In brief⚡
Scammers made a profit of ~$12K in an Exit Scam via a Fake GPT Token.
Algodex on Algorand lost ~$55K in a private key compromise.
An Oracle Attack caused TenderFi on Arbitrum to lose ~$1.59 Million.
Due to a smart contract vulnerability, the Phoenix project lost ~$100K.
ProTradex (PTD) on BNB Chain suffered a loss of ~$689K.
Hackers profited ~$80K from DKP Token in a Flash Loan Attack.
Hacks and Scams⚠️
Fake GPT Token
Amount of Loss: ~ $12000
Analysis
Scammers are releasing fake ChatGPT-branded tokens to capitalize on the AI tool's popularity.
According to one issuer, dozens of tokens were created using a pump-and-dump scheme.
The market capitalization of the most popular ChatGPT-branded token exceeded $250 million.
On March 6, the deployer removed the LP, resulting in a 99% slippage and deposited 42.8 BNB ($12k) into TornadoCash.
Algodex
Amount of Loss: ~ $55000
Analysis
Algorand's Algodex had been compromised. It has caused a ~$55000 loss.
The exploit appears to be similar to ongoing incidents in the Algorand ecosystem.
ALGX tokens worth approximately $25,000 were taken to provide liquidity rewards to Algodex users. The Company will completely replace this.
ALGX and $Algo tokens worth $30k were removed from Algodex tinymanorg pools after the actor accessed and redeemed liquidity tokens from our compromised wallet.
TenderFi
Amount of Loss: ~ $1.59M
Analysis
A white hat hacker exploiting a misconfigured oracle drains $1.59 million from DeFi lending platform Tender.fi.
The hacker retained 62.15 $ETH as a bug bounty and returned the remainder.
The underlying cause of the attack was the Oracle contract at the address -
0x614157925d4b6f7396cde6434998bfd04789272d
; the code contains a coding error that incorrectly multiplied the price by 1e20.First, the attacker created 19,537 tGMX to be used in subsequent attacks.
After that, the attacker deposited tGMX to borrow various assets. In the function '
getUnderlyingPrice
,' the collateral price of tGMX is multiplied by 1e10 to obtain the unit in wei.However, in the function '
getGmxPrice
,' the price is multiplied by 1e20 once more. In the new oracle, the return value of 'latestAnswer' is already in 1e8. As a result, 1e20 should not be multiplied again.
Phoenix
Amount of Loss: ~ $100K
Analysis
The Phoenix on Polygon was tainted. A Smart Contracts Vulnerability caused the loss of $100,000.
In a stealth attack, the attacker uses a reflection attack with a self-created token $OPTS to syphon off money ("borrows") continuously. Once 100,000 USDC have been accumulated; they are bridged off using celer.
ProTradex
Amount of Loss: ~ $698000
Analysis
The ProTradex (PTD) on the BNB Chain was hacked. An Exit Scam caused a $698000 loss.
Exploiter's address:
0x6b63f5de3eeb12bddb350df4106013ae357d8743
Contract address:
0x04A2cE3dFd151E7299df6CD9bB46684F4C85f934
DKP Token
Amount of Loss: ~ $80000
Analysis
The DKP Token on the BNB Chain was hacked.
Flash Loan Attacks caused a loss of $80000.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
NFT Marketplace Smart Contract Audit Guidelines
NFT marketplace is a platform that facilitates and simplifies NFT ownership transfer exchange and has NFT marketplace rules for buying and selling. It is a marketplace where various NFTs are listed for sale, and different buying and bidding mechanisms improve the sellers' experience. Buyers have a positive experience, thanks to the security of smart contracts.
4 Most Useful Smart Contract Debugging Tools
Building blockchain applications requires the development of smart contracts. But, as with any other software development cycle, debugging smart contracts can be difficult at times, and because we are frequently dealing with large sums of money, we cannot afford to leave anything to chance. We must be experts at both writing smart contracts and debugging them. That is why we created this blog, so you can learn about debugging from the experts.
Tune in to Engaging Twitter Spaces & Webinars! 🎙️
AMA ❤️🔥*Aurority x QuillAudits*❤️🔥
Web3 Community Spotlight🔦
#BreakTheTestnet; Find a Bug and Claim your Reward💰
Identifying problems is the first step towards creating a product that exceeds user expectations. While not everyone is willing to admit and correct their errors, the 5ire Bug Bounty Program rewards individuals for detecting and reporting vulnerabilities in the 5ire network.
Following the release of Testnet: Thunder (Beta), our Bug Bounty Program demonstrates our commitment to ensuring the blockchain's security.