Weekly Report (Dec-18)


  • Over $6.29 million was lost in multiple DeFi hacks.
  • Ubisoft unveils the NFT mint date for its first blockchain game.
  • Casio unveiled virtual G-Shock digital art NFTs on the Ethereum Mainnet.
  • FIFA is poised to launch NFT collectibles across Algorand and Polygon.

Blockchain Hacks

Stoic DAO was identified as a rug-pull, in which funds worth approximately $1.1 million were misappropriated by draining the zetastaking.eth address. Reportedly, 10% of the total Zeta token supply was sent and swapped for roughly 91 ETH, which was then sent to EOA, where funds totaling 450 ETH were gathered. The attackers laundered a part of the stolen funds to MEXC, while a portion of it was swapped to USDC and parked at some other EOA likely controlled by the attacker.

The bridge of Hypr Network was exploited due to a smart contract vulnerability in their L1 bridge proxy contract, which resulted in a loss of 2.56 million HYPR tokens, worth over $200,00. The root cause of the exploit is that the team used the most recent version of the development branch of the Optimism monorepo at the time of deployment, which contained a critical vulnerability that wipes the first storage slot of the proxy contract, essentially allowing anyone to reinitialize it at any moment. The attacker swapped all of the stolen HYPR tokens for ETH using 1inch, effectively gaining approximately 97 ETH.

Ledger encountered a significant security breach targeting Ledger Connect Kit, a Javascript library to connect websites with wallets, leading to a large-scale supply chain attack affecting numerous dApps, causing a loss of assets worth over $610,000. The orchestrator of this exploit was a former Ledger employee who had reportedly fallen victim to a phishing attack. This unfortunate incident granted malicious actors access to the employee’s NPMJS account. Subsequently, the attackers uploaded and published malicious files within the Ledger Connect Kit. The compromised versions were equipped with a malicious drainer that deceived users into authorizing malicious transactions, essentially pilfering various tokens and currencies across multiple decentralized exchanges (DEXs). In this blog, we have shared a detailed analysis of the exploit.

An old and abandoned market-maker smart contract of OKX was exploited, resulting in a loss of assets worth over $2.7 million. The root cause of the exploit is likely due to the compromise of the private keys of the proxy admin. We have also shared a detailed analysis of the exploit in this blog.

Flooring Protocol was exploited due to a smart contract vulnerability, which resulted in a loss of assets worth over $1.68 million. The root cause of the exploit is an arbitrary external call issue, in which 14 BAYC and 36 Pudgy Penguins were stolen and then sold. In essence, the flooring contract has always had the only trusted restriction added, whereas the upgrade’s addition of unlimited extMulticall made the vulnerable FlooringPeriphery contract exploitable. The hacker dumped $815,000 worth of Bored Apes into Blur bids and $867,000 worth of Pudgy Penguins, including 3 gold skins, into bids to profit by over 751 ETH.

Metaverse, and NFTs

Ubisoft disclosed the official date for the minting of NFTs for its inaugural blockchain-based game, “Champions Tactics: Grimora Chronicles.” The launch of the Warlord NFTs is set for December 18. Ubisoft is offering 9,999 of these Warlord NFTs for “Champions Tactics,” which confer a variety of advantages, such as unique in-game features and elite VVIP status, among others. While the NFTs are to be created on the Ethereum Mainnet, the actual game, “Champions Tactics: Grimora Chronicles,” will operate on the EVM-compatible Oasys blockchain. Ubisoft intends to keep 999 of these Warlord NFTs for itself while allocating 1,000 to the Oasys community. The remaining 8,000 will be available for minting at no cost. Holders of these Warlord NFTs will gain early access to the game’s subsequent NFT mint, which includes playable characters. Furthermore, NFT owners will have the opportunity to mint up to five characters from "Champions Tactics’’ without any charge.

Casio unveiled a unique series of digital art NFTs highlighting its famed G-Shock watch line, incorporating new benefits associated with these Ethereum-based NFTs. The exclusive collection, featuring 2,000 NFT artworks of innovative Virtual G-Shock designs, became available for purchase on December 14. This venture represents Casio’s second engagement in the NFT domain, following the initial release of complimentary G-Shock Creator Pass NFTs on the Ethereum scaling network, Polygon, in September. Holders of these Ethereum NFTs will have the privilege of exclusive insights into Casio’s operations, including a guided exploration of the G-Shock Endurance Test Laboratory in Tokyo, demonstrating the rigorous durability tests that the brand is celebrated for. Additionally, collectors will have the opportunity to participate in a roundtable conversation with the designers to delve into the artistic journey of the virtual G-Shock models.

China Mobile, the leading telecommunications provider in China, has revealed an ambitious venture in the digital space: the introduction of LinkNFT, a marketplace dedicated to NFTs. This initiative is a key part of a larger strategy to drive forward the evolution of Web3 Internet technology in Hong Kong. LinkNFT is designed to facilitate easy access for Hong Kong residents to the emerging digital economy and society, merging virtual and physical realities in a novel manner. This strategic move aims to place Hong Kong at the vanguard of the Web3 revolution, marking a significant stride in the fusion of cutting-edge digital technologies. Notably, LinkNFT distinguishes itself by offering digital asset NFT minting services to businesses, enabling them to create, trade, and circulate digital assets in various sectors, including SocialFi, DeFi, and GameFi. By achieving Web3.0 compatibility with CMChain’s innovative 3-in-1 cross-chain standard components, LinkNFT incorporates a cross-chain service agreement, an adapter, and a smart contract association chain, enhancing its technological prowess and utility.

FIFA is introducing a fresh series of NFT collectibles through both Algorand and the Ethereum-based Polygon network in anticipation of the FIFA Club World Cup in Saudi Arabia in 2023. The international football federation has announced this as the inaugural release under its new partnership with cryptocurrency company Modex, which is now tasked with the strategic oversight of FIFA’s digital collectibles platform, FIFA+ Collect. During the FIFA Club World Cup, FIFA+ Collect unveiled a total of 1,000 NFTs, with the initial batch of 100 NFTs being created on Algorand and made available on December 15. These include the most exclusive collectibles from the series, providing an opportunity to win tickets to the 2026 FIFA World Cup Final. The remaining 900 NFTs are scheduled for release on the Polygon chain on the OpenSea marketplace on December 19.

OnChain Insurance Industry News

Neptune Mutual’s NPM token is now available natively on Polygon. The whitelisting process should be complete within the next few days allowing data to flow to the Sushi DEX and data aggregators. Neptune Mutual’s bridge UI has been updated to include the Polygon network.

1 Like