Mozart Finance V2 STATEMENT
Dear Mozart community,
The purpose of this document is to address the major questions asked by the community regarding the attack on Mozart Finance on April 5, 2021, in addition to clarifying the v2 token (MELODY) launch and airdrop process. We want to thank our community and partners, who have been very supportive, as we work through the relaunch process. We’d also like to thank our security partners for their help, notably Vimerco, who were instrumental in helping us navigate through this crisis.
- What happened on April 5th?
The contracted solidity developer built a minting function into the deployed PIANO contract. Immune Bytes did their part of the job with their audit but the deployed contract was different to the audited contract that Immune Bytes cleared. The contracted solidity developer added a minting function in the code and even after transferring ownership, he left the minter role in place hidden in the core functions of the contract. On April 5th, the attacker minted over 100k of Piano tokens and dumped it on to the market.
While this event has put a major speed bump on our path, Mozart will relaunch stronger and more resilient than ever. Everyone involved will be fairly compensated to the best of our abilities.
2. Are your wallets compromised?
No. Your wallets are perfectly safe. The attacker did not steal any funds from any wallet, he minted PIANO tokens to himself and subsequently sold them on the market.
3. Should we buy PIANO now?
No, the attacker still can still exploit the contract so is not safe to trade or farm PIANO.
The website is still functional so please remove any liquidity you have in the pools you were participating in.
4. What is your plan to fix this?
Launching the MELODY contract and minting MELODY tokens, effectively invalidating the PIANO attack.
All presale participants of PIANO will be airdropped the MELODY token on a 1:1 ratio. Further airdrops will be made as detailed below for any pool and hodler wallets as of 05/04/2021 12PM UTC.
5. How will Melody tokens be airdropped? How does the distribution process work?
Pre Sale MELODY Airdrop
This airdrop will be the first of 3 airdrops and will be done automatically without any need for input from the PIANO holder. The ratio of the drop is 1:1 from any PIANO holdings as of the end of the pre sale.
Hodler MELODY Airdrop
The second airdrop will be to compensate all the hodlers of PIANO before the attack started. We will take a snapshot of the PIANO token contract and all the hodlers that were out of pools & farms. We will compensate MELODY airdrop at a 1:1 ratio. Snapshot will be taken at Apr-05–2021 12:15:00 PM +UTC time.
Pools & Farms MELODY Airdrop
Third airdrop will be made for those who participated in losses and were in pools & farms at the time the attack happened. All those users can submit their claim of loss with their affected BEP20 wallet address and amount they claim they’ve lost. Mozart Finance team will manually analyze the details of each claim to see what the exact amount of losses were for each particular address and would compensate everyone in the new token MELODY.
6. What is Mozart core team doing to ensure this never happens again?
First, we are engaging industry experts on key management best practices. Second, we will move control of the MELODY smart contracts to a multisignature wallet, so that Mozart Finance will never again be compromised by one man behaviour. Third, we have already engaged with industry experts to enhance our security and establish a culture of vigilance, beginning with comprehensive security and process audits.
We will be re-opening our telegram group chat shortly. We will not tolerate baseless FUD, as we now know exactly what happened.
This was not a scam by Mozart. This was a single bad actor named Mykyta Masalitin. This one person is not nearly enough to stop the momentum of 4,000 people, ready to launch a Musical NFT Marketplace into the world.
We plan to relaunch as soon as is feasible and will continue to update you throughout the process. The new code will be fully audited and re checked on deployment. We simply need to figure out the best course to compensate those who were in pools at the time of the attack, and build the pre-incident snapshot.
This should not take long. We will have estimated timelines within the next 24 hours. If building it will take too long, we will do it manually. Everyone will be compensated as much as possible. We’re still here and more resilient than ever. One man can not take us down, this community is strong. We will persist and grow stronger than ever.
