HashingBits

Straight from the QuillAudits war room, HashingBits brings you weekly Web3 security alpha—hacks, insights & updates for the sharpest minds in the game!

Nov 18 • 7 min read

HashingBits - Week 93: Justin Drake Introduced Beam Chain, Wormhole Goes Live On Kraken, Okto Connecting To Agglayer & DeltaPrime’s $4.75M Exploit


GM! Buidlers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all—we’ll explore the latest happenings in the Aptos, Polygon & Base ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors.

EtherScope: Core Developments 👨‍💻

L1 & L2 Developments

  • Robinhood has relisted Solana (SOL), Cardano (ADA), and Ripple (XRP), and added Pepe (PEPE) to its cryptocurrency offerings.
  • Wormhole integrates PayPal USD (PYUSD) for seamless multichain transfers between Ethereum and Solana.
  • Avara has introduced Family, a non-custodial Ethereum wallet for iOS.
  • Espresso Network is now live on mainnet, offering secure, fast state confirmations across chains, starting with Ethereum.
  • Pendle introduces Boros, a platform for yield trading with margin, allowing efficient trading of funding rates and other yields.
  • Pear Protocol’s intent-based product offers $ETH fee rebates based on stPEAR balance and monthly volume.
  • Taiko has integrated multiple Zero-Knowledge (ZK) proofs from RiscZero and Succinct Labs into its mainnet.

  • LayerZero now supports PayPal USD (PYUSD) transfers across Ethereum and Solana.
  • Spark relaunches to provide scalable liquidity and yield in DeFi, offering a streamlined DeFi experience via SparkLend and Savings.
  • peaq has launched its staking feature, allowing users to stake their $PEAQ tokens to support network security and earn rewards.
  • M^0 is expanding its $M stablecoin to the Base blockchain via Wormhole’s Native Token Transfers (NTT) framework.
  • Zerion wallet users can now trade, mint, and create with zero gas fees on the ZERØ Network. Start by bridging assets from Ethereum to ZERØ on Zerion’s platform.
  • Argent launches the Argent Card, a self-custody, fee-free crypto card with secure integration into Argent Mobile and Kulipa, allowing real-world crypto use.
  • Rome Protocol’s Public Testnet is live, allowing developers to build EVM Layer 2s and Network Extensions on Solana, using it as a shared sequencer.
  • Aerodrome launches $NEIRO - $WETH liquidity pool, enabling users to bridge $NEIRO from Ethereum mainnet via Squid Router. Emissions for liquidity providers are live.
  • Babylon prepares for Cap-3 (1.3) mainnet launch in early December, expanding staking opportunities with a longer time window and higher per-stake limit.
  • Pendle introduces enhanced eBTC yield with ZeroLend, allowing eBTC holders to earn additional lending APY and ZeroLend points alongside existing yields from Ether.fi. Pendle LP incentives will start on November 21, 2024.
  • Pendle launches new Ethena sUSDe (29 May 2025) pool, now live and accessible on the platform.
  • Avalon Labs introduces $USDa with Ethena Labs, allowing BTC holders to leverage sUSDe and PT-USDe for a fixed 8% yield, with options for USDa-to-USDe arbitrage.
  • OnchainKit launches Agent Playground, a terminal enabling AI agents to autonomously transact, analyze data, and execute onchain actions.
  • Franklin Templeton has expanded its $410 million money market fund to the Ethereum blockchain, enhancing transparency and efficiency in fund transactions.
  • Solv Protocol collaborates with Ozean by Clearpool, integrating SolvBTC into Ozean’s RWA liquidity layer, Oxygen (O2).
  • Jito increases global deposit cap for (Re)staking to $50M, starting November 18. Accepted assets include $SOL, JitoSOL, mSOL, and bnSOL, offering expanded opportunities for participants.
  • Wormhole goes live on Kraken’s Ink testnet, a DeFi-focused Layer 2 built on Optimism’s Superchain, offering enhanced interoperability and seamless access to decentralized finance.
  • SuiPlay introduces SuiPlay0X1, a handheld gaming console, allowing users to play new titles and PC favorites while unlocking exclusive perks and rewards.
  • Infura announces DIN launch as an EigenLayer AVS, enabling enhanced connectivity and broader web3 access across multiple blockchain networks.
  • PancakeSwap launches Swap Bot on Telegram, enabling users to swap over 3,000 tokens directly on the BNB Chain.
  • Karak launches Wormhole’s Decentralized Validator Network on testnet, enhancing token bridging security by combining validator consensus with Guardian Network VAAs.
  • Caldera introduces Vulcan, the first Sovereignty-as-a-Service for Ethereum rollups, enabling faster Stage 1 deployment and enhanced security through decentralized governance.
  • Stride launches Echos, an AI-powered app on Celestia, enabling onchain agents to trade memecoins with USDC.
  • Pell Network launches $suBTC restaking, allowing users to mint $suBTC via SumerMoney and restake on BSquaredNetwork to earn 1.25X Pell Points.

EIPs

  • EIP7814: Introspection precompiles

ERCs

  • ERC7815: Swap order routing interface
  • ERC7816: Schnorr signature scheme for EVM Applications
  • ERC7817: Dapp security policy
  • ERC7818: Expirable ERC20

EcoExpansions: Beyond Ethereum 🚀

Aptos

Base

Polygon

Hackathons, Workshops, CTFs & Events

  • The Grant Factory, Hackathon Presented by Taiko: This hackathon invites new and existing projects to bring groundbreaking features to life across three dynamic tracks: Work Hard, Play Hard, and Do Good. By the end of this event, teams will have deployed a project on Taiko and crafted a polished grant proposal for submission.

Updates on Development Kits & Tools

  • Lodestar v1.23.0: Mekong testnet support & fix for CPU illegal instruction compatibility issue
  • OpenZeppelin community contracts (Solidity): experimental contracts, co-developed libraries & newer ERC implementations; unaudited
  • Coinbase smart wallet spend permissions: request to spend native & ERC20 tokens for 1-click/no-click user experience
  • DuneScan: block explorer in Dune
  • 0xPARC Provable Object Datatype (POD): used in Zupass, FrogCrypto & Meerkat
  • DeltaPrime $4.8M exploit on Arbitrum & alt L1, attacker then staked stolen funds
  • Red Guild: Phishing Dojo, interactive quiz on identifying phishing attacks

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

Articles

Research Papers

Watch🎥

video preview

Web3 Security

Articles

Research Papers

Twitter

  • DeltaPrime, a decentralized finance (DeFi) protocol operating on the Avalanche and Arbitrum networks, recently suffered a security breach resulting in an estimated loss of $4.75 million.
  • Take a look at Deltaprime post hack analysis
  • DeltaPrime urges attacker to respond by Nov 14 after an on-chain message. Cofounder Gavin Hasselbaink emphasized safe fund retrieval as a priority, hinted at leads on the attacker’s identity, and assured anonymity if they cooperate.
  • $800M lost in major phishing attacks in 2024

DeltaPrime

Loss: $4.75M

  • DeltaPrime, a decentralized finance (DeFi) protocol, recently lost over $4.8 million in a major security breach that targeted its operations on the Arbitrum (ARB) and Avalanche (AVAX) networks.
  • The hack happened as the attacker modified DeltaPrime’s “claimRewards” contract.
  • This weakness enabled the offender to commit fraudulent activities and obtain funds of about $4.8 million using a code logic exploitation that effectively circumvented important security controls.
  • The attacker used $1.3 million of the stolen funds in LFJ (formerly known as Trader Joe) and farmed USDC on the Stargate protocol.
  • In response, DeltaPrime quickly halted its activities on the Arbitrum and Avalanche networks, aiming to prevent further losses and assure users that the situation was under control.
  • DeltaPrime’s team confirmed that the protocol is temporarily paused on both networks, stating that they have contained the risk and are investigating the issue. They are working to strengthen security and prevent future attacks.

To know more details, check the post mortem analysis.

Community Spotlight

twitter profile avatar
The Binary Holdings 🦏
Twitter Logo
@thebinaryhldgs
Movers Feast with Aptos & QuillAudits is here, and we’re super excited to be supporting the event. TBH is committed to supporting and empowering builders by helping their projects gain exposure to millions of users with our distribution layer. https://twitter.com/quillaudits_ai/status/1853801762618032275
photo
twitter profile avatar
QuillAudits | Web3 Security 🛡️
@quillaudits_ai
Lets do Apatеu-osss, Apateu-osss together at BKK 🌐💥 Coming in HOT with @Aptos & yours truly on Tuesday, November 12 for the ones who are 𝘉𝘶𝘪𝘭𝘵 𝘋𝘪𝘧𝘧𝘦𝘳𝘦𝘯𝘵. All you gotta do is just meet us at the 👉🏻http://lu.ma/zon29b83 (Invite-Only) https://twitter.com/quillaudits_ai/status/1851624428699820294
11:9 AM • Nov 12, 2024
25
Retweets
44
Likes
twitter profile avatar
QuillAudits | Web3 Security 🛡️
Twitter Logo
@quillaudits_ai
Ever wondered how DePIN could transform everything from your smart fridge to entire smart cities? 🤔 Join us for the hottest panel at DePIN & RWA Hall of Impact tomorrow: "DePIN's Role in Revolutionizing IoT Infrastructure" 🔥 Meet the minds making it happen: • @realparcarlos… https://x.com/i/web/status/1856296581190037961 https://twitter.com/quillaudits_ai/status/1853754431780585826
photo
twitter profile avatar
QuillAudits | Web3 Security 🛡️
@quillaudits_ai
On November 13th, we're bringing you the RWA & DePIN Hall of Impact - our event at Devcon and it’s gonna be a biggie 🌟 Expect an audience of 150–200 top innovators, cherry-picked from over 1,500+ registrations. Our frens from @MantaNetwork, @FilFoundation, @Moongate, @IOSGVC,… https://x.com/i/web/status/1853754431780585826 https://twitter.com/quillaudits_ai/status/1851624428699820294
4:52 PM • Nov 12, 2024
6
Retweets
12
Likes
twitter profile avatar
Preetam | QuillAI 🥷🏄
Twitter Logo
@raopreetam_
5:54 PM • Nov 11, 2024
6
Retweets
51
Likes

QuillAI Network is Pushing Boundaries

The QuillAI Network is the AI layer for web3 security. In their mission to create a safer web3, QuillAI features an OML-aligned framework incentivising developers and users to build self-sovereign AI agents for dedicated tasks through the fine-tuning of its D-LLM. With agents for solidity (QuillShield) and due diligence (QuillCheck) helping safeguard contracts, transactions, and wallets, QuillAI is empowering web3 users and builders to charge of their security needs.

Stay ahead of security risks and safeguard your assets with comprehensive, real-time risk assessments now across five major blockchains.

Copyright (C) 2024 QuillAudits. All rights reserved.
You are receiving our newsletter because you opted-in for it at one of our websites.

Our mailing address is:
QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates

Unsubscribe · Preferences


Straight from the QuillAudits war room, HashingBits brings you weekly Web3 security alpha—hacks, insights & updates for the sharpest minds in the game!


Read next ...