In brief⚡
Events Under the Spotlight💥
Mango Markets suffers $115 million due to a hack
Mango Markets, a Solana-based defi project that offers borrowing, lending, and leverage trading, was taken advantage of for more than $116 million.
The attacker appears to have manipulated the platform's perception of the value of their collateral, allowing them to obtain large loans from the project treasury.
The attacker borrowed $116 million, leaving Mango's treasury with a -116.7 million negative balance.
USDC, MSOL, SOL, BTC, USDT, SRM, and MNGO were all depleted, effectively erasing Mango's liquidity.
In exchange for Mango Markets promising to repay bad debt with USDC held in its treasury, the hacker proposes returning stolen MSOL, SOL, and MNGO.
Debanks’ Rabby Wallet Smart Contract Exploited For $0.19M
The open-source browser plugin, which allows users to transfer funds between chains, was reportedly sold for $200,000.
Hackers were able to transfer user funds thanks to an exploit discovered in its smart contract.
The attack had an impact on assets across multiple chains. Shortly after the hack, the attacker sent 114 ETH ($146,000) and 179 BNB ($48,500) through Tornado Cash.
Rabby Swap has since requested that users revoke their approvals on all chains and has warned of fake accounts offering assistance.
DeFi Protocol TempleDAO's STAX Finance Exploited For $2.3M
A vulnerability was discovered in the smart contract for the STAX project, which is based on the TempleDAO defi protocol.
The exploit's root cause was insufficient access control to the protocol's smart contract function
migrateStake
.This allowed the hacker to deploy a malicious contract that looked similar to the old staking contract but did not transfer funds to the new contract.
Hackers withdrew 321,155 xLP tokens, converting them to 1,831 ETH (approximately $2.34 million).
TempleDAO is worth $56.93 million in total, with the exploit accounting for about 4% of the protocol's assets.
Bridge Hack Costs QAN platform Over $1 Million
QAN Platform's Ethereum bridge smart contract was exploited for over $1 million on October 11, 2022.
Attackers looted over 1.4 billion QANX tokenswhich, followedd by additional smaller transactions to the same address, this time sending 28.6 million QANX, or roughly $20,500.
The exploiter took 1.4 billion QANX from the deployer's address and exchanged it for 3,090 $BNB ($837.5k) and 256 $ETH ($328k). Let's say the total is around $1.2 million.
The Micro Elements siphoned off ~$548,600 in a Rug Pull Scam
The Micro Elements (TME) project is a rip-off, with a drop of over 95%.
Approximately $548,600 was stolen from the BSC address 0xd631464f596e2ff3b9fe67a0ae10f6b73637f71e.
It is not to be confused with the other ~30 tokens bearing the TME symbol.
The Journey of Awakening (ATK) suffered $120,000 flash loan attack
A flash loan attack occurred on the Journey of Awakening (ATK) project.
The attacker used a flash loan attack to obtain many ATK tokens from the ATK project's strategy contract (0x96bF2E6CC029363B57Ffa5984b943f825D333614).
The attackers have sold all of the obtained ATK tokens for approximately $120,000 in BSC-USD, and the stolen funds are being exchanged for BNB and transferred to Tornado Cash.
Crypto Exchange FTX Suffers as a Result of GAS Stealing Vulnerability
The crypto exchange FTX lost 81 ETH due to a GAS theft vulnerability.
The hacker's address obtained over 100 million XEN Tokens, converted some XEN into 61 ETH,, and transferred to FTX and Binance via DoDo, Uniswap, and Decentralized Trading Platforms.
According to the vulnerability analysis, FTX has no restrictions on the recipient address of the contract address.
The theft of GAS is still ongoing. Withdrawals from FTX are fee-free, giving attackers great convenience at no cost to steal.