This Week in Hacks
Phantom G was hijacked to promote a fake NFT airdrop
Phantom G, an upcoming blockchain based game for providing ‘AAA’ game experience’s Discord server was hijacked to promote a fake NFT airdrop.
Scammers gained access to the official Discord account of Phantom Galaxies and were able to take over the server. The scammers stole 265 ETH (approximately US$1.1 million) from Discord users via 1,571 fake minting transactions over the course of about three hours. Phantom Galaxies announced to compensate all affected users.
OlympusDAO mistakenly allowed a user to withdraw $1.43M
OlympusDAO, a cryptocurrency project backed by a treasury of assets, mistakenly allowed a user to withdraw $1.43M by paying $50,000 in OHM.
Someone used the bond to which the OlympusDAO team believed to have shut down on SushiSwap to sell $50,000 worth OHM/DAI liquidity tokens for 1,697 OHM.
Plutoz Finance flash loaned for $365K
Plutoz Finance, a crypto lending protocol on Binance Smart Chain, was flash loaned for $365K. The loss is expected to be greater.
The attack occurred due to price oracle manipulation of $DOP tokens in the project. The gains were swapped through ParaSwap and PancakeSwap and then through Tornado Cash.
Wolf Game became the latest victim of a reentrancy vulnerability that put $WOOL at Risk
Wolf Game, a play-to-earn NFT game, is the latest victim of a reentrancy vulnerability that puts $WOOL (native currency of the project) creation and unstacking at risk.
The contract has been paused and no party has run the exploit. As the news broke out, the price of $WOOL token plunged to more than 6%.
Few wallet addresses used flashbots to mine guaranteed rare NFTs on Wolf Game. As a result, $WOOL minting was paused on the network to prevent exploitation.
Unlock Protocol, an NFT project was attacked on the Polygon and xDai blockchain
Unlock Protocol, an NFT based project was attacked on the Polygon and xDai blockchain.
The attacker compromised owner keys to the USD (protocol’s governance token) contract, upgraded it to steal locked funds and later swapped the stolen tokens on Uniswap. The final profit is worth $30,000 UDT.
Optics Bridge experienced a chaos within the development team
Optics Bridge, a gas-efficient interoperability standard for cross-chain communication by Celo experienced a multi-signature wallet ownership change which resulted in a chaos within the development team and firing of the employee.
To the Numerophiles out there 🔢
Collins Dictionary Announces NFT as Word of 2021.
Hackers have amassed over $12 billion from DeFi exploits last year.
Over $10 Billion Has Been Lost To DeFi Exploits In 2021
More From the Editor's Desk
Being the latest trend, the metaverse is the perfect target for cyber-attacks. The high level of interactions calls for accountability from both developers and users.
The growing number of cyber-attacks has been a significant concern for many sectors, including the upcoming NFT (Non-fungible Token) marketplace.
Data privacy and security is also a significant concern in the upcoming metaverse space.
For instance, some metaverse projects will allow users to create a replica of their homes, streets, and cities, which will make it easy for dubious characters to steal personal data, including floorplans that they might need to conduct a physical attack (burglary) on the users.