About the hack

On Jan 27th, we suffered a hack.

An attacker gained access to a hot wallet that had single-signer control over a Safe holding ~1.2m RMRK. They drained the wallet of anything of value and sold the RMRK immediately in one transaction.

Transaction: https://basescan.org/tx/0x2905880f3555cd10130d41d4ecba4fb0d6071b4b3e9ac1d67686d44d2fec711a

What was affected (and what wasn't)

Affected

• Treasury-held fungibles in that Safe (including ~1.2m RMRK).

Not affected

• No RMRK token contracts were exploited.
• No user wallets were compromised.
• The project’s cold storage / hardware-signer safes (and the NFTs held there) were not touched.

What we did immediately

• Re-established control over the remaining multisigs and removed any risky permissions.
• Rotated keys and moved critical operations behind hardware signers.
• Capped Moonbeam supply at MAX_SUPPLY (10,000,000) and permanently removed bridge mint permissions so there is no “maybe more gets minted” surface area going forward.
• Moved the “overmint / bridge reserve” into a new 2-of-3 hardware-secured Safe on Moonbeam:

Moonbeam Safe (public): https://moonscan.io/address/0xf7c5EBbb2905A2DEd9A569bA56Bef24B57BbC022

Why the “overmint” exists

We can’t freeze third-party addresses or claw back tokens. After an incident like this, leaving any mint capability alive is a bigger long-term risk than taking a blunt-but-auditable action.

So we chose the safest option:

• mint up to the hard cap on Moonbeam
• permanently remove mint permissions
• quarantine the difference in a Safe

Policy: the reserve Safe will be used only to fulfill bridging / consolidation operations throughout 2026, as previously announced in the consolidation plan: https://rmrk.app/migration

Good news / bad news

Bad news: we gave up a few weeks of momentum (and the chart reflects that).

Good news: the attacker also ended up with the old Conviction Lock positions on Value.eth. That’s bad for fee revenue, but the important part remains true: the liquidity principal stays permanently locked, so it still supports long-term depth.

What’s next

1) Security, permanently

No more single-signer treasuries. Going forward:

• Treasury + reserves live in multisig only (hardware signers).
• Hot wallets are treated as disposable: minimal balances, minimal approvals, frequent revokes.

2) Conviction Locks 2.0 (a restart from clean keys)

Conviction Locks are still the plan - but we’re restarting from wallets we control.

Initial commitment (near-term):

• Within 14 days: create the first new permanent lock from the new Safe.
• 2026 cadence: one new lock on each major shipping milestone
• Target size: 25k–50k RMRK per milestone lock (paired with ETH as needed), scaling up as product revenue scales.

All locks will be on-chain, public, and announced.

Starting the first full month of product revenue, 25% of net revenue will be used for buyback + permanent liquidity locks, executed from the Safe and announced publicly.

3) Ship revenue-generating products (the real recovery plan)

This incident doesn’t change the thesis: RMRK wins by shipping.

In the coming weeks/months our focus stays on:

• Renderer: launch improvements + revenue layer.
• Indexer: new hosted offering for teams building on RMRK.
• Singular: revive the marketplace with a reliability-first, composables-first approach.

As soon as the next milestones are in final testing, I’ll publish exact dates.

This is crypto. Don’t risk money you can’t afford to lose. Judge us by shipping.