Weekly Report (May-20)


  • Over $27.15 million was lost in multiple DeFi hacks.
  • Mercedes-Benz NXT and Mojito set to debut a new set of NFT collections.
  • Animoca Brands Japan and Quidd partnered to launch new digital collectible cards.

Blockchain Hacks

Pii Park, a bogus PI token, was identified as a scam in which funds worth $490,000 were misappropriated. When users call the open position function of the associated contract, they are changed with a small fee in MATIC, with a portion of it sent to an EOA and the other portion swapped for the PI token. The PI tokens were consolidated into an EOA, which further distributed them to three wallets that ultimately dumped them. The initial EOA had also dumped their assets and later laundered the stolen funds through Fixed Float.

Sonne Finance was exploited on the Optimism Mainnet due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $20 million. The root cause of the exploit is a precision-loss vulnerability. The attack vector is a well-known issue on all of the CompoundV2 forks. We have shared a detailed analysis of the exploit in this blog.

Predy Finance was exploited on the Arbitrum chain due to a smart contract vulnerability, which resulted in a loss of 83.7 ETH and 219,585 USDC, totaling approximately $464,000. The root cause of the exploit is a lack of regulated access control. In this blog, we shared a detailed analysis of the exploit.

The XLink bridge of Alex Lab was exploited on the BNB chain, which resulted in a loss of assets worth approximately $4.3 million. The root cause of the exploit is a compromise of the private keys of the deployer wallet, likely due to a phishing attack.

A former employee of pumpdotfun abused their administrative privileges to steal over 12,300 SOL tokens, causing a loss of assets worth approximately $1.9 million. The attacker took a flash loan from Margin Finance, bought till the full curve in pumpdotfun, withdrew the liquidity, and then repaid the borrowed flash loan. These assets should supposedly be used to create a Raydium pool, but instead they were donated to a random EOA. The attacker was a cosigner of all of the exploited transactions; therefore, the attack could be resolved to a private key compromise of the admin account. The perpetrator was reportedly arrested by British law enforcement but then released on bail later.

Metaverse, and NFTs

Mercedes-Benz NXT and Mojito have collaborated to launch a new NFT collection titled The Era of Technology. This collection, which is part of the Icon series, will showcase six legendary cars produced by Mercedes-Benz from 2000 to 2017. Among these are the Maybach Landaulet, Mercedes-Benz S 560 Cabriolet, Mercedes-Benz CLS 500, and Mercedes-Benz G 63 AMG 6×6, along with others. Each NFT in the collection will feature 62 unique traits divided into five categories. The sale will commence on May 21 and continue until May 28, with each of the 780 NFTs priced at 0.08 ETH. Special discounts are available for previous core collection collectors and Superdackel holders, offering reductions of 30% and 15%, respectively. Moreover, Maschine and Mercedes-Benz NXT Eternities holders will receive either free mint passes or discounted mint passes, which will be burned upon redemption.

Animoca Brands Japan, a key subsidiary of Animoca Brands, has announced the launch of digital collectible cards on the Quidd NFT marketplace, which is another subsidiary of Animoca Brands. These collectibles will showcase significant scenes and characters from Hiro Mashima’s popular series, making them essential for any Fairy Tail enthusiast. The initial release will feature 29 characters, including Natsu, Lucy, and Happy, with each card highlighting pivotal scenes from the manga, personally selected and approved by Hiro Mashima. These cards will come in various rarity levels. Starting May 24, Quidd will open sales for the collection, offering three types of packs: Standard Packs at $1.49 (3-card pack), Ultra Packs at $2.49 (6-card pack), and Mega Packs at $3.49 (10-card pack).

OnChain Insurance Industry News

Neptune Mutual started the voting process for the governance proposal for the gauge controller emissions for Epoch #2 on Snapshot. Liquidity Providers of the Popular DeFi Apps and Prime dApps of the Neptunite Arbitrum Marketplace are invited to participate in voting and allocation decisions. In Epoch #2, another 375,000 NPM emissions are available as rewards to qualifying cover pool LPs.