Weekly Report (May-27)


  • Over $29.41 million was lost in multiple DeFi hacks.
  • Cristiano Ronaldo announced the launch of his NFT collection on Binance NFT Marketplace.
  • Oasys debuts the Captain Tsubasa NFT soccer game with Genesis NFTs.
  • Iran is set to embrace Metaverse technology for agricultural advancements.

Blockchain Hacks

Gala Games was exploited on the Ethereum Mainnet, which resulted in the minting of 5 billion GALA tokens, which were worth approximately $219 million. The root cause of the exploit remains unknown or uncertain, but it is speculated to be a private key compromise. Eric Schiermeyer, the CEO of Gala Games, took to X (formerly Twitter) to highlight that the Gala contract on the Ethereum Mainnet is guarded by a multisignature wallet, which was never compromised. This incident was the result of loosely coupled internal controls within the team. The actual loss of assets suffered by the protocol stands at $21.8 million. The excess of 4,401,236,462 GALA tokens minted during the exploit will be burned by the team. In this blog, we have shared a detailed analysis of the exploit.

TonUP, the launchpad of the TON blockchain, was exploited, which resulted in a loss of assets worth 307,264 UP tokens. The root cause of the exploit is an error by the smart contract engineer in misconfiguring the script parameters, which allowed the users to mistakenly claim the staked UP assets. The team temporarily disabled the staking reward claim functionality while addressing the incident issue.

The YON token was exploited on the BNB chain due to a smart contract vulnerability, which resulted in a loss of 190 BNB, worth approximately $118,000. The root cause of the exploit is a lack of regulated access control. The incident targeted the transfer function of the contract, which allowed the attack contact to directly transfer the YON tokens to the LP contract.

NORMIE, the memecoin on the Base network, was exploited due to a smart contract vulnerability, which resulted in a loss of assets worth approximately $490,000. The exploiter abused the loophole in the tax mechanism of the contract to orchestrate the exploit using a flash loan. As a result, the total supply of the token rose to over 240% of its fixed cap. The market cap of the coin dropped from $40 million to roughly $200,000 following the exploit.

A DeFi user apparently lost over 1,807 Ether.fi-Liquid1 tokens, or roughly $6.9 million, after being tricked into approving a malicious Permit-based phishing signature. The user has been the victim of a phishing attack twice; the first time was almost a year ago, and it cost them approximately $638,000.Utilizing a permit function, the scam allowed an off-chain permission signature to carry out transactions on behalf of a different address. This technique made it possible to transfer tokens without requiring on-chain transactions, which made theft easier.

Metaverse, and NFTs

Cristiano Ronaldo unveiled his fourth digital collectible on Binance’s NFT Marketplace. This collection includes digital art and memorabilia celebrating key moments and iconic goals from Ronaldo’s illustrious career. The NFTs will be exclusively available on Binance’s NFT Marketplace, with fixed prices for most of the collection, except for one rare NFT expected to be highly coveted. Transactions will be handled via Binance Pay using USDT tokens. Fans must register for a Binance account and complete identity verification to participate in this drop. Although the exact number of NFTs has not been disclosed, Binance confirmed that all standard NFTs will have the same price, with the exception of the final Super Super Rare NFT. Additionally, holders of the new collection will enjoy access to some of the latest utilities and enhanced benefits.

Oasys announced that Captain Tsubasa, a popular 80s manga and anime written and illustrated by Japanese author Yōichi Takahashi, is releasing a version of the NFT soccer game on its Web3 gaming blockchain. The game allows players to collect NFTs of characters from the original animated series. It allows gamers to develop characters, form teams, and play in different modes within the game. Rival mode allows players to revisit the original storyline, while a player-versus-player (PvP) mode lets gamers play against other online players. In addition, the game also features an arena mode where gamers can play 11 versus 11 soccer matches. To commemorate the game’s launch on Oasys, its Genesis NFTs will include additional features, such as increasing players’ energy points.

Iran is poised to harness metaverse technology to boost productivity in its agricultural sector, according to Hossein Farazmand, the head of Iran Agricultural Information Sciences and Technology (IAIST). Speaking at the Iran Efficiency Exhibition, Farazmand highlighted the significance of leveraging communications and information technology to enhance efficiency and productivity within the agricultural industry. He revealed that Iran’s first metaverse platform for agriculture has been launched in collaboration with a knowledge-based company, allowing the Ministry of Agriculture’s agricultural and horticultural products to be showcased in this virtual space. There are also expectations that private sector agricultural companies will use this virtual platform to market their products.

OnChain Insurance Industry News

Neptune Mutual announced that their comprehensive hack database surpassed over 800 incident reports and more than 160 detailed exploit reports.

Voting in the second Neptune Mutual Snapshot poll concluded on May 23, 2024. The vote was to decide on the allocation of the 375,000 NPM emissions available as a reward for cover pool LPs during Epoch 2. 156K NPM were staked in the Snapshot vote, and this time the community voted to allocate 65.46% of the 375,000 NPM emissions to the PRIME DAPPS diversified cover pool and the balance of emissions to the POPULAR DEFI APPS diversified pool. Epoch 2 will start on June 1, 2024, and cover pool LPs of either PRIME DAPPS or POPULAR DEFI APPS will need to lock their proof-of-deposit (POD) tokens in order to start accruing NPM emissions.