Weekly Report (Apr-17)
Yearn Finance, & Hundred Finance exploit. Canon, Adidas, and Mastercard web3 initiatives.
Playing the video that you've selected below in an iframe
Nomad Bridge was drained of nearly $190M. Magic Eden integrates Ethereum NFTs on their platform.
Cryptocurrency hacks are all too common, with a seemingly regular series of multi-million dollar exploits shaking investor confidence in cryptocurrency markets and prompting many investors to become increasingly wary of where they store their assets. While cryptocurrency exchanges were once the primary target, hackers appear to have found a new target in blockchain bridges.
Cross-chain bridges continue to be a vulnerability in DeFi and an attractive target for exploiters. Nomad Bridge, the cross-chain interoperability protocol was targeted by hackers, who drained $190 million in liquidity over two and a half hours of attack. Following a regular upgrade in June, the bridge's Replica contract was initialized with a fatal security issue that led to the event. In this instance, the trusted root was set to the 0x00 address, and the old root was invalidated when the trusted root was changed, meaning that all messages were read as valid by default. After a failed initial attempt, the original attacker’s exploit transaction, which was copied by subsequent attackers, was able to call the process function directly, without first assessing its validity. As soon as the fatal blow was struck, the news spread and numerous individuals began to fight over the leftovers. In fact, a shrewder exploiter could have devised a plan to drain the entire bridge for themselves.
Cryptocurrency exchange ZB Exchange was another victim of a hack that appears to have drained approximately $5 million worth of tokens from the company's hot wallet. According to many sources, hackers may be responsible for transferring 21 different types of tokens off of the exchange, including Tether, Polygon, Tesra, and Shiba Inu. Transaction records show that the tokens were subsequently sold on several decentralized exchanges for Ether. The suspected hack followed ZB.com announcing the suspension of deposits and withdrawals in response to the sudden failure of some core applications, with the exchange warning users not to deposit any digital currency until a possible recovery.
A multimillion-dollar attack took place on the Solana public chain as an increasing number of terrified users realized their wallets had been emptied. The hacker successfully drained nearly $6 million from over 8000 user wallets during a smash and grab raid. The transaction characteristics demonstrate that the attacker signed the account transfer without utilizing the attack contract, and the initial conclusion was that the private key was compromised, suggesting a potential software supply chain issue. It is suggested that users protect the privacy of their private keys and move their hot wallet tokens to a somewhat secure location, such as a hardware wallet.
Magic Eden, a community-focused NFT marketplace, has just announced that it will be integrating Ethereum NFTs. This is a significant step forward in the platform's efforts to expand its presence across all web3 communities. The platform expects to increase its total traded volume in the coming year by going multi-chain, following its $2 billion in traded volume for Solana NFTs since its launch in September 2021. It also enables NFT creators to launch seamlessly across multiple chains, benefiting from increased liquidity and new audiences. Magic Eden List, which includes a whitelist and audience targeting tool, Launchpad with ETH and SOL compatibility, and a Drop Calendar are among the new Magic Eden - Ethereum Blockchain features. In addition, the platform is running private beta tests in preparation for the launch of a cross-currency trading product. Magic Eden's ETH-compatible Launchpad includes a seamless minting setup, marketing support, and custom launch build-outs.
Pearson, the educational textbooks publisher, has announced plans to convert its textbooks into NFTs. After finishing their studies, students rarely need their textbooks. As a result, dropping textbook NFTs that can be sold on the secondary market provides Pearson with an excellent opportunity to profit from second-hand sales. This new strategy will help to solidify Pearson's digital strategy after the launch of its Pearson+ subscription application in 2021. Although selling books as NFTs is not a new idea, it is safe to say that book NFTs have not taken off in the same way that music or art NFTs have. This is because many publishers remain wary of NFTs, particularly because their target audience values printed books.
Popular metaverse platform Decentraland has announced plans to launch the world's first metaverse ATM on August 8 at the Airdrop Tower. The launch event will be hosted by the platform's developers. The metaverse ATM developed in collaboration with the Transak payment gateway and the Metaverse Architects studio will make it easy for users to purchase cryptocurrency. The Transak metaverse ATM by Decentraland is the first fiat-to-cryptocurrency ATM in the world. The goal of the initiative is to facilitate the purchase of MANA and other cryptocurrencies. Developers noted that this adoption is intended to improve the user experience, and that the team is constantly developing the tools and technology required to make payments in Decentraland effortless.
Tech companies are constantly innovating and experimenting in order to provide users with an interactive and ultra-realistic metaverse experience. The metaverse is not separate from people's actual lives; rather, it is an extension that complements our real world. KuCoin, one of the largest cryptocurrency exchanges, has recently announced its entry into Ertha's metaverse, a project that aims to simulate a real-world environment by simulating the actions that people must perform to live a life. Upon logging into Ertha's early beta, players will be greeted by a state-of-the-art and fully functional KuCoin Office, situated on the initial playable ERTHA NFT Land plot.
Ease, formerly ArmorFi, designed their tokenomics with a sustainable architecture based on growing vote tokens (gvTokens). Through their $EASE token deposits, a user may receive an equivalent $gvEASE token, which can be used for voting on governance proposals or staking to a vault to lower the maximum fees for a single hack.
Bridge Mutual has partnered with Lido Finance, a multi-chain liquid staking solution for Ethereum, Solana, Polkadot, Polygon & Kusama. The collaboration will enable users to purchase coverage for Lido's stETH and underwrite insurance for an attractive yield.