson, Chief Executive Officer at Vulcan Forged, added, “We are absolutely thrilled with our decision to integrate Lossless as part of our experience. It demonstrates that, no matter what, both our Vulcan Forged community and Elysium Blockchain users are protected from these malicious attacks.” Thomson also noted: “This gives us great confidence in bridging the gap between Lossless and new projects joining Elysium, our new Layer-1 blockchain. This ensures that these projects can also enjoy the same level of protection if they choose to do so.”

This is not the first time Lossless has been instrumental in mitigating the impact of some of the most notorious Web3 exploits. Notably, the protocol has successfully recovered $1.2m worth of $AAG Tokens in Harmony’s Horizon Bridge hack and aided the retrieval of some $16.7m in the Cream Finance hack, as reported by Cointelegraph.

Lossless is currently rolling out its latest AI-powered smart contract monitoring system named Aegis which does not require code integration. Aegis employs predictive analytics to forewarn project teams of potential threats before they turn into breaking news. “Our goal is for you to hear less and less about the work that we do to make Web3 safer,” jokes A. van Otterlo.

About Lossless

Lossless is a trendsetter in Web3 security architecture. Our solutions empower projects to protect their communities from smart contract exploits and the associated financial loss.

The Lossless protocol wraps ERC-20 standard tokens in an additional layer of transactional security, providing project creators with a fail-safe against malicious exploits. Transactions flagged as malicious are frozen and can be reverted subject to an investigation.

Aegis, our latest flagship product, also offers automated threat monitoring and firewall-like features. Project teams can utilize its real-time alerts and zero-integration monitoring capabilities to identify possible threats before they turn into exploits.

Lossless.io | Twitter | Telegram | Medium | GitHub




World’s first unrivalled exploit identification and mitigation tools, designed to foolproof web3 from malicious activity.