Weekly Report (Apr-17)
Yearn Finance, & Hundred Finance exploit. Canon, Adidas, and Mastercard web3 initiatives.
Youtube Video
Playing the video that you've selected below in an iframe
Mango Markets, a Solana based DeFi protocol, lost $117 million in a hack. Konami steps into NFT.
There has been a substantial increase in cryptocurrency hacking activity in the month of October. Hackers, and exploiters have grossed over $3 billion across more than 125 major hacks so far in 2022. More than $700 million has been stolen from DeFi protocols across 11 different hacks this month alone. The attack vectors range from bridge exploit, market manipulation, to flash loan attack thereby draining millions in assets from these protocols.
Hackers were able to drain funds from Mango Markets through price manipulation, resulting in a $116 million loss of assets. The vulnerability appears to have been caused by the hackers' ability to manipulate collateral due to an economic design flaw, in which they temporarily increased the value of their collateral and then borrowed massive loans from the Mango treasury. Following the exploit, the Mango program instructions were frozen to prevent any further interaction with the protocol, such as depositing additional funds that may be lost. This incident effectively depleted all available liquidity, preventing protocol users with deposits from withdrawing assets. We have outlined the detailed analysis of the exploit in our blog post.
Stax Finance, a TempleDAO-powered decentralized application, was hacked, costing them approximately $2.36 million. The primary cause of this incident is a lack of permission checks in the StaxLPStaking contract's migrateStake function. The hacker made his own Smart Contract, which only has a migrateWithdraw function with no other code. Then, before taking off the stolen funds, he called the migrateStake function with his own smart contract and the maximum amount possible to withdraw. The exploiter then closed the Uniswap position and sold everything for ETH. To learn more about the exploit, check our blog post here.
Rabby was the victim of a smart contract exploit in which the hacker stole 114 ETH valued at $146,000 and 179 BNB valued at $48,500, totaling a loss of approximately $200,000. The root cause of the vulnerability is the contract's token exchange function, which was called externally via the functionCallWithValue function in the OpenZeppelin Address library. The target contract and call data could be passed in by the user, but the contract did not validate the user-passed arguments, resulting in an arbitrary external call issue. This is what the attacker took advantage of to steal money from users who have approved the swap contract. The attacker has deposited all of the stolen funds into Tornado Cash. The team has advised users to cancel all prior Rabby Swap contract approvals across all chains. In one of our blog posts, we have provided a detailed analysis of the exploit.
FTX was the victim of a gas-stealing attack, in which the hacker exploited the weakness by free-minting XEN tokens 17,000 times. The amount of loss equates to approximately 81 ETH. The reason for this attack is that FTX does not limit the withdrawal transaction's gas limit while the withdrawal fee is free. Following the attack, the price of XEN tokens has dropped by more than 33%. Through the loophole, the attacker has generated over 100 million XEN tokens. According to reports, the XEN token is also being targeted by a Sybil attack. We have outlined the detailed analysis of this exploit in one of our blog posts.
Konami, the creator of classic video games such as Metal Gear, is doubling down on its Web3 investments, with a new recruiting drive focusing on the development of a new metaverse and the minting of NFTs. These NFTS can be used in-game as items, as well as to interact with other services and communities to enhance the user experience. The new system, which is presently in development, will leverage an innovative digital distribution mechanism to enable players to purchase and sell NFTs within games.
Following the rise of the metaverse, an increasing number of automakers have entered the industry to engage with fans and consumers. Formula One (F1) continues to make advances into NFTs and the metaverse area after submitting trademarks prior to the November 2023 Las Vegas Grand Prix circuit. The most recent filing with the United States Patent and Trademark Office (USPTO) revealed that the trademark filings include, among other things, licenses for cryptocurrency, NFTs and crypto marketplaces, retail stores for virtual goods, blockchain financial transactions, cryptocurrency trading, mixed reality environments, and crypto mining.
India Gate Foods has begun the process of blending art and technology. The brand is digitizing the artwork as tradable NFTs using Blockchain technology. It has inaugurated the NFT legacy gallery in order to uncover and commemorate India's lost art forms for their true consumers. This unique project benefits the artists, as proceeds from the sale of NFTs go directly to them, and effectively engages the brand's future generation of consumers. This adventure began with a heartwarming story made by Ice Media Labs Analytics and highlighting a rice artist from West Bengal, which has now earned over six million views.
Tidal finance has deployed Synthetix smart contract coverage protection. The coverage pool is now open to accept deposits, wherein earning will start by the end of next week.