Weekly Report (Jan-01)


  • Over $91.3 million was lost in multiple DeFi hacks.
  • The Museum of Science enters the Metaverse with Roblox.
  • Starbucks Odyssey rewards top NFT holders with a Costa Rica trip.

Blockchain Hacks

A fake Discord server link on the docs of Across Protocol was used to exploit a DeFi netizen, causing a loss of $880,000 worth of aEthWBTC. The victim had reportedly signed a malicious ERC20 permit transaction.

Megabot has been confirmed as an exit scam project. Investigators reported an estimated loss of approximately $742,000, a substantial portion of which, around $692,000, was drained from Solana-based assets. In a typical move following this scam, all social media accounts associated with the team have been abruptly deleted, leaving investors and followers in the dark.

Thunder Terminal was exploited due to the reportedly compromised third-party service, which resulted in a loss of 86.56 ETH and 439.12 SOL worth approximately $242,000. A malicious actor was able to gain access to a MongoDB connection URL, which they used to pull session tokens and execute withdrawals on behalf of users. The server did not flag these withdrawal requests because of the leaked session tokens and approved the authentication requests. The exploit affected 114 out of over 14,000 wallets. The exploiter has already transferred the stolen assets, worth 86.3 ETH, to Railgun.

Telcoin was exploited due to the flawed proxy implementation of the wallet on Polygon, which resulted in a loss of assets worth approximately $1.3 million. The exploiter took advantage of un-initialized proxy contracts and initialized them with vulnerable implementations to transfer TEL tokens. Over 3 billion telcoin tokens were sent out on Polygon in the course of multiple transactions. The incident primarily impacted the wallets that had never initiated any transactions since they were created. The team plans to restore all wallets to their previous balances for all affected assets prior to turning the app service back on. According to them, no keys, backend systems, or user data were breached.

Libra Protocol, the inscription project on Arbitrum, is suspected to have been a rug pull. Reportedly, the project is a simple contract that can mint assets, wherein each mint requires 0005 ETH. The team has already transferred the 231 ETH worth of mint fees to another address that they most likely control.

The INSC NFT project was exploited across multiple transactions due to an unauthorized transfer vulnerability, which resulted in a loss of over 21 ETH, worth approximately $50,000. The proceeds from the exploit, however, were sent to the team’s loyalty smart contract in various batches of transactions. The other collections that copied and pasted the INS-20 smart contract were also vulnerable to the exact same exploit, reportedly causing a total loss of 200 ETH.

Pink Drainer, the notorious crypto hacking group, conned yet another victim to snatch $4.4 million worth of LINK in two different transactions. The victim was drained of 275,700 LINK within a minute of signing the malicious increase approval transaction. Around 68,925 LINK tokens were transferred to a wallet labeled PinkDrainer: Wallet 2 on the Ethereum Mainnet, while another 206,775 LINK was sent to another EOA.

The retired V3 staking contract of 0xProject was exploited on the Polygon network due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $613,000. The team had previously deployed the test version to production using a public function. The attacker set this address to the one that forwards ETH to themselves on calling the deposit function. The stolen assets were bridged to ETH and then laundered into Tornado Cash.

PeckShield reported several cryptocurrency rug pulls. The creator of FomoFi traded an enormous quantity of 5,370,814,630,572.9 FOMO tokens for around $189,600. These transactions led to a near-total collapse in the value of the respective tokens, with prices plummeting by roughly 100% post-exit. In another instance, the developer behind NebulaNode swapped an astronomical sum of 100.1 sextillion NNNN tokens for 1,033.8 BNB, equating to about $335,900. Additionally, Pike Finance’s deployer exchanged 22 quadrillion PIKE tokens for 23.5 ETH, which were worth $52,600. The tokens involved in these rug pulls bear identical names to their legitimate counterparts.

Orbit Chain was exploited across a series of transactions, which resulted in a loss of funds worth approximately $81.6 million. The root cause of the exploit appears to be the misuse of valid signatures for unauthorized transactions. The exploiter was likely able to create fake signatures for a withdrawal transaction by compromising the private keys of the owner. In this blog, we have shared a detailed analysis of the exploit.

Metaverse, and NFTs

The Museum of Science in Boston is making a significant move into the realm of immersive online learning with its new Roblox project, “Mission: Mars.” This project, created together with Filament Games, presents an interactive challenge where users are tasked with designing and optimizing vehicles suitable for Mars exploration. In this digital learning space, which aligns with science standards, participants engage in a virtual Martian expedition. This includes activities like maneuvering an advanced Mars Rover, embarking on missions to discover water evidence, gathering water ice specimens, and aiding other explorers. Additionally, the experience incorporates a creative aspect, allowing players to construct their own vehicles, thereby gaining experience points and rewards.

Starbucks is now offering substantial benefits for those who own its NFTs, including an all-expenses-paid journey to Costa Rica, among other rewards for top-tier NFT holders from its Odyssey collection. Starbucks is adding a unique twist by providing both tangible and digital incentives through its Web3 endeavor. Participants simply need to complete journeys and accumulate stamps. As per a recent announcement from a Starbucks Odyssey Community Lead, the top 20 members with the highest points by January 1, 2024, will qualify for this exclusive excursion. The objective of this initiative is to enhance the allure of the program and broaden its influence in 2024. This enhancement of the holder’s experience includes an in-depth exploration of Starbucks’ own coffee farm, allowing for a more intimate connection with the coffee universe.

OnChain Insurance Industry News

Neptune Mutual announced the launch of their New Year Rewards Campaign, in which cover policy purchasers will receive 110% cashback on cover policy fees for all policies purchased across Ethereum, Arbitrum, and the BNB chain.

1 Like