TL;DR
- Over $157 million was lost in multiple DeFi hacks.
- Degen Distillery joined forces with Google and BrewDog for an NFT initiative.
- Gucci unveiled Cosmos Land in The Sandbox Metaverse.
- Magic Eden enhances support for Polygon with an NFT aggregator.
Blockchain Hacks
TrustPad was exploited on the BNB Chain due to a smart contract vulnerability, which resulted in a loss of 615.03 BNB, worth approximately $152,000. The root cause of the exploit is due to multiple design flaws within its staking contracts. Essentially, the attacker was able to harvest the pending rewards by manipulating the lock period via an untrusted external call. The exploiter was able to manipulate contract functions to reset lock-in periods and reward calculations, thereby repeatedly depositing and withdrawing tokens. This process artificially inflated their reward balance without the intended time-bound restrictions.
An MEV bot was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of funds worth approximately $2 million. The root cause of the exploit is a lack of access control in one of the privileged public functions of the contract, which could be exploited to manipulate swaps in the Curve Finance-based pools. This allowed the exploiter to first abuse the flawed function to pump the asset price and then make a reverse swap to take away their share of profit.
CoinSpot was exploited across two of its hot wallets, resulting in a loss of over 1,283 ETH, worth approximately $2.472 million. The root cause of the exploit is reportedly due to the compromise of its private keys. We have shared a detailed analysis of the exploit in this blog.
The hot wallet of Poloniex was exploited, reportedly due to the compromise of its private keys caused by a coordinated phishing attack or the dissemination of a malicious virus, which resulted in a loss of assets worth over $123 million. In this blog, we have shared a detailed analysis of this exploit.
GROK was exploited on the Ethereum Mainnet, which resulted in a loss of 26 ETH, worth approximately $56,000. The root cause of the exploit is the lack of slippage control. The attacker was able to harvest more GROK tokens with a reverse swap due to a vulnerability in the transfer function in which the swap functionality could be triggered if the contract balance was greater than the tax threshold.
The Raft Protocol was exploited on the Ethereum Mainnet due to a smart contract vulnerability, which resulted in a loss of 1577 ETH, worth approximately $3,300,000. The root cause of the exploit is a precision loss error when minting share tokens, which enabled the exploiter to obtain extra share tokens. Despite looting 1,577 ETH, the exploiter burned 1,570 ETH and sent the remaining 7 ETH to themselves. The exploiter had pulled approximately 18 ETH from Tornado Cash before the attack and was left with 14 ETH after the attack, thereby ultimately losing 4 ETH during the entire process of the heist. In this blog, we have shared a detailed analysis of the exploit.
An unknown DeFi user was the target of a probable phishing attack, which saw them lose approximately $27 million worth of assets. Reports reveal that the stolen assets in USDT were quickly swapped for ETH, then transferred to a number of services, including FixedFloat and ChangeNow, among others, and bridged to Bitcoin via THORChain.
Metaverse, and NFTs
Degen Distillery, an innovative spirits company based in London, is launching a captivating NFT initiative on November 15, supported by Google and BrewDog. This project integrates NFTs into its business framework, with the ORIGO Origin NFT serving as a key entry point into the brand’s ecosystem, offering a blend of digital and physical benefits. The initial benefit for ORIGO NFT owners is access to Degen Distillery’s first product, a limited-edition vodka named 721, reflecting the number of NFTs available. Owners of the Vodka 721 digital asset have the choice to retain it, exchange it for an actual bottle of vodka, or trade the virtual bottle for profit. Furthermore, by acquiring an ORIGO NFT at a cost of 0.1 ETH, collectors get a unique chance to generate revenue by licensing their IP rights in areas like art, music, and technology, contributing to the development of future products from Degen Distillery.
The renowned Gucci Cosmos exhibition, typically hosted at The Strand in London, has transitioned into the Metaverse, establishing its presence in The Sandbox as Gucci Cosmos Land. The exhibition, curated by Maria Luisa Frisa, features a collection of Gucci’s archival designs and is brought to life through the artistic vision of Es Devlin. This virtual iteration allows global visitors in The Sandbox to experience Gucci’s iconic UK exhibition and explore the brand’s 102-year history. Upon entering Gucci Cosmos Land, visitors are greeted by a striking red and gold corridor, symbolizing the early career of Gucci’s founder, Guccio Gucci, at London’s Savoy Hotel. As visitors progress, they encounter a blue room filled with a vast array of digital Gucci bags, showcasing the brand’s evolution. Participants are encouraged to navigate through various themed worlds and complete metaverse challenges, and the first 100 to succeed will have the opportunity to virtually showcase one of four runway outfits and share in a prize pool of 100 SAND tokens.
Magic Eden is updating its support for the Polygon chain by adding new functionalities. This includes a new set of features, including an NFT aggregator tool that will merge collections from several platforms. This development is announced shortly after the company’s substantial partnership with Yuga Labs, creators of Bored Ape Yacht Club, for building an Ethereum NFT marketplace that acknowledges creator fees. Additionally, the marketplace is implementing royalty enforcement in its Polygon NFT marketplace and has recently made its Polygon API tool available to the public, which allows projects to incorporate marketplace features.
OnChain Insurance Industry News
Neptune Mutual announced the completion of the security audit of their Liquidity Gauge Pool feature by Hacken. This included several contracts responsible for managing the allocation of NPM emissions to cover pool LPs.