In brief⚡
💥 BBiswap's Oopsie Alert: $710K Gone with the Wind!
🗳️ Aave Fork's Governance Gone Wrong: $930K Takes a Vanishing Act!
🔓 Poly Network's Unlucky Streak Strikes Again: A Whopping $10M Plundered!
💸 Encryption AI Scam Shake-Up: Investors Left Empty-Handed, $2M Vanishes!
🔒 Multichain's Rocky Ride: Exploited for $126K, the Tides Take a Turn!
Hacks and Scams⚠️
BBiswap
Amount of Loss: ~ $710K
Analysis
BiSwap, the cutting-edge BSC cross-chain trading platform, swiftly addressed and resolved a vulnerability in their Migrator contract.
The team detected and resolved the Migrator contract vulnerability.
While assuring the safety of assets within the Biswap V2 and V3 AMM protocols, the team took preventive measures by restricting access to the migration process via the website.
They advised users against directly accessing the exploited Migrator contract and encouraged those who hadn't already done so to withdraw their approval of these contracts.
The incident, resulting in an estimated $710,000 in damages, is currently under thorough investigation, with a detailed report forthcoming. Notably, the vulnerability in question is unrelated to the security of funds in AMM V2 and V3.
Aave fork
Amount of Loss: ~ $930K
Analysis
The Aave fork project operating on the Pulse chain recently fell victim to a governance attack.
The attacker's strategy involved acquiring a substantial number of Aave tokens to gain control over the project's governance. Subsequently, the hacker deployed multiple contracts with the aim of manipulating the implementation of the proxy contract address.
By exploiting users' authorized contracts that remained unrevoked, the attacker orchestrated the transfer of funds, including WBTC, YFI, BAL, AAVE, UNI, and other tokens, away from unsuspecting users.
The stolen funds were skillfully converted to ETH using a cross-chain bridge protocol before being sent to the Ethereum address 0xA30190b96FaEe0080144aA0B7645081Fcbf49E6F.
Ultimately, the attacker reaped a profit of 483 ETH, equivalent to approximately $930,000.
Poly Network
Amount of Loss: ~ $10M
Analysis
The Poly Network, an esteemed cross-chain interoperability protocol, has suffered yet another attack, impacting 57 assets across 10 different blockchains.
In their exploits, the hackers leveraged various platforms like Kucoin, FixedFloat, ChangeNOW, Tornado Cash, Uniswap, PancakeSwap, OpenOcean, Wing, and more.
Notably, certain stolen tokens, including sUSD, RFuel, and COOK, were swiftly swapped by the hacker for mainstream assets, amounting to a staggering $1.22 million, utilizing Uniswap and PancakeSwap.
However, a portion of the pilfered funds, dispersed across more than 60 addresses spanning multiple chains, remains untransferred, adding an air of uncertainty to the situation.
Encryption AI
Amount of Loss: ~ $2M
Analysis
In a shocking turn of events, Encryption AI (0XENCRYPT) has suffered a colossal 99% crash, resulting in a staggering $2 million loss due to a rug pull executed by the very developer behind the project.
Startling revelations emerged from the developer's message, highlighting a severe online gambling addiction with nearly $300,000 in losses over the past two months.
This rug pull incident serves as a disheartening addition to the growing list of projects utilizing AI to entice investors, leaving no assurance of a project relaunch.
Investors are urged to exercise caution in light of such risks.
Multichain
Amount of Loss: ~ $126M
Analysis
A staggering sum of approximately $126 million worth of tokens has been withdrawn from the Multichain bridge operating on the Fantom network, triggering an alarm in the crypto community.
Notably, the haul includes 7,200 WETH (equivalent to around $13.7 million) and $4 million in stablecoin DAI, comprising a total value surpassing $100 million.
Tokens such as Chainlink, YFI, Wootrade Network, and UniDex have also been affected, accounting for nearly a quarter of their total supply.
Meanwhile, the Moonriver bridge on Multichain has witnessed asset movements, with 4.8 million USDC and 1 million USDT transferred.
The anomalous fund flows have extended to Dogechain as well, where at least 660,000 USDC ended up in the same wallet associated with Moonriver's transactions.
Heightened vigilance and caution are advised amidst this significant token exodus.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
Transaction Malleability Attack Explained
The Mt. Gox theft remains an infamous incident etched in the annals of cryptocurrency history, resulting in a jaw-dropping loss of 850,000 bitcoins during a time when bitcoin prices were soaring. This catastrophic event inflicted a severe blow to investor confidence in BTC, prompting a deeper exploration into the nature of the attack that posed a grave threat to crypto holdings. At the heart of this heist lies a sophisticated attack strategy known as the "Transaction Malleability attack," which unfolded with intricate precision, leaving a lasting impact on the cryptocurrency landscape.