Weekly Report (Feb-13)

6 min read

Governement plans on Metaverse, PUMA, and Crypto.com web3 initiatives and other events of the week.


  • Saudi Arabia Government has partnered with The Sandbox to transform the Metaverse.
  • PUMA has announced the launch of a digital makeover and PFP NFT project. 
  • Crypto.com has joined hands with Studio Dragon to bring K-dramas to the world of NFTs.

The world of NFTs is constantly evolving, with new and innovative projects appearing on the scene. With over $270 million recorded across blockchains this week, sales across the majority of projects are on the rise. The highest NFT trading volume was recorded by Ethereum based NFTs, which increased 37% from $480 million in December 2022 to $659 million in January, followed by Solana and Polygon-based NFTs in second and third place, respectively.

Blockchain Hacks#

The CoW Swap protocol was exploited by an attacker to steal almost $166,500. The vulnerability occurred because the exploiter was able to move DAI from the GPv2Settlement contract via the SwapGuard contract, which is used to facilitate and check swap results, by taking advantage of a flaw in the token authorisation process. The attacker tricked the GPv2Settlement contract's owner to give permission for the use of the SwapGuard. The contract deployed by the attacker enabled anyone to use approval in transferring from the settlement contract to an arbitrary address. The Barter solver made an error of approving the malicious contract with the maximum amount of DAI to SwapGuard. Thus, the attacker was able to call the public function and transfer DAI to their address. We have highlighted the analysis of this exploit in our blog post here.

An attacker exploited LianGo protocol to steal funds worth $1.62 million, due to the compromise of the private key associated with the address of the LGT Pool owner, thereby modifying the LP token address in the LGT Pool contract. The owner of the LGT contract changed the LP token contract to a malicious contract, after which the alleged new owner added a malicious pool containing fake LP tokens, allowing them to obtain an unlimited supply of fake LP tokens. The attacker minted 137,513,751,375,137,500,000,000 fake LP tokens to the LGT pool in order to increase the supply of the fake LP token, then invoked the withdraw function of the contract in order to drain 6,148,859.35 $LGT tokens from within the contract, before swapping these tokens to BSC-USD through PancakeSwap. A detailed analysis of the exploit can be found in this blog.

The Orion Protocol was compromised due to insufficient reentrancy protection, across both Ethereum and BNB chain, leading to a loss of approximately $3 million in assets. The exploiter deployed a self-destructive smart contract to create a fake token ATK, which was then used to manipulate the Orion pools. The exploiter initially deposited 0.5 USDC, received approximately $2.84 million USDT from Uniswap V2 Pair via flash swap, and swapped 0.0001 USDC through Origin Pool to obtain USDT. Approximately $2.8 million USDT were sent to the Router, which then manipulated swaps on Orion pools to double the amount of USDT, after which $5.6 million USDT were withdrawn, $2.8 million of which were returned to the pool. The proceeds totaled $2.8 million USDT, which was converted into 1651 ETH, out of which 1100 ETH were funneled into Tornado Cash. The exploiter received approximately $191,434 from the other attack transaction on BNB Chain. We have highlighted a detailed analysis of the exploit in this blog.

The DeFi aggregator dForce was attacked in both the Arbitrum and Optimism chains, with the attackers profiting by $3.65 million. The attacker exploited the read-only reentrancy issue to manipulate the wstETHCRV-gauge asset and liquidate a number of positions as collateral. The exploiter initially borrowed 68,429 ETH, then performed a couple of swaps involving wstETHCRV before repaying the borrowed flash loan, profiting by over 1,236 ETH. The loss amounts to approximately $1.91 million in Arbitrum chain and $1.73 million in Optimism.

Nostr, on the Ethereum chain was identified to be rug-pull, and its funds were transferred to a new EOA address, with the scammers profiting by 232.1 ETH, worth approximately $370,000. It was also discovered that the Nostr contract contained back doors that allowed the admin to disable selling of this token on specified token pairs on Uniswap, blacklist addresses, and burn tokens held by wallets.

Metaverse, and NFTs#

The Sandbox has announced a partnership with the Saudi government to create metaverse experiences. This agreement marks an important milestone in the advancement of the virtual world and its role in the entertainment industry. The government's support ensures that the metaverse aligns with the country's cultural and economic vision. The collaboration is expected to propel the metaverse industry forward, establishing a new standard for virtual worlds and experiences. Furthermore, the establishment also help to promote the use of web3 technology in the gaming industry. The participation of the government in the metaverse project has opened up new opportunities for the development of metaverse related businesses and services. Additionally, it has also demonstrated the metaverse's potential as a tool for education, training, and simulation.

Paris Hilton is debuting her new reality show dubbed Parisland, in The Sandbox metaverse. Players in search of love can enter Parisland and virtually meet and connect with five other players. Activities in Parisland include quests, shopping, flirting with other candidates, and deciding on a partner as well. After participants have accomplished objectives and found love, Paris herself will DJ their virtual wedding reception. The event will continue for one month, and attendees will have the opportunity to win NFTs, SAND prizes, and memorabilia.

PUMA has announced the launch of a digital makeover and PFP NFT project for their mascot dubbed Super PUMA. The new collection marks the 75th anniversary of the brand by ushering in new technologies and experiences. The Super PUMA NFT collection complements The Nitro Collection, which focuses on digital fashion, specifically innovative shoe styles. Nitro Collection NFT holders will have priority access to the PFP NFT. Nitro Collection owners will also receive these PFPs based on the number of Nitro NFTs they own. Furthermore, the Super PUMA digital collectibles are a partner collection on the 10KTF digital marketplace. As a result, PUMA is the first traditional brand to establish itself on 10KTF, making this collection even more unique.

Crypto.com has collaborated with Studio Dragon, a Korean drama producer and distributor, to create NFTs based on the company's most popular Korean drama series. Studio Dragon is aiming to engage with fans on a regular basis by launching NFTs that introduce new K-dramas on a quarterly basis, beginning with two shows, Crash Landing on You and Start Up. The first batch of NFTs were released on February 8 and based on Studio Dragon's art toy DearRo. The DearRo art collection, consisting of 500 NFTs, is inspired by a dragon who enjoys watching K-dramas and dressing up or impersonating the main characters of its favorite shows.

NARS Cosmetics has announced a new NFT project inspired by its Orgasm shade makeup collection dubbed Odentity, in collaboration with web3 Boss Beauties. The NFT collection aims to encourage self-expression and creativity in the digital sphere, through a accessible mint, an interesting and instructive virtual event series. The Odentity NFTs is looking forward to empower women globally through the introduction of two complimentary digital collectibles. The first of them is only available to owners of Boss Beauties, while the second collectible is open to everyone. Furthermore, NARS seeks to enroll its larger network onto web3 through a series of open and gated virtual events. Both firms hope to promote career panels with top figures from web3 and the beauty industry through these online interactions.

OnChain Insurance Industry News#

Neptune Mutual announced that the underwriting capital for Convex, Curve Finance v2, Sushi Swap, and GMX cover on Arbitrum had been fully utilized, and encouraged new LPs to contribute to the pool's liquidity in order to benefit from the relatively high LP returns as a result of the high utilization.

InsurAce Protocol announced that they were expanding the coverage for Autofarm Network, Beefy, Curve Finance, DODO, 1inch, and others to a few more new chains.

Sherlock Protocol has announced the launch of an audit contest for Union Finance and Carapace Finance, in which participants can submit issue findings and earn rewards.