So like the title says, our project got hacked, we don't even know the attack vector, how the wallets were accessed and the funds drained, we hired a security company and we're waiting on their report and following up with legal action as soon as we have some answers and IP addresses.
Im feeling so bad with it. It seems like that hacked may have drained the whole of funds in the wallet, right?
There shall be a vulnerability in the code, this may be right as your wallet can be accessed. This pretty similar thing with what happened with vulcan forged.
For now, I - a non-technical member of the team- have a question, is there a possibility to cancel the tokens he stole without having to migrate to a new contract? He used the tokens to drain our pool on the dex we're using, so it stands to reason that any liquidity we use to repopulate the pool will be drained in a similar manner.
No chance for this. That's why as developers and you must also put very important function to your smartcontract to avoid this like frozen or blocking function into your smartcontract. if your smartcontract didn't contain this function and that's impossible to cancel the tokens.