Weekly Report (Aug-21)


  • Over $10 million were lost in multiple DeFi hacks.
  • Sony unveiled a VR headset patent to replicate real-world objects in the Metaverse.
  • McDonald’s expanded its menu with exclusive Grimace NFTs.
  • Coinbase unveiled Coca-Cola NFTs at the OnChain Summer Festival.

Blockchain Hacks

The Zunami Protocol was exploited on the Ethereum Mainnet, which resulted in a loss of funds worth 1174 ETH and 1265 USDT, totaling approximately $2.1 million. The root cause of the exploit is a price manipulation issue caused by donations that incorrectly calculate the price. The attacker was able to manipulate prices on the pairs upon which its UZD balance depends. Funds worth approximately 1183.8 ETH have already been laundered into Tornado Cash.

Rocketswap was exploited due to the compromise of the private keys, which resulted in a loss of 471 ETH, worth approximately $868,000. According to the team, they needed to use offline signatures when deploying the launchpad and put the private keys on the server. The attacker apparently performed a brute force attack on the server and exploited a proxy contract used for the farm contract, which led to the unauthorized asset transfers. The exploiter swapped the stolen assets for roughly 472 ETH and bridged them to Ethereum via the Stargate bridge.

SwirlLend was identified as a rug-pull, in which funds worth approximately $490,000 were swept away. The TVL of the project dropped from $784,300 to $49,200. The deployer bridged approximately $289,500 worth of funds from Base to Ethereum, including 140.68 ETH and 32,600 USDC. The scammer also bridged 94 ETH from Linea to Ethereum via Orbiter Finance. The social platforms of the team have also been deleted.

The Exactly Protocol was exploited across multiple transactions on the Optimism chain, which resulted in a loss of over 4324 ETH, totaling approximately $7.3 million. The vulnerable contract lacked input validation, which allowed the attacker to create a malicious contract that stole funds from the users and gained incentives by liquidating their bad debt position. Approximately 1500 ETH have been bridged back to Ethereum through the Across Bridge, while 2833 ETH are still in the process of being bridged back to Ethereum via the Optimism Bridge.

The PresaleV4 contract of BTC20 was exploited as a result of price manipulation, which resulted in a loss of funds worth approximately $30,000. The vulnerable function called another function on the Uniswap router using the WETH-BTC20 pair, which relies on the reserves of the pair. The attacker used a flashswap on this WETH-BTC20 pair and bought all BTC20 up to the allowed limit of 100,000 tokens.

Harbor Protocol experienced an exploit across a number of their vaults, including stablemint, stOSMO, LUNA, and WMATIC. The total loss of funds is unknown at the moment; however, it is speculated that the hacker was able to steal funds worth 42,261 LUNA, 1,533 CMDX, 1,571 stOSMO, and 18,600,000,000,000,000 WMATIC-WEI.

A number of Thales hot wallets, serving as temporary deployers or keeper bots, were compromised as a likely result of a core contributor’s PC or Metamask being hacked. None of the users’ funds were affected by the attack, and all of their funds on Optimism, Arbitrum, Polygon, and Base are safe. The attacker was able to seize control of all of their BNB chain smart contracts, causing a total loss of around $35,000.

Metaverse, and NFTs

Sony is advancing its efforts in the metaverse with a novel VR headset patent. This innovative virtual reality technology can identify and digitally render real-world objects within its virtual space. A standout feature of the patent emphasizes the enhancement of visual realism and depth, enriching the metaverse experience. The headset achieves this by interpreting audio signals from objects to decipher their structure and digitally reproduce them. Beyond enriching gaming scenarios and helping users avoid real-world obstacles, this technology can aid the visually impaired. Through audio signals, those with vision challenges can identify and position themselves in relation to items like chairs.

McDonald’s has entered the NFT game, showcasing its iconic character, Grimace, in a digital avatar. From August 21, McDonald’s Singapore division will roll out 2,000 distinctive NFTs, each capturing Grimace with a unique blend of emotions and embellishments. These NFTs aren’t just rare; they’re singular in their existence. While NFTs have typically been a marketplace commodity, McDonald’s is offering these as a no-cost collectible, but with a catch. To be minted, these tokens require integration with the Ethereum mainnet via the McDonald’s Singapore app. Moreover, with the introduction of soulbound characteristics, these NFTs are non-transferable, nullifying any secondary market sales. It’s evident that McDonald’s envisions these NFTs as invaluable keepsakes for their patrons rather than mere tradeable assets.

Coinbase wrapped up its blockchain event, OnChain Summer, by unveiling unique Coca-Cola NFTs. Named Masterpieces, these NFTs are presented within the classic Coca-Cola bottle shape on Coinbase’s Ethereum-based platform, Base. Merging iconic artworks such as Edvard Munch’s ‘The Scream’ and Johannes Vermeer’s ‘Girl with a Pearl Earring’ with pieces from emerging artists, these NFTs were initially featured in Coca-Cola’s worldwide ‘Masterpiece’ initiative. These artistic gems have now been digitized as NFTs, available to art enthusiasts and collectors during the OnChain Summer festival.

OnChain Insurance Industry News

Neptune Mutual announced the end of the claim payout period for Curve Finance and stated that the Curve Finance pool is open, once again, for purchasing cover and providing liquidity.

Tidal Finance announced that they have collaborated with BlockSec to jointly launch and manage the insurance pools for Compound Finance V3 and Aave V3.