In brief⚡
Contract vulnerability costs Level Finance ~$ 1.09 million.
XIRTAM lost 1909 ETH in a rug pull.
Hackers swept away ~$ 75K from Neverfall protocol.
WSB Coin lost $635K in a rug pul incident.
Investors lost ~$ 130K in the YODA rug pull scam.
Hacks and Scams⚠️
LEVEL Finance
Amount of Loss: ~ $1.09M
Analysis
This week, hackers targeted Level Finance.
Seven days ago, a hacker created an unverified contract and is currently withdrawing LVL tokens in increments of 15,000 via the delegate function. 214k LVL tokens were transferred to the exploiter's address.
The attacker changed his LVL to 3,345 BNB.
Referral Controller Contract was the target of an exploit.
214k LVL tokens were drained to the exploiter's address.
The attacker changed his LVL to 3,345 BNB.
The exploit was separated from the other contracts.
The fix will be deployed in 12 hours.
The LP and DAO treasuries are unaffected.
XIRTAM
Amount of Loss: 1909 ETH
Analysis
XIRTAM, an Arbitrum-based project, is a reputation-building platform that does not require KYC. It promotes the gradual development of digital reputation using the XIRTAM system in an anonymous and decentralised manner.
The project party will be held on the third Rug Pull. However, unlike the Rug Pull project's usual practice, the XIRTAM project party did not transfer the raised 1909 ETH to a currency mixing service to conceal the identity and direction of the funds but instead deposited all of the funds in Binance.
Binance stated in this regard that the funds involved in the XIRTAM project had been frozen and that it would cooperate with law enforcement.
Neverfall Protocol
Amount of Loss: ~$75K
Analysis
The NeverFall project on BSC was attacked, resulting in a loss of over $70K. Because of the flawed calculation that relies on the balance of the corresponding PancakeSwap pair, it is a price manipulation attack.
The amount of liquidity to be removed is calculated based on the pair's token balance when using the sell function.
The hacker tricks the contract into burning a large amount of liquidity and returning to the hacker by borrowing the flash loan and performing a large swap on the pair.
The hacker then exchanged the harvested funds for BNB and transferred them to Tornado Cash.
WSB Coin
Amount of Loss: ~$635K
Analysis
Another day, another meme coin rug, this time.
ZJZ.eth from WBS coin, who unexpectedly dumped a significant portion of the WSB team supply for $635k (334 ETH).
YODA
Amount of Loss: $130K
Analysis
A Rug Pull took place in the YODA coin project.
YODA token price has dropped by 100%, and yodacoineth_ has deleted his social accounts/group.
Scammers transferred 68 ETH (approximately $130,000) to FixedFloat.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
NEAR Protocol: Architecture, Ecosystem, and Best Security Practices
The competition for layer-1 blockchains is heating up, with new emerging solutions outperforming existing ones in cost, speed, security, and scalability. Near Protocol received significant venture support and earned $33 million in the initial token distribution from 12% of its total token supply of 1 billion.
Web3 Community Spotlight🔦
Ah, yes, a private club with lots of money waiting to be stolen. What could possibly go wrong?
'Valor' finally was put behind bars, thanks to you for protecting CTFland, but a new malicious citizen 'Verz' is up to no good.
'Verz', being a party lover, is trying to get into a rich exclusive party only private members can attend.
He is trying to register himself and block further registrations to steal funds from the party successfully; this will spoil the party culture of CTFland, help detect the vulnerability before he can keep the Party ON!