Weekly Report (Mar-25)


  • Over $22 million was lost in multiple DeFi hacks.
  • Immutable Games is set to unveil Guild of Guardians with NFT features.
  • Magmic unveiled a new MLB Web3 Game at GDC.
  • OKX and Immutable are set to release a Web3 gaming launchpad.
  • Forbes unveiled exclusive soulbound passes on the Ethereum Mainnet.

Blockchain Hacks

The liquidity pool of Airdao was exploited due to an elaborate social engineering scam, which resulted in a loss of 41.61 million AMB tokens and 126.6 ETH, worth approximately $961,000. The scam reportedly involved an email with malicious attachments pretending to be one of their known partners. The stolen funds were swapped to ETH and then deposited to MEXC, ChangeNOW, and KuCoin via multiple EOAs.

ParaSwap was exploited on the Polygon, Arbitrum, and Ethereum Mainnet, which resulted in a loss of assets worth approximately $24,000. The root cause of the exploit is a vulnerability in the contract’s handling of external callback functions, which allowed unauthorized redirection of funds. The quick action of the team and the intervention of the white-hat response helped secure funds worth $2.95 million across multiple chains. We have shared a detailed analysis of the exploit in this blog.

An old contract belonging to Dolomite was exploited on the Arbitrum chain, which resulted in a loss of assets worth approximately $1.8 million. The hacker took advantage of the batch transfer feature within the affected contract to orchestrate an approval-related attack, thereby enabling them to transfer tokens approved by users to the contract. The exploiter was able to steal assets, including 541 ETH and $94,000 worth of DAI, from the contract.

Lucky Star Currency was identified as a rug pull in which funds worth approximately $297,000 were misappropriated. The deployer of the contract transferred the ownership of the proxy admin to a malicious EOA, which upgraded the contract to a new implementation. This EOA then exploited users who had previously approved the proxy admin to transfer the underlying LSC and other assets.

Super Sushi Samurai (SSS) was exploited on the Blast network, which resulted in a loss of over 1,310 ETH worth approximately $4.6 million. The SSS token was deployed with a transfer logic bug that allowed anyone to transfer tokens to themselves, thereby creating an infinite mint scenario. The white-hat rescue was successful in recovering 1,310.04 ETH worth of assets, while 40.28 ETH were stolen by some other black-hat hackers. The team was also able to remove 29.09 ETH worth of liquidity. In this blog, we have shared a detailed analysis of the exploit.

The ATK token was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of 248 BNB worth approximately $195,000. The root cause of the exploit is due to the public pair token issue.

The governance token of Curio was exploited on the Ethereum Mainnet, which resulted in a loss of assets worth $16 million. The attack was possible due to a permission access logic vulnerability, which was exploited to mint an additional 1,000 billion GCT tokens.

Metaverse, and NFTs

Immutable Games revealed the worldwide debut of its eagerly awaited mobile RPG, Guild of Guardians, which is scheduled for release on May 15th across both Apple’s iOS App Store and Google’s Android Play Store. This launch invites players from across the globe to delve into the legendary world of Elderym, gathering a formidable team of Guardians to conquer the Dread. In conjunction with its worldwide release, Guild of Guardians will also unveil the Altar of Sacrifice feature on March 25th, a blockchain-driven crafting system that allows players to merge NFTs into innovative arrangements for unique rewards. To celebrate the game’s release and this novel feature, GOG will organize Eri’s Grand Opening event, offering players the chance to acquire Prayer NFTs and use them to call forth a new series of Guardians. The introduction of the Altar of Sacrifice enhances the gaming experience by permitting players to combine and offer up their existing assets in exchange for discovering new NFTs.

At the Game Developers Conference in San Francisco, Magmic unveiled their new venture: a Web3 game centered on Major League Baseball (MLB). This innovative game lets users create and manage their baseball stadiums while featuring licenses from the MLB and the MLB Players Association. Termed an idle tycoon game, it offers the chance for users to develop and upgrade their MLB stadiums and engage in player trading. Beyond delivering a captivating gaming experience to sports enthusiasts and gamers alike, Magmic’s MLB Web3 game seeks to leverage Web3 technology to facilitate a player-to-player trading platform, granting users ownership of in-game players. This introduces a dynamic where players aren’t just interactive elements but assets that users can own and possibly leverage for in-game economic benefits.

OKX and Immutable unveiled a new launchpad for web3 gaming NFTs, enabling users to acquire tokenized in-game assets and various game-related NFTs from titles on Immutable’s zkEVM network, courtesy of OKX’s integration with Immutable zkEVM. With this initiative, the OKX wallet will be incorporated into Immutable’s web3 identity platform, the Immutable Passport, and OKX’s NFT marketplace will be added to Immutable’s NFT trading platform. This collaboration adds to Immutable’s recent notable partnerships, including a significant alliance with Polygon a year ago, a formal agreement with Amazon Web Services six months ago, and a recent collaboration with Ubisoft’s Strategic Innovation Lab.

Forbes has taken a significant leap into the web3 realm with the unveiling of the Legacy Pass, a membership club that offers limited access with 1,917 soulbound passes. These passes, designed for entrepreneurs, creators, and innovators, are minted on the Ethereum blockchain. The initiative highlights the appeal of digital uniqueness and scarcity, and introduces a novel way of connecting by making the passes non-transferable. This represents a permanent bond with the Forbes brand. Forbes encourages those interested to sign up for the waitlist for the Legacy Pass. Joining the waitlist ensures an opportunity to be among the initial group to acquire these passes and provides exclusive updates and insights into the project’s development.

OnChain Insurance Industry News

Neptune Mutual’s growing community of Neptunites that are purchasing cover policies to protect their digital assets are taking to X (formerly Twitter) to encourage others to adopt DeFi Insurance and mitigate the impact of smart contract vulnerabilities. Neptunites have been tagging the projects for which they purchased cover protection and sharing the Neptune Mutual points they have accumulated, adding the hashtag #DefiInsurance.

Payouts to all those with a cover policy within days of a qualifying protocol hack are one of the main reasons that users are choosing cover policies from the Neptune Mutual marketplace.

Neptune Mutual’s bond remains one of just three bonds available in Sushi and provides users with the option to acquire NPM tokens at a significant discount to market rates. Users interested in the bond simply need to hit the bond tab at the top of the Sushi UI to find the Neptune Mutual bond.

Nexus Mutual launched Bundled Protocol Cover for Yearn Juiced Vaults to protect users in case of any smart contract hacks, liquidation failures, or governance attacks.