Weekly Report (Oct-09)


  • Over $5 million was lost in multiple DeFi hacks.
  • The Museum of Modern Art (MoMA) introduced the Postcard NFT art initiative.
  • Starbucks released NFT collections to mark their Pumpkin Spice Latte anniversary.
  • Upland joined forces with the NFL Players Association (NFLPA) to enhance the NFL metaverse experience.

Blockchain Hacks

Stars Arena was exploited due to a smart contract vulnerability, which resulted in a loss of funds worth approximately $2.9 million. The root cause of the exploit is a reentrancy attack, which was used to update the weight when the share or ticket is issued so that a single share can be sold at a much higher price of approximately 274,000 AVAX.

Galxe was a target of a DNS attack, which resulted in a loss of funds worth approximately $270,000. The team issued a community alert and urged their users to refrain from interacting with their platform temporarily. It appears that an unidentified individual posed as a legitimate Galxe member and duped their domain service provider, Dynadot, using counterfeit documentation. Consequently, this impersonator illicitly accessed the domain account and altered its settings, diverting visitors to a deceptive website controlled by them where transactions were exploited to misappropriate funds. Notably, only Galxe’s domain and front-end application were compromised; their smart contracts and technical systems remain uncompromised. An estimated 1,120 users were affected after engaging with the malicious version of their site. To address this, the team is diligently formulating a fund recovery strategy and collaborating with legal enforcement and third-party experts to recoup the affected users’ losses.

Friend.tech users have been increasingly targeted by scammers, with recent reports indicating a collective loss of around $385,000 due to a SIM swap attack. According to the most recent reports, a hacker managed to pilfer approximately 234 ETH by breaching the accounts of four users. It’s worth noting that friend.tech insecurely secures users’ registrations, making its verification processes particularly vulnerable to malicious attacks.

BigWhale.io, a DeFi lending and staking platform, has recently alerted its community of a spoofing attack, resulting in a loss of funds worth approximately $1.5 million. It appears that a hacker redirected funds from the protocol’s development and contract creator wallets to an externally owned account (EOA). In an initial response, the team pledged to reimburse all affected investors and users. Additionally, they proposed a 20% bounty to the attackers as an incentive for the return of the stolen assets. However, suspicions arose when an emergency cease-and-desist order was issued, hinting that the project’s initiators might have executed an exit scam.

Metaverse, and NFTs

The Museum of Modern Art (MoMA) has introduced an interactive, NFT-backed digital initiative dubbed Postcards. This project brings together 15 leading digital artists for a joint art venture on the Tezos blockchain. Initially, a lead artist establishes a theme and forwards a digital chain letter NFT to a peer. The recipient then designs an NFT stamp based on the given theme and hands it over to another artist. After collecting all 15 stamps, MoMA will showcase them as one unified NFT postcard.

Starbucks released a set of NFT collectibles via the Starbucks Odyssey initiative to mark the 20th anniversary of Pumpkin Spice Latte, Starbucks’ fan-favorite beverage. Only Odyssey members could buy these NFTs, which were offered in four styles, mirroring the characteristics of the actual drinks: spiced, whipped, iced, and steamed. These NFTs were available for an open edition sale, allowing unlimited minting during the sale period until Monday, October 9. Priced at $20 each, they also awarded Odyssey members 250 points each. Those purchasing the entire set of four NFTs will receive a yet-to-be-disclosed special opportunity.

Upland has revealed the ongoing success of its collaboration with the NFL Players Association (NFLPA), made possible by OneTeam. This partnership elevates fan engagement with NFL stars and teams by harnessing web3 tech in the form of interactive digital collectibles, community events, and user-generated shops. This NFLPA season offers a series of in-game activities like several Ultimate Fan Challenges, a Team Fan Score Leaderboard, and a Global Fan Score Leaderboard where players can earn exclusive NFLPA prizes. Achieving top ranks in these challenges and leaderboards entitles winners to a rich prize pool that includes UPX, Spark, Block Explorers, badges, NFLPA Series T Championship Trucks, and a unique Global Fan Score Champion Trophy.

OnChain Insurance Industry News

Neptune Mutual’s co-founder, Edward Ryall, joined a Twitter Space session hosted by InsurAce Protocol, where he discussed the protection of on-chain digital assets and the importance of DeFi insurance and parametric coverage in risk mitigation. He was also invited to another Twitter Space event hosted by DuckDAO that discussed crypto insurance and security to protect digital assets.

The Neptunite team hosted the Monthly Townhall for the month of September on their Discord server, and later uploaded the recording to their YouTube channel for those who missed it.