In recent weeks, we’ve seen a big uptick of claims that “Relay is hacked”. Obviously, this is something that we take very seriously, and have been investigating. TLDR: there’s no evidence to suggest an issue with Relay. But there absolutely is an epidemic with compromised wallets, that everyone should be aware of. Here’s what we’ve found, after investigating over 200 reports: - Almost all victims have compromised private keys or seed phrases. Relay consists of smart contracts and a web app. Neither of these can access your private key, even if they were hacked. Typically these leak when storage is hacked (computer, cloud backup, etc), or the user is tricked into sharing them - Zero evidence that official Relay products are hacked or involved in a compromise - Relay has over 1 million monthly users. And yet only a tiny tiny fraction have had issues. In summary, everything suggests that these users were externally compromised. So, why blame Relay? This partly stems from the fact that many victims don’t notice they are hacked, until they use Relay. Maybe they didn’t notice an earlier draining, because it happened in the background. Or maybe the hacker was waiting for the wallet to have sufficient funds before draining it. So when you use Relay, and the funds immediately go missing, it’s natural to think Relay is at fault. Take this example: bscscan.com/tx/0xb5de4415a80… The user (0x9b) bridged with Relay, but funds were sent to a hacker instead (0xD0). Must be Relay’s fault right? No! What happened here is that the user’s wallet was delegated to a malicious 7702 contract, and that contract has a fallback function that immediately sends out any native tokens. The hacker does not even need to make a transaction to drain the user. It happens automatically in the same transaction that tokens are received! If you look at their past transactions, this is what you see: 02:56:50 AM = call "check in" on some contract (possibly related to where hack happened) 02:56:54 AM = account is drained 02:56:55 AM = account delegated to auto-drainer for future 10:55:59 PM = uses Relay and instantly drained again The user probably didn’t notice the first drain, and so was rightfully suspicious of Relay when their funds failed to arrive in their wallet. In summary: - as more people use Relay, more compromised wallets use Relay - Relay involves sending funds to a wallet, so users are paying attention to their balances - in addition, hackers often only watch certain chains, or wait for a $ value threshold, and so after using Relay is often when they strike So, what can be done? First of all, stay vigilant!! It’s a wild west out there. You should be especially careful with anything that can access your private keys or seed phrase. For example, this tool, which is popular with farmers, was recently hacked: news.risky.biz/risky-bulleti… Second, we are exploring ways to protect our users from external threats, including: - working with @ChainPatrol to take down phishing sites - detecting malicious 7702 delegations - detecting past interactions with known drainers If you have other suggestions, please reach out In summary, Relay is safe, and we plan to continue going above and beyond to keep our users safe. If you’ve seen someone who was concerned, please share this message with them! If you still have concerns, feel free to reply here or contact our support. We are always happy to investigate, and any new information we learn can help protect others in the community.

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: