Weekly Report (Jun-13)

6 min read
Weekly Report Jun13

Wintermute suffered a $20 million loss via multi-signature address transfer vulnerability.


  • Wintermute suffered a $20 million loss via multi-signature address transfer vulnerability.
  • Osmosis endures from Liquidity Pool Vulnerability; Gym Network hacked due to a function vulnerability losing $2.1 million in asset value.
  • The English Premier League filed for Metaverse and NFT trademarks.
  • Budweiser teams up with Zed Run for NFT games and soon-to-be-released Metaverse wearable.
  • Salesforce launches a pilot NFT cloud marketplace.
  • Mastercard joins forces with leading marketplaces to enable direct NFT purchases.

A global pandemic, turmoil, and expanding concepts of money and worth are reshaping people’s daily lives. Decentralized protocols are creating new cultures, and people on the internet are looking for ways to gain control and have their voices heard. At the present time, the world contains valuables in both the physical and digital realms, forcing many to walk a fine line between the two. It’s just a matter of time before the world sets a new standard for what it considers truly important. Digital centre for creators and a place to roam within its metaverse space for community members to experience the vision that Metaverse is striving for Industry activity has continued to be solid, with May NFT sales volumes of $3.7 billion, according to several reports.

Blockchain Hacks#

Wintermute, a global algorithmic market maker in digital assets, lost 20 million OP tokens, which were worth approximately $27.6 million at the time of the incident. Optimism entrusted Wintermute with 20 million OP tokens to provide liquidity services for OP in the secondary market. Wintermute provided Optimism with a multi-signature address to which Optimism transferred 20 million OPs after Optimism tested sending two transactions and Wintermute confirmed they were correct. Wintermute later discovered that they had no control over the coins after Optimism transferred them because the multi-signature addresses they provided were only deployed on the Ethereum mainnet, not the Optimism network. Wintermute immediately began remediation efforts to reclaim these tokens. However, before Wintermute, attackers discovered this vulnerability and deployed multi-signature to this address on the Optimism network, successfully controlling the 20 million tokens.

Gym Network, a DeFi Aggregator Investment System, experienced a vulnerability in their recently deployed Claim & Pool function for Single Pool, resulting in a significant drop in token price. The hack occurred due to a lack of caller verification, which was used to increase the balance without making any payment, resulting in the loss of assets worth $2.1 million.

Cosmos-based DeFi protocol, Osmosis Network, suffered a $5 million loss due to the Liquidity Pool vulnerability. A critical bug on Osmosis was discovered by a Reddit user, which could drain all liquidity pools. Anyone on the platform would be able to add liquidity to any pool and receive an additional 50% when removing it. As users began to take advantage of this process while it was vulnerable to the snowball effect, significant damage was already done. Validators began reporting issues on Discord following the v9 Nitrogen upgrade, and an emergency halt was declared to save the remaining liquidity on the DEX.

A vulnerability in the ApolloX signature system led to an attack against the ApolloX project. The attacker used the signature system flaw to generate 255 signatures, with a total of 53,946,802 $APX extracted from the contract, worth about $1.6 million. The problem has been fixed, and withdrawals on DEX can now be made again. The team has also decided to make up for the losses through the open repurchase of APX and APX received through trading fees on the exchange.

Metaverse, and NFTs#

The English Premier League (EPL), one of the iconic European Football Competition, has officially entered the world of NFTs. The company registered two crypto trademarks with the US Patent and Trademark Office, revealing its lofty ambitions for the rapidly expanding NFT sports niche. To be more specific, EPL submitted two applications. The first featured the iconic lion logo. In the meantime, the second was for a trophy with a crown and two golden lions on each side. Furthermore, the filings mention NFT-related licenses, implying that we may soon see NFTs, exchange services, and digital merch from the bestowed competition.

Budweiser has partnered with Zed Run, a metaverse horse racing game, to enter the GameFi market. The legendary beer brand continues to make movements in the Web3 community, appealing to a completely new demographic. After releasing 2,500 Budweiser Pass NFTs for $225 on 9 June 2022, Budweiser and Zed Run offered a variety of unique utilities, airdrops, and chances to win real-world giveaways. Racehorse skins from three rarity tiers will be given to Budweiser Pass subscribers in July 2022. All three skins will be given out at random: gold, a Budweiser bottle, and Clydesdale. Starting in July, there will be a series of tournaments and challenges with rewards totalling up to $95,000, which will culminate with the final event in December. Finally, all ticket holders will receive a ZED RUN Decentraland t-shirt designed exclusively by Budweiser.

Salesforce has announced the launch of NFT Cloud, a pilot NFT platform in which users can mint and trade digital assets. This newly launched product has been viewed by the American software company as a way to connect with its customers and make NFT selling more accessible. The company’s website does not specify which blockchains and wallets NFT Cloud will support in the future, nor which wallets or blockchains the platform will support, only that the platform will connect data, communities, and wallets and allow users to deploy from secure, sustainable technology.

Qatar Airways has introduced QVerse, its first metaverse experience. This virtual reality platform enables interested parties to virtually visit and navigate the Hamad International Airport’s Premium Check-in section. QVerse is simply the company’s initial venture into the Metaverse, as it intends to expand its virtual environment efforts and envisions the metaverse as an integral component of the future of human relationships. According to the company, its introduction into the metaverse is a reflection of its passengers’ need for immersive information that can aid their decision-making before to purchasing a ticket, as well as their want to explore the aircraft they will be flying on. Additionally, the business emphasized that it intends to add more features, locations, and interactions to its metaverse platform and that it intends to make the experience social and accessible via the Oculus Quest VR platform.

Mastercard, the international payment processing giant, has expanded its payment network for NFT markets and Web3. Over the past year, the financial services provider has been working on expanding their payment networks to NFTs, and has partnered with a number of leading NFT marketplaces, including Immutable X, Candy Digital, The Sandbox (SAND), Mintable, Spring, Nifty Gateway, and Web3 infrastructure provider MoonPay, to allow 2.9 billion cardholders to directly make NFT purchases without first purchasing crypto. With the latest Mastercard collaboration, billions of cardholders can now avoid the process of purchasing and transferring cryptocurrency to NFT marketplaces.

OnChain Insurance Industry News#

The Frax Finance de-pegging protection pool has been launched by Tidal Finance and is now accepting deposits. Starting on June 20, the Frax’s holder can purchase their policy at an annual cost of 4%.