Weekly Report (Jun-03)


  • Over $315.6 million was lost in multiple DeFi hacks.
  • Animoca Brands Japan unveiled the SORAH NFT launchpad.
  • Square Enix transitions Symbiogenesis to Arbitrum with a new NFT auction.
  • STR8FIRE introduced their Genesis NFTs, promising exclusive rewards.

Blockchain Hacks

The Orion protocol was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $645,000. The root cause of the exploit is likely to be double-counted collateral due to a flawed business logic within the staking mechanism, allowing for the manipulation of liability accounting.

Meta Dragon was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $180,000. As a result of the attack, all of the Meta NFTs from the team were taken away.

Scroll was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of 73.36 ETH, worth approximately $294,000. The attacker, who was funded by Tornado Cash, deployed two malicious contracts to interact with the affected protocol. All of the liquidity was drained from the associated Uniswap pool, causing the price of the underlying SCROLL token to drop by 100%. The attack is speculated to be a rug pull by abusing the Universal Router.

The DMM exchange was exploited, which resulted in a loss of assets worth 4502.9 BTC, amounting to 48.2 billion yen or approximately $304,529,100. There can be two possible reasons for the attack vector to be successful. The transactions were directly transferred without compromising the system; therefore, it is possible that the attack involved the compromise of private keys or an exploitation of DMM’s signature services. The compromised address of DMM wallet operators, which uses a multi-signature wallet, has a history of sending funds to a DMM management address. The attacker’s address mimics this commonly used address in its starting and ending characters. This suggests the exchange wallet controller might have been tricked by an address-spoofing attack. In this blog, we have shared a detailed analysis of the exploit.

Velocore was exploited on zkSync and Linea due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $10 million. The root cause of the exploit is a logic bug leading to a faulty smart contract implementation. The exploiter converted a part of the stolen assets into ETH and then transferred approximately 1,807.38 ETH to the Ethereum Mainnet through a cross-chain bridge across two different transactions. The attacker has already laundered the stolen assets worth 1806.1 ETH, or approximately $6.9 million, to Tornado Cash. We have shared a detailed analysis of the exploit in this blog.

Metaverse, and NFTs

Animoca Brands Japan unveiled the name of its upcoming NFT launchpad, SORAH by Animoca Brands Japan, scheduled for release in the summer of 2024. SORAH, inspired by the Japanese word for sky, is designed to assist NFT projects by providing a platform for creators to sell their NFTs, utilizing a variety of sales methods and loyalty programs. This launchpad will support blockchain networks like Ethereum and Polygon, and payment options will include both credit cards and cryptocurrencies. SORAH will employ sales formats such as lotteries and a first-come, first-served approach and will be compatible with digital wallets like Metamask and WalletConnect, adhering to the ERC-721 token standard for NFTs. Additionally, the platform aims to boost the global presence of Japanese intellectual property, including manga and anime, and seeks to connect Japanese IPs with international audiences.

Square Enix has transitioned its blockchain game, Symbiogenesis, to the Ethereum layer-2 network Arbitrum to reduce gas fees and improve the user experience for NFT character minting. This move aims to significantly cut the fees from the initial minting of 500-character NFTs on the Ethereum Mainnet by about 1/1000th, making the process more affordable. Leveraging Arbitrum’s capabilities, Square Enix seeks to address high transaction costs, thus boosting adoption and engagement by enabling more players to mint NFTs without high costs. This shift aims to democratize access to the game’s blockchain features and attract a wider audience. Recently, Symbiogenesis held a public auction of 1,500 new NFT characters over three days, starting on May 31, with characters released in small batches during the auction.

STR8FIRE, an IP and entertainment startup, achieved a major milestone when its debut NFT collection, Genesis NFTs, sold out within seconds on OpenSea and Blur. STR8FIRE integrates web2 IPs into the blockchain, expanding their presence through narratives in animation, comics, games, toys, and music using Epic’s Unreal Engine and Nvidia’s Omniverse platform. The Genesis NFT collection featured 1,200 free-mint NFTs, with over 814 claimed through guaranteed spots in the initial mint phase. Holders of these Genesis NFTs will be eligible for an airdrop of STR8FIRE’s upcoming token, set to launch later in 2024, and will gain access to exclusive perks related to the project’s IP partnerships.

OnChain Insurance Industry News

Epoch 2 started over the weekend of June 1, 2024, with qualifying cover pool LPs starting to accrue a new allocation of 375,000 NPM tokens; to qualify, LPs of either PRIME DAPPS or POPULAR DEFI APPS cover pools are required to lock their proof-of-deposit tokens.

Cover policies are proving popular in the Neptune Mutual marketplace, with over 150 policies having been sold since the start of the month of June.