In brief⚡
BABYDOLL lost ~$13.1 K in a flash loan attack.
HakunaMatata lost ~ $ 10K in a flash loan attack.
Dynamic DYFA Token lost ~$22.4K in a flash loan attack.
BlockTower Capital Loses ~$1.5M in DeFi Market Aggregator Dexible Exploit
~$ 29,000 was stolen from Revert Finance by hackers in the recent exploit.
~$166K lost in Snowfall Protocol exits scam.
Hacks and Scams⚠️
BABYDOLL
Amount of Loss: ~ ~$13.1 K
Analysis
A flash loan attack on project BABYDOLL (BABYDOLL) resulted in a loss of ~$13.1 K.
The attacker used the DDPAdvanced to borrow 1,182 WBNB. The attacker then changed the 12 WBNB tokens in the BABYDOLL-WBNB pair to 0.000000000001 BABYDOLL tokens.
The exploiter used the burn function several times, destroying 512,214,291,933,042 BABYDOLL tokens. Because the BABYDOLL-WBNB pair is not excluded, the reflection mechanism influences its balance.
The attacker destroyed the tokens, lowering the value of "_tTotal" and the balance of BABYDOLL-WBNB.
The attacker used the tilted reserves in the pool to call the swap function and obtain 37 WBNB. Finally, the attacker returned the flash loan and walked away with 25 BNB ($7.9K).
The attacker used the same mechanism to exploit similar vulnerabilities on four other tokens, resulting in a total loss of 41.4 BNB or $13.1 K.
HakunaMatata
Amount of Loss: ~$10K
Analysis
In a flash loan attack, the attacker 0xE7bD1ea7f83Bd174Fcd765f24529a3DAA28eAa52 earned 33 wbnb (~$10,000).
Through flash loan and the functions
deliver
andburn
, the exploiter manipulatestTotal
andrTotal
in deflationary tokens.Steps involved in the hack: Swap a large number of $TATA to call deliver to update
rTotal
andtFeeTotal
->Burn tTotal
Using the burn function ->Call deliver
to update itsrTotal
.Because the balance corresponding to the lp pool in this deflationary token is very small (10) after synchronising the reserve, the attacker can swap out more Wbnb.
Dynamic DYFA Token
Amount of Loss: ~$22.4K
Analysis
The DYNA staking contract was hacked on 2.22.23 at approximately 5:40 am UTC due to the accounting of the incorrect staking DYNA deposit function.
As a result, 73.8 BNB, or $23,000, were drained from the DYNA liquidity pool.
The hacker still needs to move funds, but we anticipate they will do so soon using a mixer such as Tornado Cash or something similar.
BlockTower Capital
Amount of Loss: ~$1.5M
Analysis
BlockTower Capital suffers a $1.5 million loss in the DeFi Market Aggregator ‘Dexterous Exploit’.
The hacker took advantage of a flaw in smart contract code to drain funds from specific cryptocurrency wallets.
According to the team, "a small number of whales" lost 85% of the funds stolen during the attack.
According to the data on the chain, Block Tower Capital, a digital asset investment firm, was one of the victims.
In this incident, $1.5 million in TRU tokens were stolen from the address Block Tower Capital. TRU tokens were transferred to SushiSwap for ether (ETH) and then to TornadoCash.
Revert Finance
Amount of Loss: ~$ 29,000
Analysis
Revert Finance, an AMM liquidity management protocol, announced on Twitter that its
v3utils
contract had been attacked, with 90% of the funds stolen from a single account.22983.235188 USDC, 4106.316699 USDT, 485.5786287699002 OP, 0.18217977664322793 WETH, 36.59093198260223 DAI, 211.21463945524238 WMATIC, and 22 Premia were among the stolen assets. That works out to about $29,000 at current prices.
Snowfall Protocol
Amount of Loss: ~$166K
Analysis
An exit scam on the Snowfallcoin (SNW) project resulted in a price drop of over 97%.
The deployer has removed 536.5 WBNB from the project's liquidity.
The deployer then sends 536.5 WBNB to EOA 0xEc6... The total amount stolen is estimated to be $166,000.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
Security Analysis of the ERC 1155 NFT Smart Contract
All ERCs, such as 20 and 721, are standards for developing smart contracts tailored to specific NFT scenarios. We have ERC 721, and fungible tokens like USDT and DAI adhere to ERC 20 guidelines. ERC 1155 is one standard involving ERC 20 and ERC 721 functions and properties.
Understanding Security Issues in the NFT Ecosystem
This paper first provides a systematic overview of the NFT ecosystem, identifying three major actors: marketplaces, external entities, and users. We conduct an in-depth analysis of the top eight marketplaces (ranked by transaction volume) to identify potential issues with such marketplaces. Many of these issues can result in significant financial losses.
A Survey: Security, Transparency, and Scalability Issues of NFTs and Its Marketplaces
This research paper focuses on the technical components that enable NFTs and their marketplace. The review explains its features, their relation, and why they are important. The report examines the challenges that NFTs and marketplaces face in terms of security, transparency, and scalability, as well as the consequences that have led to these issues and how they will be addressed, as well as future opportunities.
Tune in to Engaging Twitter Spaces & Webinars! 🎙️
Web3 Community Spotlight🔦
QuillAudits partners with Blockchain Founders Group
Making India Web3 Secure