Official Statement from the Cellframe Network Team

The Cellframe Network team reports the identification and suppression of a large-scale scheme involving the issuance and circulation of illegal mCELL tokens. We have implemented initial measures to protect the interests of legitimate verifiers.

1. Vulnerability Description and Consequences

A technical vulnerability previously existed in the Cellframe network related to the mCELL token and the LP-staking functionality, which was discontinued in January of this year. This vulnerability did not affect the main CELL token but allowed for the creation of m-tokens bypassing the rules, or failing to burn them upon unstaking.

As a result, illegal m-tokens appeared in the network. These tokens were not backed by real CELL but could be used to launch masternodes.

This led to 12 validators collectively holding a significant volume of illegal mCELL (1,295 m-tokens in total). The fact that these same validators also held a reserve of legal m-CELL further complicated the audit and obscured the abuse.

The illegal tokens were sold via OTC deals and through the Cellframe DEX at a significant discount to their nominal value. Chain analysis data indicates that these purchases were primarily made in small volumes, after which the illegal m-tokens were "mixed" with legal ones, blending them and impeding traceability.

2. Team's Response and Justification for Actions

Upon discovering these facts, the project team referred to the internal technical documentation and the Cellframe White Paper. These documents provide for the use of "black/white lists" and transaction arbitration in emergency cases.

Specifically, the White Paper describes a mechanism that allows transactions to be marked as invalid and rolled back in case malicious activity is detected, as a temporary network protection measure.

Although the public version of the document does not contain a direct, detailed instruction for managing mCELL ban lists or individual outputs, the very concept of a flexible structure and the possibility of centralization in cases of critical failures is provided for by the architecture. We proceeded from the understanding that abuse attempts are inevitable in a project's early stages, which is why the CF-20 token standard was designed with the capability for managing ban lists within the protocol.

As part of the investigation and abuse diagnostics, this capability was activated: all holders of suspicious mCELL outputs were blocked, and the verifier keys associated with these outputs were revoked.

3. Current Limitations and Planned Measures

The team currently has a limited set of tools for registry arbitration. Immediate technical work is underway to patch the Cellframe protocol, which will allow for more selective arbitration of specific illegal mCELL outputs, rather than applying a comprehensive ban. We aim to complete this work within approximately one week.

Once the patch is implemented, the current address ban will be replaced with a ban specifically on unspent illegal outputs. Additionally, a penalty for participation in illegal operations will be introduced in the form of a settlement agreement, with the funds directed to compensate damages to legitimate verifiers who lost income due to the malicious mixing.

4. CELL Token Protection and Damage Compensation

The CELL token was not at risk and was not affected by this scheme. The damage was inflicted exclusively on legitimate verifiers. If legal funds are discovered in the blocked wallets of the malicious actors, they will be used for the benefit of the affected verifiers, especially those who used 100% legal mCELL assets in their stake.

5. Legal Liability and Warning to Participants

We draw the special attention of all verifiers and system users to the fact that the rules for obtaining and using mCELL tokens are governed by the project's tokenomics. Specifically, they can only be obtained by staking CELL tokens and can only be used as collateral for launching a masternode. They are not a means of payment and are not subject to exchange or transfer to third parties. In most jurisdictions, obtaining and using m-tokens in ways not intended by the developers, resulting in financial damage, qualifies as a criminal offense. Nevertheless, we are prepared to offer a settlement agreement to all involved parties once the investigation is complete and the degree of their participation in the abuses is confirmed.

6. Conclusion and Next Steps

Stay tuned for further updates on the investigation and the progress of the technical patch. We are making every effort to minimize risks, restore fairness, and fully protect Cellframe users.

Sincerely,

The Cellframe Network Team