Weekly Report (Mar-18)


  • Over $8.57 million was lost in multiple DeFi hacks.
  • IRCTC launched NFT train tickets for the Holi festival.
  • Black Mirror unveiled the NFT collection and Metaverse experience on Base.
  • DC Comics releases a follow-up Batman NFT Collection.

Blockchain Hacks

Polyhedra was exploited due to the compromise of the private keys, which resulted in a loss of 1,400,323 THENA tokens worth approximately $760,000. The contract was maliciously upgraded following the leakage of the private key of the administrator account. The exploiter swapped all of the stolen assets for 1,299 BNB tokens. According to the team, the incident resulted from intentional theft rather than a vulnerability in the contract itself.

Cloud AI reported that both their deployer and treasury accounts were compromised by the hackers, resulting in a loss of 58,900 CloudAI tokens, amongst other assets, totaling approximately $360,000. According to the team, a developer of the protocol was invited for a job interview and got infected by running the npm installation script on a project.

MOBOX was exploited due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $750,000. The root cause of the exploit is a vulnerability in the borrow method of their contract. The social media account of the project on X (formerly Twitter) has since been deleted.

Mozaic Finance was exploited on the Arbitrum chain, which resulted in the loss of assets worth approximately $2.1 million. The root cause of the exploit is the compromise of the private keys on the vault’s master address. The attacker transferred all of the stolen assets to the MEXC exchange, which were ultimately frozen for rescue. According to the team, the attacker was a Mozaic developer who had illegally obtained the private keys of a security module by compromising the data of a core team member. The developer was aware of the team’s security upgrades and took advantage of the limited window that remained. The price of the underlying MOZ token dropped by over 80% following the exploit.

The hot wallets of Remilia, the parent company of Milady, and its multisignature treasury were compromised, which resulted in a loss of assets worth over $2 million. The multisignature treasury required 3/4 signers to execute a transaction. According to reports, a single Bitwarden account contained all of the private keys and wallet passwords for the multisignature wallet, making it vulnerable to compromise by the attacker using a brute force attack on their password manager. The stolen assets include 493.5 ETH, $58,000 worth of USDC, 274 Miladys, and 425 Remilio, amongst others.

An account impersonating Ansem phished multiple users for over $2.6 million worth of assets simply by replying to each of their posts on X and by taking advantage of the meme coin craze. One of the largest victims lost approximately $1.2 million during this course.

Metaverse, and NFTs

The Indian Railway Catering and Tourism Corporation (IRCTC) unveiled plans to offer NFT tickets on certain Tejas trains for those journeying from Delhi to Lucknow during the Holi celebrations. This offer, available from March 20 through April 2, applies to passengers on Tejas trains with numbers 82501 and 82502, allowing them to receive NFT tickets. These digital passes will showcase artistic depictions of well-known landmarks from Delhi and Lucknow, highlighting India’s extensive cultural history. This effort not only commemorates the exuberant Holi festival but also merges classical motifs with the latest digital advancements on IRCTC’s platforms. IRCTC’s deployment of NFT tickets could be a significant move towards integrating blockchain technology within the Indian railway infrastructure. Although it is yet to be decided whether these NFT tickets will incur an extra fee, this initiative indicates the railway’s willingness to embrace digital innovation.

The renowned dystopian series Black Mirror unveiled an NFT collection and metaverse experience dubbed Black Mirror: Smile Club. Drawing inspiration from the Nosedive episode, this NFT initiative was developed in collaboration with prominent artists and collaborators. It began with an exhibition in Times Square, featuring famous figures such as Deadmau5, Yat Siu, Jesse Pollak, Dixon, and Blond:ish, among others. Fans who create an NFT character will have the chance to engage in quests, puzzles, and social tasks to gather SMLE points. These NFTs are designed to increase engagement among the early participants by offering them points that enhance their social ranking within the game’s hierarchical society. The sooner a fan mints their NFT, the more points they can earn, aiming for a top-tier 5-star status. Furthermore, the NFT characters are interactive, evolving as their owners take part in the Smile Club ecosystem.

Batman is making a comeback on the blockchain with the newest series of Bat Cowls NFTs. The Legacy Cowls NFT collection merges Batman’s storied past with the latest Web3 innovations, offering a gateway to an engaging journey through Gotham City. DC Comics and Warner Brothers Discovery Group are launching this collection on the Palm blockchain, with the release scheduled for March 29th on Candy Digital’s platform, priced at $49.99 each. This collection features 11,544 NFTs themed around Batman, celebrating the 85th anniversary of the iconic superhero’s debut in DC Comics. The collection includes 3D artwork by DC’s Pablo M. Collar and narratives by Dan Abnett. Owners of these NFTs will gain access to upcoming releases, AR experiences on Meta platforms, and the opportunity to influence future creative directions.

OnChain Insurance Industry News

Neptune Mutual announced on their monthly Discord Townhall that their vote escrow feature is set to launch soon in their testnet application. Stay tuned to their X profile for the upcoming announcement.

Arbinauts continue to purchase cover policies in the Neptune Mutual marketplace to mitigate the risks of smart contract vulnerabilities. Utilization of the 1inch V3 cover product on the Arbitrum network grows beyond 10%, and the AAVE cover product leads in terms of the number of users purchasing a cover policy.