Weekly Report (Mar-13)

5 min read

Tender Protocol, and Hedera exploit. Valentino Rossi, Gordon Ramsay, and Amazon web3 initiatives.


  • Valentino Rossi has launched a motorsport Metaverse experience on Roblox. 
  • Gordon Ramsay's Hell's Kitchen Avatar Collection is set to be released on The Sandbox.
  • Amazon is set to launch an NFT marketplace.

Blockchain Hacks#

Tender Protocol was a victim of a white-hat attack. The alleged hacker was able to drain approximately $1.6 million from their platform, forcing their services to halt completely while the team attempted to recover the stolen assets. The exploit occurred because their Oracle contract had an error that incorrectly multiplied the price of the tokens. This misconfiguration allowed the hacker to borrow $1.59 million in cryptocurrency assets with just a GMX token worth $70 as collateral. After the negotiation via on-chain messages, the two teams came to a stalemate, and a deal was carried out in which the Tender.fi team agreed to pay the hacker approximately $62 ETH, worth $96,500, as a bounty reward. The team later revealed that the hacker had completed the loan repayments and that the funds were safe.

Hedera stated that they had noticed network irregularities impacting their dApp and users. An exploiter attacked the smart contract service code of the Hedera network to transfer the Hedera Token Service tokens held by many user accounts into their controlled accounts. The attacker targeted accounts used as liquidity pools on multiple DEXs that use Uniswap v2-derived contract code that was ported over to use the Hedera Token Service, including Pangolin Hedera, Heli Swap, and Saucer Swap. The impacted tokens during the attack were moved to the Hashport Network bridge, which was later frozen by the bridge operator. The team turned off mainnet proxies, removing user access to the mainnet, in order to prevent the attacker from stealing more tokens. Although the amount of stolen funds still remains unknown, the team has reportedly identified the root cause of the attack and is working to mitigate this vulnerability.

A social-engineering attack was carried out on the multi-signature wallet of the PeopleDAO community treasury on Safe in order to steal 76 ETH, worth approximately $120,000. PeopleDAO uses a Google Form to gather information about contributor rewards every month. The accounting lead accidentally shared a link with edit access in a public Discord channel, which the hacker took advantage of. After gaining access to the sheet, the hacker inserted 76 ETH worth of payment to themselves and set it to become invisible. Since this field was hidden, the team lead didn't find it when they checked, so they quickly sent the file to the CSV Airdrop tool in Safe to distribute the reward. Six of the nine multisignature signers didn't notice the malicious transfer because there were 80 other transactions going on at the same time. As a result, the transaction involving 76 ETH was signed and executed without their knowledge.

Metaverse, and NFTs#

Valentino Rossi has entered the realm of the metaverse with the launch of Moto Island, The Official Valentino Rossi Experience. Moto Island is made up of high-octane races set in an open world. The Valentino Rossi experience is VR46 Metaverse's first foray into the virtual world. Up to 30 racers can line up on the race tracks in an environment filled with oceanside roads, forests, snow-capped peaks, and cities. The game recreates Valentino Rossi's riding experience with outstanding physics. Hundreds of bikes with thousands of appearance and performance upgrades are also available. Furthermore, thousands of user-generated items, such as helmets and leather jackets, can help riders improve their style.

The Sandbox has announced that the Gordon Ramsay NFT Hell’s Kitchen Avatar Collection will be released on March 14. The digital assets include 2,333 avatars modeled after the chef himself. The avatars allow fans to express their admiration for Ramsay and The Sandbox in a fashionable manner. This NFT collection promises to take fans on a journey like any other. The NFT collection was well received on the social media platform Twitter, with appreciation from his fans and users who simply like to collect unique and interesting avatars. In addition, with its fiery style and homage to the chef's famed television show, this collection appears to be popular among blockchain gamers and foodies.

Amazon is set to enter the world of web3 with the release of an NFT Marketplace as early as next month. Amazon is preparing to enlist 15 collections for the launch of its digital marketplace. The Amazon Digital Marketplace may be accessible via a tab on the Amazon website in the United States. In addition, the platform intends to expand gradually to other regions, including Europe and the rest of the world. According to multiple sources, the launch date has been pushed back to the end of April due to the fallout from FTX and the decline in the cryptocurrency market. Amazon's back-end blockchain technology and the type of private blockchain it intends to develop remain unknown, so it is currently unclear whether an Amazon token will be included in the transaction.

OnChain Insurance Industry News#

Neptune Mutual shared the details of a dApp upgrade to their platform, which now reflects the historical ROI chart of each network, a feature that will be beneficial for the liquidity providers.

Nexus Mutual announced that the team has completed the migration of their protocol from V1 to V2.

Bumper Finance announced that their liquidity mining program Epoch 1 had come to an end and that a new initiative under Epoch 2 was underway, in which users could receive pro-rata rewards and automatic rollover.