On the day of the launch, November 2nd, 2020, a now identified Russian IT-specialist, contracted by RockNBlock, used a previously injected(by himself) malicious code to take advantage of the token minting function of the contract. By doing this he was able to mint 79 000 000 000 Axion tokens, which he used to drain ETH from the liquidity pool at UniSwap.
How was this possible?
The Axion project has taken pride in the audits done pre-lanch. Both Certik and Hacken has been involved, and they are well renowned in the crypto world. The audit reports are open to everyone interested at Axion.network to read. In conclusion, the audits came back with no major coding errors or bugs.
As we all know by now, this did not prevent the Russian "exploiter" to drain the liquidity pool.
He was able to do this because he was a subcontractor hired by RockNBloc. RocknBlock was in charge of the deployment of the contract. Somehow the criminal was able to infuse his code into the contract after audit and pre-launch, and somehow no one at RockNBlock noticed this (poor security protocols?).
The "IT-Specialist" has been identified and apprehended. Cointelegraph wrote an article (3rd November 2020) about what Certik found when going through what happened.
Now, writing this post relaunch, I believe that the exploit somehow made the community stronger. The Axion team did more than many would ask of them to make a relaunch possible, and I think that the damage control after the incident is top-notch.
What's gonna happen now?
Axion is on its way to be Relaunched. November 11th is set as the new launch date. The resilient Axion community has once again proven why Axion is the future. This time Axion will rocket to the moon.
Here's a document from the team on steps to take for making a restart possible.
Axion has collected funds by an Over The Counter(OTC) sale of tokens. The investors were offered Axion tokens at a discounted price, with the tokens "delivered" over a period of time. This way the Axion team managed to collect enough money to replenish the Dev-fund which was drained during the exploit. I believe that a lot of people were surprised by the determination and resilience of the team and the community. Today the team announced that they have collected enough funds (more than 500,000 USD) to make the relaunch as planned, so November 11th it's go time.
Now Axion has been launched for four days. The spirit is higher than ever in their communication channels. The expected initial slope is now turning back up and I have a very good feeling about all of this.