Weekly Report (Mar-06)

4 min read

Dungeon Swap, BitBNS, & MyAlgo exploit. Playboy, Manchester City, and The Sandbox web3 initiatives.


  • The Sandbox acquired the German game development firm Sviper GmbH.
  • Playboy announced their Metaverse experience, Meta Mansion. 
  • Manchester City partnered up with Power of Women NFT to celebrate International Women's Day.

The value of stolen NFTs reached $16.2 million in February 2023, an increase of 268% over the previous month. On average, nearly half of the stolen digital collectibles were sold on marketplaces within 1.5 hours of a heist. According to reports, 47% of these stolen NFTs were sold on OpenSea first, followed by 21.7% on Blur Marketplace. 

Blockchain Hacks#

An attacker exploited the Dungeon Swap and Launch Zone protocols to steal funds worth $728,000 and $700,000, respectively. The root cause of the exploit on Dungeon Swap was excessive user permission, which led to the price manipulation of DND tokens. The implementation contract included a function with insufficient access control, which allowed tokens approved for this contract to be abused. As a result, an attacker was able to exploit users who had previously approved this implementation contract for token swaps. The hacker purchased tokens and then looped through each user address that had approved the contract used by the hacker, forcing trades on their behalf. These forced trades drove up the price of DND tokens, which were then sold for profits. The exploit was repeated several times, resulting in a profit of over 2400 BNB, before transferring the stolen funds to Fixed Float and Tornado Cash. The DND exploiter also targeted the LaunchZone (LZ) protocol, stealing funds worth $700,000. We have shared a detailed analysis of the exploit in this blog.

BitBNS revealed that they had been hacked on February 1, 2022. The Indian crypto exchange had suppressed the news of a possible $7.5 million heist, citing it as system maintenance and suggesting an issue with Amazon Web Services. However, after an investigation by Twitter user zachxbt, they admitted that they were advised by law enforcement agencies to hide the specifics of the hack from customers.

The ArbiSwap deployer minted 1 trillion $ARBI tokens before a rug pull, which were then converted into USDC. As a result, the price of the $ARBI token in the USDC/ARBI transaction pair dropped by almost 99 percent. The team made a profit of 68.47 ETH, which was worth approximately $109,000, by trading ETH for spatial arbitrage. The stolen funds were then transferred to Tornado Cash.

Algorand ecological wallet MyAlgo stated that a targeted attack was launched against a group of high-profile MyAlgo accounts. According to them, all of the affected users had a significant amount of funds in their accounts, and were employing mnemonic wallets with the key stored in the browser. On-chain details revealed that the hack took place between February 19 and 21, and the stolen assets amount to $9.2 million, which includes 19.5 million ALGO and 3.5 million USDC. ChangeNow mentioned that they were able to freeze assets worth $1.5 million.

Metaverse, and NFTs#

Playboy is marching into the Metaverse this year with the launch of the MetaMansion virtual world. According to Liz Suman, the company's web3 lead, there will be ways for users to participate even if they are not members of the magazine brand's Rabbitar community. They will, however, be unable to visit all of the exciting locations in the virtual world. The project, in partnership with The Sandbox, was announced last summer. However, further details have yet to be revealed. The MetaMansion, which Suman described as the north star of Playboy's Web3 strategy, expands on the company's previous forays into the metaverse.

Manchester City has continued to grow in the NFT space, both in terms of its presence and its community. The football club collaborated with Power of Women, for its sixth collaborative NFT drop, which celebrates International Women's Day 2023. The collection, titled "I am EMPOWERED," is made up of five pieces of digital art that show how passionate and different women in football are. They will be available on OpenSea on March 8. The artwork also shows the unique designs of the Man City and PUMA Pankhurst kits. All profits from the sale of these NFT collections will go to the official charity of the football club.

The Sandbox, a subsidiary of Animoca Brands and a decentralized gaming virtual environment, has acquired the German game development firm Sviper GmbH to increase its development and creative talent. This acquisition intends to improve Sandbox's Metaverse and social gameplay capabilities by creating more engaging and entertaining experiences. This contains social features, new options for multiplayer games, and new Game Creator tools. They hope to assist individuals in creating their own experiences by utilizing both original and well-known characters and worlds.

OnChain Insurance Industry News#

Neptune Mutual announced an upgrade to their dApp, which now allows users to explore the application insights as well as calculate the policy fees instantly.

Bumper announced that they have added a UDSC/BUMP pool to Uniswap V2, in addition to their existing v3 WETH pool.

Ease Finance announced that Ez-Farming will be starting soon. Users will be able to receive ez-Tokens in exchange for depositing their DeFi yield-bearing tokens in their Uninsurance vaults.