The decentralized finance sector is booming, with total value locked rising from $700 million in December 2019 to over $200 billion by the beginning of 2022. Hackers and fraudsters will undoubtedly be attracted to such rapid growth in a new field.
Million-dollar hacks have become now commonplace in the crypto world. Axie Infinity's Ronin sidechain was hacked last week, resulting in one of the largest crypto-related security breaches in history. Unidentified hackers stole around 173,600 Ether tokens and 25.5 million USD Coin tokens. The hacker had used stolen private keys and the passwords needed to access crypto funds to take away the funds.
Similarly, on April 1, decentralized lending site Ola Finance disclosed that hackers stole $3.6 million in cryptocurrency from the network. Around 216,964 USDC, 507,216 BUSD, 200,000.00 fUSD, 550.45 WETH, 26.25 WBTC, and 1.24 million FUSE were stolen by the attackers. On March 16, the attacker introduced a reentrancy bug using a flash loan exploit to steal over $11 million from Agave and Hundred Finance.
A new victim has joined the hackers' list; According to an announcement issued on April 2, Inverse Finance, an open-source system for lending and borrowing that works on top of the Ethereum blockchain, has been the victim of a $15.6 million attack. According to the team, the hack had nothing to do with the protocol's smart contract.
So how did the hack happen? Using an oracle manipulation bug, the attacker was able to artificially raise the price of the INV token. On its Anchor money market, they were able to borrow millions of dollars in various tokens, including wrapped Bitcoin (wBTC) and Yearn. Finance (YFI).
Minutes after the exploit occurred, PeckShield, a blockchain analytics firm, notified the Inverse team about the hack on Twitter.
The attacker first withdrew 901 ETH (about $3 million) from Tornado Cash, which is used to disburse crypto without leaving a clear trail. The mystery funds were subsequently transferred into multiple trading pairs on the decentralized exchange SushiSwap, increasing the price of INV in the view of the Keep3r price oracle. The attacker made off with 1,588 ETH, 94 WBTC, 39 YFI, and 3,999,669 DOLA in total.
The attack was well-funded and high-risk because the $3 million worth of crypto used to deceive the price oracle would have been lost entirely if the price of INV had returned to normal levels before the attacker took out the loans.
Inverse said that all borrowing on Anchor had been temporarily halted, and the protocol is working with Chainlink to establish a new INV oracle.
Blockchain's ultimate guarantee is robust security and privacy. The nature of all of the foregoing attacks would serve to reaffirm regulators' scepticism and beliefs that crypto investments will only result in the loss of investors' funds and that privacy is at risk. If project founders do not design their initiatives with diligence, the entire system's credibility will be jeopardized.
Now since the Blockchain and smart contracts are becoming increasingly vulnerable to security flaws. However, each project group's answer provides some solace, as they all look committed to assisting their users in recovering their stolen assets. And, because Web3 and blockchain technologies are still in their infancy, there are strong grounds to believe that there will be solid solutions to the current security vulnerabilities and it will advance the crypto sector moving forward.
OpenSea Enables NFT Purchases With Credit Cards, Apple Pay
Buyers on OpenSea, one of the world's most popular non-fungible token markets, will soon be able to pay for NFTs with a credit card, debit card, or Apple Pay—all without holding any cryptocurrency.
The move results from a collaboration with MoonPay, a fintech company that develops crypto payment infrastructure, which announced the news on Friday morning. MoonPay is also the business that has facilitated the purchase of Bored Ape NFT for many celebrities.
The move is presumably aimed at attracting more mainstream purchasers, similar to NBA Top Shot's tactic when the game was hot a year ago. In January, OpenSea revealed that its Ethereum and Polygon sales produced over $5 billion in total trading volume. The NFT marketplace also announced this week that it would begin listing Solana NFTs later this month.
For OpenSea, things haven't always gone well. An exploit on the NFT marketplace in January 2022 resulted in a Bored Ape Yacht Club NFT selling for $1,700 in ETH, far below its floor price. Last November, an OpenSea employee profited directly by buying NFTs just before they were featured on the front page of the website; Finzer claimed the occurrence was "misframed" as insider trading said OpenSea co-founder and CEO Devin Finzer.
Pudgy Penguins NFT Collection Looks to Next Chapter With $2.5M Sale.
After a long-awaited 750 ETH ($2.5 million) sale, the Pudgy Penguins non-fungible token (NFT) project has a new leader.
According to the arrangement, a consortium led by Pudgy Penguins owner and Los Angeles-based entrepreneur Luca Netz would buy control of the initiative and royalties from the project's original four co-founders. Along with his associate Cameron Moulène and numerous other stakeholders, Netz will be the new leader of "The Huddle."
The buyers' group will have control of the project, allowing them to issue a token and conduct airdrops to other NFT series holders, among other things. The agreement comes after the Pudgy Penguins' founding crew was voted off in a heated Discord poll in January. Since then, holders of the cute flightless digital birds have been waiting for word on the project's uncertain future.
As reports of a transaction completion floated on Friday, Pudgy Penguin trading soared on NFT marketplace OpenSea. The long-awaited Pudgy Penguins token was announced on Friday, fuelling the penguin purchasing frenzy even more. After trading swung between 0.7 and 1.4 ETH in recent weeks, the floor price of a Pudgy Penguin rose as high as 2.5 ETH. The cheapest penguin on offer was 2.2 ETH at the time of publication.
Netz planned to announce the sale's end on social media late Saturday. In an interview with CoinDesk on Friday, he said the transaction was "100% not an April Fool's joke," which explains why he decided to wait until after April 1 to go public.