Weekly Report (Jan-29)


  • Over $19.3 million was lost in multiple DeFi hacks.
  • Magic Eden unveiled a trio of cross-chain NFT initiatives.
  • Axie Infinity debuts Homeland Beta with enhanced NFT features.

Blockchain Hacks

Concentric Finance was exploited on the Arbitrum chain, which resulted in a loss of 715.7 ETH, worth approximately $1.72 million. The root cause of the exploit is the compromise of the deployer wallet through a targeted social engineering attack. The protocol leveraged upgradable contracts, meaning a compromised admin or the deployer would allow an attacker to upgrade the vaults, mint new tokens, or perform any other core unintended functionalities. The attacker was able to compromise the deployer key and then upgrade the contract to drain funds from both the vault and the users who approved the token for the contract. In this blog, we have shared a detailed analysis of the exploit.

The project Bullran Index was exploited, reportedly due to a lack of access control, which resulted in a loss of 134 ETH, worth approximately $318,000.

The GAMEE token was exploited on the Polygon chain, which resulted in a loss of assets worth approximately $7 million. The root cause of the exploit is a compromised deployer key caused by unauthorized GitLab access. The attack reportedly drained 600 million GMEE tokens from the contract, all of which were swapped to MATIC. A portion of the stolen assets were then bridged to the Ethereum Mainnet. The exploit affected proprietary team token reserves, and no community-owned assets were exploited.

Nebula Revelation was exploited on the Optimism chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $180,000. The root cause of the exploit is a lack of reentrancy protection in the withdrawal function of their contracts.

Over $10 million worth of assets were stolen across four different victims due to ERC20 permit signatures. According to reports, a majority of these assets were collateral tokens. Wallet drainers support all sorts of LP tokens, collateral tokens, and NFTs and are aimed at draining user assets with just one exploited signature. Most of the victims unsuspectingly sign the simple ERC721 signature that is designed to provide gasless token approval and get drained of their assets.

Citadel Finance was exploited on the Arbitrum chain, which resulted in a loss of 43 ETH, worth approximately $93,000. The root cause of the exploit is a price manipulation of the underlying assets. We have also shared a detailed analysis of the exploit in this blog.

Metaverse, and NFTs

Magic Eden has launched three key projects aimed at bolstering its NFT marketplace: a novel rewards scheme, an initiative for open-source development, and a comprehensive cross-chain wallet on a global scale. Initially introduced on the Solana network, their rewards program is now expanding to include Ethereum, Bitcoin, and Polygon. Emphasizing the critical role of decentralization in the proliferation of NFTs, they are making their NFT protocols publicly available and contributing to the Non-Fungible DAO. This DAO, driven by NFT technology, is a community-led entity dedicated to evolving protocols for NFT commerce. The main objective of this collaboration is to promote decentralization and strengthen the NFT framework across various networks. Magic Eden’s multi-chain wallet, which underwent beta testing in late 2023, emerges as a strong contender against existing wallets like MetaMask, Rainbow, Phantom, and xVerse. Tailored for NFT enthusiasts who trade on diverse blockchains, this wallet facilitates easy transfers of cryptocurrencies between Bitcoin, Solana, Ether, and Polygon.

Axie Infinity recently introduced Homeland Beta, a captivating land-oriented game set in the digital realm of Lunacia. This new addition, which can be downloaded through Sky Mavis, is accompanied by a detailed guide aimed at both landowners and stewards. It provides gameplay advice for various skill levels and details the innovative features of the game. Homeland is integrated with Axie Infinity and allows complete access to Axie NFTs, featuring an updated rewards system with Mystic parts, a system for assessing material quality, and an Alchemy Building. The latest version also brings resource collection, item crafting, and player-versus-environment (PvE) challenges. Gamers can gather resources, create items, and dispatch NPC adventurers on missions, fostering trade opportunities within the game. To enhance the beta experience, Axie Infinity and Nexus have rolled out an intuitive Land Delegation Marketplace. This platform allows landowners to draft tailored delegation contracts with AXS incentives, set delegation durations, include termination clauses, and define plot rights for stewards.

OnChain Insurance Industry News

Neptune Mutual announced that the withdrawal cycle for their Prime dApps diversified cover on Arbitrum is open and urged LPs to withdraw their assets before February 3, 2024.

1 Like