Weekly Report (Feb-06)

5 min read
Weekly Report of Feb 5 2023

BonqDAO and Orion Protocol compromise. Warner Music Group, OneFootball, and Sorare web3 initiatives.


  • OneFootball is set to drop Tifosi Selection NFT collection.
  • Louis Vuitton has collaborated with Yayoi Kusama to drop 10,000 NFTs.
  • Sorare has entered a multi year NFT partnership with English Premier League.
  • Warner Music Group has partnered with Gamefam for a music themed Metaverse experience in Roblox.

According to the report by CertiK, a combined total of $28 million was lost to multiple exploits, hacks, and scams in major reported incidents for the first month of this year. Multiple exit scams cost the industry approximately $10.2 million in assets, while five different flash loan attacks contributed to the loss of $762,000.

Blockchain Hacks#

The BEVO NFT art token $BEVO was hacked, resulting in a total loss of $45,000. The exploiter obtained a flash loan of 192.5 WBNB from PancakeSwap and swapped it with the Pancake pair to obtain 757,417 $BEVO tokens. The exploiter invoked the deliver function, which reduced the total value of the contract's tokens. This had an impact on the return value, which is used to calculate the balance. After manipulating the token balance, they called the skim function to transfer the increased PancakePair balance to their own account. This allowed them to exchange 0 $BEVO tokens for 337 BNB, after which the flash loan was repaid, leaving the exploiter with 144 WBNB profit. A detailed analysis of the exploit can be found in this blog.

BonqDAO stated that an Oracle attack was used to exploit the protocol, driving up the price of ALBT tokens and minting a significant amount of BEUR tokens, resulting in the loss of roughly $120 million. The price of the BEUR tokens was then dropped to practically zero on Uniswap, which led to the liquidation of ALBT troves. The exploiter was able to alter the updatePrice function of the oracle in one of BonqDAO's smart contracts, which they then used to influence the price of the WALBT token. The exploiter was able to mint approximately 100 million BEUR tokens by manipulating the price of WALBT tokens. As a result, the WALBT and BEUR tokens were exploited. The hacker then burned all 113.8 million WALBT tokens to unlock ALBT tokens after exchanging almost $500,000 worth of BEUR tokens for USDC on Uniswap. In this blog, we have shared a detailed analysis of the exploit.

The Orion Protocol was compromised due to insufficient reentrancy protection, across both Ethereum and BNB chain, leading to a loss of approximately $3 million in assets. The exploiter deployed a self-destructive smart contract to create a fake token ATK, which was then used to manipulate the Orion pools. The exploiter initially deposited 0.5 USDC, received approximately $2.84 million USDT from Uniswap V2 Pair via flash swap, and swapped 0.0001 USDC through Origin Pool to obtain USDT. Approximately $2.8 million USDT were sent to the Router, which then manipulated swaps on Orion pools to double the amount of USDT, after which $5.6 million USDT were withdrawn, $2.8 million of which were returned to the pool. The proceeds totaled $2.8 million USDT, which was converted into 1651 ETH, out of which 1100 ETH were funneled into Tornado Cash. The exploiter received approximately $191,434 from the other attack transaction on BNB Chain. We have highlighted a detailed analysis of the exploit in this blog.

Metaverse, and NFTs#

Warner Music Group has partnered with Gamefam to launch Rhythm City, a music-themed Roblox experience. Users can interact with artists from the WMG portfolio through the innovative platform. Users will be able to engage with the music through social role-playing, as well as gain access to digital goods that can be used in-game. Finally, players will be able to attend virtual concerts and events featuring WMG artists. Users can choose from a variety of roles, including music producer, DJ, dancer, and others. While participating in mini-music challenges, they can explore, dance, and connect with friends.

The English Premier League has collaborated with Sorare, the leading fantasy soccer game, to integrate officially licensed NFTs into its gaming player characters. This alliance with the Premier League is a significant step forward for Sorare and these NFTs will give the Sorare games a new level of authenticity and excitement. Players can also collect and trade their favorite Premier League players in the game. The Premier League NFTs are the English Premier League's official player cards. These NFTs are purchased, sold, and used by Sorare players, allowing them to compete with league-specific player cards.

OneFootball, the leading football media platform has launched its latest NFT collection, The Tifosi Selection. The collection includes 10 rare moments by football players from the first half of the Serie A season in 2022–23, all chosen by the community. Eight of these are tucked away in packs, while the remaining can only be found by completing certain challenges. In addition, individuals who take part in the Tifosi NFT drop will have a yet another chance to win an autographed jersey from either Inter Milan or AC Milan. The collection will include 500 total packs, with each costing $25. In order to purchase the packs, collectors will need a Dapper Wallet. The drop will be available on Aera, OneFootball's marketplace.

The surge in NFT trades and rise in cryptocurrency prices have drawn attention to the NFT sector. Louis Vuitton is attempting to capitalize on this trend by joining hands with the famous Japanese artist Yayoi Kusama to release an NFT collection. As more luxury brands embrace innovation and adjust to the internet sphere, the rise in NFT popularity, together with the legacies of Louis Vuitton and Kusama, is anticipated to usher in a new era in the digital sphere. Customers will get access to 10,000 digital assets through this collaboration, which is expected to cost about 4 ETH.

OnChain Insurance Industry News#

Neptune Mutual announced that the underwriting capital for the Curve Finance V2 cover on Arbitrum had been fully utilized, and encouraged new LPs to contribute to the pool's liquidity in order to benefit from the relatively high LP returns as a result of the high utilization.

Nexus Mutual announced that their members approved their proposed V2 upgrades, which will now be implemented in multiple stages.

Risk Harbor announced the expansion of their Core Vault 4 coverage to include the Arbitrum ecosystem through GMX, Mycelium, Stargate Finance, and Gains Network.