Weekly Report (Jun-19)


  • Santo Spirit Tequila launched its NFT rewards program.
  • MetaRides Racing is gearing up to release an NFT racing game.
  • Manchester United showcased their museum exhibit NFT launch.
  • Snoop Dogg takes on the world tour with the Passport Series NFT collection.

Blockchain Hacks

The Keep3r Network was exploited, during which the attacker managed to harvest 4,084 KP3R tokens, worth approximately $200,000. The attacker exploited a privileged vanity address to reset and modify the governor of several pools and launched a reentrancy attack to book their profit.

Hashflow was exploited across five different chains, which resulted in the loss of funds worth approximately $605,000. It is reported that the event was a white-hat operation, and the exploited unverified contract contained a vulnerable transferFrom function, allowing an attacker to arbitrarily transfer the assets authorized by the users. The attack contract had a recovery function that could be invoked by users to retrieve their funds. We have also shared a detailed analysis of the exploit in this blog.

The USDC pool of the LEV token and the USDT pool of the DEP token were exploited, which resulted in a loss of funds worth $36,000 and $69,000, respectively. The root cause of the attack is a public approveToken function in one of their contracts, allowing anyone to get an arbitary authorization as a spender of that contract.

VPANDA DAO experienced a severe security breach, resulting in a loss of approximately $870,000. The contract owner may have been phished to have their private keys compromised, after which the exploiter withdrew approximately 1,500,085 VPANDA DAO tokens and swapped them for profits. The price of their token dropped by over 99% following the occurrence of the exploit.

The ERC-20 liquidity reserve fund of Pawn Finance was exploited in a series of transactions, which resulted in a total loss of approximately $800,000. The vulnerability occurred because the protocol failed to verify whether the NFT had actually been transferred when users used a specified NFT as collateral for borrowing. The attacker took a flash loan of 220,000 APE tokens from Uniswap and used a newly created contract to invoke a call to the vulnerable depositAndBorrowApeAndStake function that transferred the APE tokens from the ApeStaking contract to the pTokenStaking contract with parameters that bypass some logic. The exploiter then created a debt position by depositing APE tokens into the pool contract; however, the deposited amount is a user input without an actual transfer. The exploiter was able to steal assets including 7 WBTC, 190 ETH, 102,469 USDT, 6,996 USDC, and 4,276 APE tokens worth approximately $650,000, as well as 1 BAYC, 6 MAYC, and 2 BAKC.

Midas Capital was exploited due to a smart contract vulnerability, which resulted in a loss of funds worth approximately $600,000. The root cause of the exploit is due to the rounding issue in its lending protocol, which was forked from the V2 code base of Compound Finance. The attacker manipulated the exchange rate due to a bug involving division calculation on the redeem tokens operation. Essentially, when the attacker provided different amounts of the HAY/BUSD tokens, they were able to redeem the tokens in multiples of their initial supply. In this blog, we have shared a detailed analysis of the exploit.

Metaverse, and NFTs

Santo Spirits has uncorked tequila-infused NFT rewards through a customer loyalty program. The popular tequila brand, co-founded by rock legend Sammy Hagar and culinary icon Guy Fieri, unveiled Santo Spirits Club, developed on the Near blockchain in collaboration with the Web3 startup Trident3. The first 1,000 members to sign up for the Santo Spirits Club will receive complimentary NFTs as tokens of appreciation. This collection is divided into three special tiers: general, limited, and rare, and each of these NFT pops unlocks a unique set of benefits, such as autographed guitars, cutting-edge VIP encounters, and virtual tequila tastings with the co-founding partners. Other benefits, such as joining the program to advance to higher-tier digital assets, are out of the reach of the common customer and can only be obtained by purchasing Santa Spirits tequila bottles.

Snoop Dogg introduced the Passport Series NFT to complement his latest world tour. Through this digital asset, fans will be able to accompany Snoop and his team behind the scenes on their journey around the globe. The first-ever evolving tour collectible will therefore provide owners with a rare chance to experience life behind the scenes with the iconic rapper and musician. Interested users can purchase the digital collectible through the Crossmint platform for a small cost of 0.025 ETH using a crypto wallet or for $46 in traditional currency. Once acquired, holders gain access to free art airdrops, music, and merchandise, regular tour updates including videos and pictures, and priority minting for upcoming drops.

MetaRides Racing joined forces with Unstoppable Domains to launch a racing game that pushed the boundaries of interoperability between metaverses to new heights. MetaRides Racing is a decentralized 3D racing game that aims to bridge the gap between metaverses. The game will also have digital dealerships and collectible NFT-based automobiles that can travel across virtual worlds. Unstoppable domain holders will also be able to display their identities with digital car collections. These NFT automobiles will be interoperable, letting users personalize them with different colors, body designs, and licence plates using Web3 domain extensions such as .x, .crypto, and .nft.

Manchester United revealed its museum exhibit, created in conjunction with Tezos. The digital collectibles exhibit, which is now accessible to the general public, featured an immersive exploration of the Web3 universe and a variety of brand-new club memorabilia. The emergence of NFTs made this event possible, and fans from all over the world traveled to Manchester to take part, which marked a significant occasion for the club. Since its initial launch in December 2022, over 750,000 Manchester United supporters have acquired NFTs, resulting in a massive increase in contract interactions on the Tezos blockchain. These collectibles also grant access to exclusive channels within the official Manchester United Discord community. The NFT holders could also immerse themselves in matchday experiences by accessing behind-the-scenes footage not available elsewhere.

OnChain Insurance Industry News

Neptune Mutual announced the launch of their free-to-mint NFT collection of exclusive artworks for the Neptunite community.

InsurAce Protocol announced that the V2 model of their INSUR token and governance is currently a work in progress.