Weekly Report (Feb-20)

5 min read

Multichain, Dexible, and Platypus Finance exploit. Rarible, and Lamborghini web3 initiatives.


  • Rarible has expanded its support to include Tezos NFTs.
  • Lamborghini has collaborated with VeVe to drop NFT collectibles.
  • The Sandbox has announced a partnership with Toei Animation.

After the recent increase in the values of crypto assets, market data show that the trading sales volume of NFTs has increased by more than 40% over the past seven days when compared to the prior week. On February 18, the market saw over 345,000 traders complete an average of more than 1.6 transactions, bringing the total trading sales volume of these digital assets to almost $400 million.

Blockchain Hacks#

A front-running attack was carried out on the Multichain's AnyswapV4Router contract, which caused the protocol to lose about 87 ETH, which is worth about $130,000. The vulnerability occurred because the attacker used a MEV contract to front-run and invoke a function of the AnySwapV4Router contract to sign and approve the transfer. Despite the fact that the contract's function used the token's permit signature verification, the stolen WETH lacked a signature verification function and only triggered a fallback in the deposit function. So, the attacker was able to use another function of their smart contract to move the WETH that was approved for the victim contract directly to the attack contract. The team also revealed that the vulnerability was an old one and that they had advised users to revoke approvals for all of the then-affected router contracts. We have outlined a detailed analysis of the exploit in this blog post.

Platypus was exploited via a flash loan attack, resulting in a total loss of around $9 million. The vulnerability occurred due to a logic error in the USP solvency check process of their contract holding the collateral. The exploiter took a flash loan of 44 million USDC from AAVE and put the funds into the Platypus Finance Pool to mint 44 million LP-USDC. The attacker then deposited them to MasterPlatypusV4 as security in order to borrow 41.7 million USP from PlatypusTreasury, which resulted in an insolvent debt position that led to an emergency withdrawal of 44 million LP-USDC from the MasterPlatypusV4 contract. They then withdrew earlier invested funds totaling 44 million USDC from Platypus Financial Pool and swapped 8.75 million USP for numerous assets for gains before returning the flash loan. The attacker's contract held stolen assets valued at $8.5 million, of which the team was able to recover $2.4 million USDC. The profits from two other attack transactions were $172,064 and $380,000, respectively. In this blog, we have highlighted a detailed analysis of the exploit.

Dexible was exploited on the Ethereum and Arbitrum chains, resulting in a total loss of $1.96 million. The root cause of the vulnerability is due to an input authorization operation during the fill method call, which allowed the attacker to authorize funds from other users to themselves. Thus, by transferring the funds multiple times, the attacker was able to profit before exiting. The exploiter has since exchanged the stolen funds for ETH and transferred them to Tornado Cash.

According to a report, Loyalist stole approximately $4 million in cryptocurrency and NFTs by running phishing scams on Twitter and collaborating with other known phishing scammers. Loyalist reveals himself as an Eastern European netizen on the Doodles Discord server and on Twitter. Although the address loyalist.eth has been inactive since October 2022, it is believed that nearly $1 million DAI is currently held in his alternate address, which has made transfers in the last two weeks. His primary exchange account has experienced $2.9 million in total deposits on Ethereum. In total, 1741 NFTs were discovered to have been stolen by Loyalist, with 416 unique victims identified.

Metaverse, and NFTs#

Rarible has announced the expansion of their marketplace to support Tezox NFTs. The marketplace will now aggregate listings from various Tezos NFT marketplaces, including Versum, Objkt, fxhash, and Teia. This comes on the heels of earlier week updates in which the team added support for OpenSea Polygon listings, making them one of the first to provide this level of cross-chain functionality. With Rarible's focus on becoming a home for creators and communities, aggregating Tezos NFTs is a natural progression. Furthermore, Tezos and Rarible share the same goal of enforcing creator royalties. In other words, both companies dictate the utmost respect for artists and their ability to earn future royalties.

Lamborghini is speeding into Web3 by joining forces with VeVe Marketplace to release an iconic new NFT collection. The Lamborghini collection, which is exclusive to the VeVe digital platform, went live on February 19th, beginning with the Huracan STO. This drop comprised four first-edition Lamborghini digital artifacts divided into four tiers, ranging from uncommon to secret rare. The Lamborghini Huracan STO is a road-adapted super sports car inspired by the sporting legacy of the iconic car brand. The car takes this attention from the Huracan GT3 EVO, which has won the 24 Hours of Daytona three times and the 12 Hours of Sebring twice. Furthermore, the first Lamborghini Huracan VeVe digital collectible colorways also include Bianco Asopo, Grigio Titans, Rosso Epona, and Verde Citrea.

Toei Animation, the creator of Dragon Ball and one of Japan's leading animation companies, has announced a collaboration with The Sandbox for a brand new metaverse game and other experiences. The collaborators, in liaison with Minto, Inc., hope to bring the most popular characters from the Japanese animation brand to all NFT collectors. The Sandbox intended to commemorate the new collaboration in a memorable way by providing a limited editing NFT to the first 1,000 registered users. Starting this year, their metaverse will be able to use Toei Animation's intellectual properties to create Web3 versions of fan favorites. As a result of this collaboration, users will be able to play, trade, and explore new avenues alongside famous characters ranging from Sailor Moon to Dragon Ball.

OnChain Insurance Industry News#

Neptune Mutual announced that the underwriting capital for Synthetix V2 cover on Arbitrum had been fully utilized and encouraged new LPs to contribute to the pool's liquidity in order to benefit from the relatively high LP returns as a result of the high utilization.

Jeffrey Xu, the Investment Manager of Fenbushi Capital, held a Twitter Space session to discuss crypto safety and the role of insurance in safeguarding digital assets, with speakers including Gillian Wu, co-founder of Neptune Mutual, Andy Zhou, co-founder of BlockSec, and Dan Thomson, CMO of InsurAce Protocol.