SafeMoon, a cryptocurrency project that gained traction through endorsements by celebrities and social media influencers, recently announced that its liquidity pool (LP) had been compromised. While the company has not revealed any details about the attack, it confirmed that it is taking steps to address the issue as soon as possible.
The incident is the latest in a series of attacks targeting cryptocurrency projects in recent months. Like many other crypto projects in 2021, SafeMoon was backed by numerous celebrities, including Nick Carter, Soulja Boy, Lil Yachty, and YouTubers Jake Paul and Ben Phillips. However, a lawsuit filed in February 2022 alleged that these endorsements were part of a larger scheme to defraud investors by misleading them to purchase SafeMoon tokens under the pretext of unrealistic profits.
Experts suggest that a recent software upgrade may be to blame for the vulnerability that allowed the attacker to compromise SafeMoon’s LP. According to PeckShield, a blockchain investigation firm, a public burn function introduced in the latest upgrade allowed users to burn tokens from other addresses, potentially creating a security flaw that could be exploited by hackers.
A community member known as “DeFi Mark” provided further details about the attack, explaining that the vulnerability was used to remove SafeMoon tokens, causing an artificial spike in the token’s price. The attacker was then able to sell off the tokens at an inflated price, taking advantage of the situation for personal gain.
The incident has raised questions about the security and legitimacy of SafeMoon, as well as the role of celebrity endorsements in cryptocurrency projects. While the company has not provided any further details about the attack or its response, it is clear that security is a top priority for SafeMoon and other cryptocurrency projects.
Cryptocurrency remains a relatively new and largely unregulated industry, with many investors drawn in by the promise of high returns and the endorsement of celebrities and influencers. However, as the SafeMoon incident and others like it have shown, there are risks involved in investing in this space, and investors should be cautious and do their own research before committing their money to any project.
Despite the challenges and risks, many experts believe that cryptocurrency and blockchain technology have the potential to revolutionize the financial industry and create new opportunities for investors and businesses alike. As the industry continues to mature and evolve, it is likely that we will see more incidents like the SafeMoon attack, but also more innovations and advancements that could transform the way we think about money and finance.
The NFT space has attracted many scammers and hackers as it has grown.
Collectors should consider using hardware wallets to store valuable NFTs.
Active NFT users should also exercise caution to avoid phishing attacks.
Share this article
URL Copied
Crypto Briefing shares a list of operational security best practices for safeguarding your NFTs.
Security Tips For NFT Collectors
In 2021, NFTs exploded into the mainstream. The market for non-fungible tokens has seen huge growth, with trading volumes hitting record highs and top-tier pieces selling for millions of dollars. Last year, NFT sales hit $25 billion, while platforms like OpenSea continue to see huge interest from crypto natives and new adopters alike. The flurry of excitement surrounding tokenized collectibles has inspired celebrities like Jay-Z and Paris Hilton to buy into projects like CryptoPunks and Bored Ape Yacht Club, further fueling the demand.
Thanks to the rising prices of the most sought-after NFTs, the space has attracted many scammers and hackers. These opportunists use social media platforms like Discord and Telegram to target vulnerable collectors and attempt to steal their most prized pieces. As interest in the technology grows, NFT investors must stay up-to-date with best practices in operational security. In this feature, we explain all of the measures NFT owners can take to protect their collections.
Ensuring Wallet Security
NFT collectors can lose their holdings if hackers gain access to their wallet’s seed phrase, which is a private string of words that gives access to a cryptocurrency wallet.
NFT owners must therefore take precaution to ensure their seed phrase always stays secure. Hardware wallets such as Ledger and Trezor are widely considered one of the most secure ways to store crypto assets. Hardware wallets are a form of cold storage wallet as they are stored offline rather than hot wallets like MetaMask. Unlike hot wallets, hardware wallets store the private key within the device. To make a transaction with a hardware wallet, the user must have the device in-hand to confirm the transaction, making it much harder for hackers to gain access. For anyone with a collection of valuable NFTs, hardware wallets are undoubtedly one of the best storage options.
It is also vital to ensure that the seed phrase to any wallet that stores NFTs is secured offline in a safe place.Some users opt for splitting their seed phrase across multiple locations to add an extra layer of security. Durable materials like titanium and steel are also popularly used to store seed phrases.
It’s extremely risky to store seed phrases on digital, Internet-facing devices in case the device is compromised.
Verifying NFTs Before Minting or Buying
NFT collectors should always apply due diligence to find out whether an NFT is authentic before buying into a collection. This can help alleviate the risk of buying a counterfeit NFT. On OpenSea, official collections usually receive a “verified” checkmark once they surpass 100 ETH in trading volume.
During NFT minting, collectors should also check that they are connected to the correct website. Scammers frequently clone websites by making a slight amend to the original domain name with the goal of stealing crypto assets. When buying into newer NFT collections on secondary marketplaces like OpenSea or Rarible, it is important to verify if the project’s smart contract came from the official team.
In October 2021, an anonymous hacker memorably hacked into the CreatureToadz project’s Discord server. Posing as an admin, they announced a fake NFT mint, which was enough to trick community members into sending them over $340,000 in Ethereum. While the funds were later returned to the team, the incident highlighted the importance of verifying official smart contracts for prospective mints.
On several occasions, fraudsters have used the names of famous artists to mislead investors. One scammer went as far as hacking Banksy’s website to post a link to a piece; it sold for $336,000 in Ethereum.
Taking Caution Against Honeypot, Malware, and Phishing Attacks
One of the most common ways scammers target NFT collectors is through phishing attacks. Hackers frequently execute “honeypot” schemes to lure investors. In this type of attack, they send fake airdrops to NFT holders to trick them into claiming tokens. However, when the victim proceeds with the claim, they interact with a malicious smart contract that seeks permission to spend their assets. If they inadvertently grant permission to the contract, it can drain the assets in their wallet.
In December 2021, the New York-based NFT collector Todd Kramer lost $2.2 million worth of NFTs in a phishing attack. He interacted with a phishing contract disguised as a genuine application, leaving his wallet exposed to the hack. It was drained of several NFTs from the Bored Ape Yacht Club, Mutant Ape Yacht Club, and CloneX collections.
It is also possible for hackers to use malware to gain backdoor access to devices. Hackers often send malicious links that immediately deploy malware and can take over computers. Hackers can then extract the private key to hot wallets like MetaMask and withdraw all of the NFTs and other assets.
As hackers frequently prey on investors on social media apps like Discord, it’s important to be vigilant when interacting with anyone online. NFT collectors should always verify someone’s identity before they interact with them and avoid clicking on any suspicious links.
Protecting Personal Privacy
NFT collectors often show off their non-fungibles in their social media avatars (Twitter has just rolled out a feature that gives users a way to prove that they own their NFT avatar, and Meta is also set to release a similar feature soon). However, using NFT avatars or human-readable domain names like Ethereum Name Service can make it easier for hackers to identify investors they want to target.
As the blockchain makes all transactional and wallet data available, malicious entities can easily track collectors that own valuable NFTs if they share any details of their addresses on social media. This may lead to targeted phishing attacks or physical threats.
NFT investors also need to pay attention to vulnerabilities that may leak their private information. Recently, a cryptographer discovered a MetaMask bug that could give hackers access to a users’ IP addresses on mobile devices. MetaMask says it’s aware of the issue but is yet to fix it.
Final Thoughts
As NFTs have grown in popularity, so has the appetite of scammers looking to steal valuable pieces from collectors. Many of these attackers use sophisticated methods to target investors. It’s therefore vital for anyone active in the NFT space to always take the necessary precautions and due diligence to ensure that they protect their collections. As ever, investors should be aware that NFTs are a nascent technology in a risky space. As such, users should always take caution and follow operational security practices when investing.
Disclosure: At the time of writing this feature, the author owned ETH and other cryptocurrencies.
Share this article
URL Copied
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Bored Ape NFT Collector Loses $2.2M in Phishing Scam
An NFT collector has lost millions of dollars’ worth of NFTs in an apparent phishing attack. NFT Collector Targeted With a Phishing Attack A New York-based art curator and NFT…
$1.8M Lost to Fake MetaMask Token Honeypot Scam
A fake MetaMask token has conned traders out of over $1.8 million. Hackers injected code into the DEXTools application’s front end, convincing traders that the token was verified. The MetaMask…
Investing Survey: Win A $360 Subscription To Pro BTC Trader
We’re doing this because we want to be better at picking advertisers for Cryptobriefing.com and explaining to them, “Who are our visitors? What do they care about?” Answer our questions…
MetaMask Knows It Has a Critical Privacy Vulnerability, But Hasn’…
Alexandru Lupascu says that MetaMask users who access the app on mobile devices are at risk of exposing their IP address. MetaMask Mobile App Can Expose Users’ Privacy MetaMask users…
Cryptocurrency data analyst CoinMetrics found that the Bitcoin SV network suffered a 51% attack on Tuesday through its regular monitoring tool FARUM.
The monitoring data of FARUM, the blockchain security monitoring tool of the intelligence company CoinMetrics, confirmed this statement and indicated that it witnessed 14 blocks undergoing a deep reorganization of the network.
Lucas Nuzzi, Network Data Product Manager from CoinMetrics, posted on Twitter and said that:
“BSV is going through a massive 51% attack. After an attempted attack yesterday, some serious hashing power was unleashed today at 11:46AM and attackers are succeeding. Over a dozen blocks are being reorgd & up to 3 versions of the chain being mined simultaneously across pools.”
CoinMetrics stated that the attack has ended, and some analysts in the industry refer to the continued large-scale attacks from unknown identities to originate from vulnerabilities in the network.
This attack seems to have a slight negative impact on the price of Bitcoin SV. At the time of writing, Bitcoin SV has dropped by 4.22% to $135.51 within 24 hours, according to Coinmarketcap.
Last month, several crypto exchanges pioneered by Huobi, including OKEx and Bittrex, also suspended BSV trading. Bitcoin SV network was also attacked by illegal block reorganization on July 8.
Currently, there are two types of Bitcoin fork coins on the market: Bitcoin Cash (BCH) and Bitcoin SV (BSV). Bitcoin SV results from a highly controversial hard fork of the Bitcoin Cash (BCH) blockchain in November 2018 to address Bitcoin scalability.
BSV developers have expanded the block size limit from 128MB to 2GB to improve user experience and increase miners’ benefits.
THORChain has suffered a wave of attacks over the last few weeks, but RUNE is showing signs of recovery.
THORChain Makes Major Rally
THORChain is soaring.
The project’s RUNE token is up 39% in the last 24 hours, currently trading at $5.79. Although RUNE is still 72.1% off all-time highs, it’s a notable recovery given the recent wave of exploits THORChain has suffered.
THORChain is a cross-chain interoperability protocol for exchanging between tokens like BTC and ETH. RUNE is used as a medium of exchange on the platform. It was hit by an $8 million exploit last week when an attacker tricked the project into making a refund for assets that hadn’t been deposited. The attacker left a note in the transaction’s input data claiming that they could have taken more assets and urged the team to focus on improving its security. It read:
“Disable until audits are complete Audits are not a nice to have Do not rush code that controls 9 figures”
Only a week before that, the protocol’s ETH liquidity providers suffered losses of about $5 million in similar circumstances. The protocol was also hit by an incident in late June, though that time the losses amounted to only $140,000.
After the latest incident, THORChain confirmed that it would halt its network chain and conduct additional security audits. The team has been active on social media, yesterday confirming that it had hosted 20 white hat hackers for a THORChain “code walkthrough.”
The project has also received support from many prominent figures in the space, including ShapeShift’s Erik Voorhees and Delphi Digital’s Tom Shaughnessey.
Overwhelming support to enhance @THORChain
– @trailofbits audit
– @HalbornSecurity audit + 6 FT engineers
– @immunefi bug bounty program @ninerealms_cap ($500K program)
— Tom Shaughnessy 🦉 (@Shaughnessy119) July 28, 2021
RUNE dropped to a low of around $3.53 following last week’s attack. Though the network is still paused, the project’s native token seems to have made a solid recovery, rising 64%.
With RUNE trading at $5.79, THORChain’s market cap is currently $1.56 billion.
Disclosure: At the time of writing, the author of this feature owned ETH, ETH2X-FLI, and several other cryptocurrencies.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
$8M Lost as THORChain Suffers Third Attack in a Month
THORChain says the attacker made off with around $8 million. THORChain Hit by Another Exploit THORChain has suffered its third critical attack in a month. THORChain has suffered a sophisticated…
$5M in Ethereum Lost in THORChain Exploit
THORChain is the latest DeFi attack victim. THORChain Pauses Network After Attack THORChain has been exploited. The DeFi network, which focuses on cross-chain interoperability between protocols like Bitcoin and Ethereum,…
What is Impermanent Loss and How can you avoid it?
DeFi has given traders and investors new opportunities to earn on their crypto holdings. One of these ways is by providing liquidity to the Automated Market Makers (AMMs). Instead of holding assets,…
Erik Voorhees Bets on Ethereum DEXs, THORChain
Switzerland-based crypto platform ShapeShift has come a long way since Erik Voorhees founded it in 2014. From its launch until late 2017, it became one of the most widely known…
PolyYeld Finance’s YELD token has crashed to zero after attackers exploited a vulnerability to mint nearly 4.9 trillion tokens.
The attack targeted PolyYeld’s Masterchef pool, which contained xYELD tokens.
Several other yield farming projects on Polygon have suffered similar attacks in recent months.
Share this article
PolyYeld Finance was exploited today, leading to a price collapse of its native token.
Attacker Exploits PolyYeld Vulnerability
PolyYeld Finance’s native token has collapsed to zero after attackers took advantage of a vulnerability to mint an excess supply of tokens.
According to security firm PeckShield, the attacker successfully minted nearly 4.9 trillion YELD tokens. They sold a portion of them for roughly 123 ETH, worth about $250,000 at today’s prices.
The attacker exploited a vulnerability in the PolyYeld Masterchef contract, a type of contract used by yield farms to distribute rewards. The attack targeted a Masterchef pool containing another token called xYELD, which generated passive income for holders by charging fees on each transaction and distributing them as YELD rewards.
In a note shared on Telegram, the PolyYeld team claimed that its Masterchef contract could not support xYELD’s reward distribution system, which allowed the attack to take place. They said:
“[The] xYELD token contains a transfer tax which was added to Masterchef, which unfortunately could not support tokens with transfer taxes.”
The lack of Masterchef support meant attackers could mint free reward tokens by shrinking the value of the xYELD liquidity pool.
The Masterchef contract was invented for distributing rewards for liquidity pool tokens. But more recently, yield farms on Binance Smart Chain and Polygon have started using master contracts for single asset tokens or “transfer fee tokens” like xYELD.
Security firm PeckShield explained that a deflationary token such as xYELD charges a fee on its transfers. With repeated deposits and withdrawals, the xYELD balance was shrunk down maliciously up to 1 WEI, the smallest denomination of 1 Polygon.
A Masterchef contract estimates rewards by dividing the pool value by the value of tokens staked, meaning if the pool value is reduced, it can dramatically inflate the rewards. Xuxian Jiang, founder and CEO of PeckShield, told CryptoBriefing:
“By repeated deposits and withdraws with the MasterChef, the attacker frequently triggers the tax collection. This gradually reduces the xYELD balance of MasterChef to 1 WEI, which led to actual exploitation.”
As the attackers minted 4.9 trillion tokens and sold a portion of them, the market was immediately flooded, leading the price to collapse to zero. According to PolyYeld’s website, the maximum supply was intended to be 62,100 YELD tokens.
Source: TradingView
Since the attack, the price of YELD has crashed from $25 to $0 in the space of a day. Meanwhile, xYELD is down from $100 to around $7, as per Dex Guru.
In the note posted in the PolyYeld Telegram group, the team asked users to unstake their funds. It added that it was considering a compensation plan and promised a report in the coming days. Meanwhile, the Telegram group remains muted along with other channels of communication.
This is yet another security instance involving Polygon-based yield farms. In recent months, projects such as Iron Finance, PolyWhale, and SafeDollar were targeted in a similar fashion, wherein attackers hyperinflated the token supply and caused a price collapse.
PolyYeld held more than $20 million in total value locked as of last week.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Polygon Project SafeDollar Crashes to Zero After Attack
Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…
Polywhale Team Abandon $100 Million Project Amid Scam Allegations
Polywhale Finance, the first-ever yield farm on Polygon has been abandoned by its founding team amid rug pull allegations. Polywhale: Another Yield Farming Exit Scam? The team has stated in…
Yield Farmers Are Migrating to Polygon
Polygon offers a similar yield farming experience to Ethereum mainnet at a fraction of the cost. Key metrics show that DeFi power users are starting to migrate to the network….
Bondly Finance, a well-known DeFi and NFT project, was exploited today by “an unknown party,” the team said.
After the liquidity pools were exploited, the attacker minted 373 million BONDLY to sell on the open market, leading to an 82% price crash.
While team claims to be investigating the incident, it is suspected the attack may have been an insider job.
Share this article
NFT project Bondly Finance was exploited today due to a token-minting attack from a still-unknown assailant.
Attacker Mints 373 million BONDLY tokens
Bondly Finance has suffered an attack.
🚨Attention Bondly Community:
Unfortunately we have been compromised by an unknown party
We would like to take this time to advise you to STOP TRADING $BONDLY
Rest assure we have already taken action and will be operating as usual ASAP
Stay tuned for more updates
— Bondly (@BondlyFinance) July 15, 2021
The DeFi and NFT project was exploited today by “an unknown party,” the team said. The incident is only the latest in a series of major exploits that have hit the DeFi sector this year.
During the attack, someone minted 373 million BONDLY tokens and sold off the inflated supply in the liquidity pools, leading to a price crash.
In the official Bondly Finance Telegram group, the team has confirmed the protocol exploit and told the community that it is still investigating the matter. It also advised everyone to stop trading the token.
The Ethereum address associated with the exploit has been funneling funds through various decentralized exchanges. They’ve also used Tornado.Cash to move $100,000 worth of DAI multiple times over. At the time of writing, the address contains about $1.45 million, though the total gains come closer to $7.5 million.
While the team claims to be investigating the incident, some suspect that the attack may have been an inside job, otherwise known as a “rug pull” in the crypto community.
Source: PeckShield
According to analysis from PeckShield, a blockchain security firm, the illegitimately minted BONDLY tokens that the attacker received came from Bondly’s owner address through an owner transfer operation. Discussing the possibility of a rug pull, Xuxian Jiang, founder and CEO of PeckShield, told Crypto Briefing:
“It is potentially a rug pull as the owner (0x58a058ca4b1b2b183077e830bc929b5eb0d3330c) pulls the trigger in transferring out 373M $BONDLY to sell.”
If not an insider job, the other possibility is that the owner’s private key was leaked, Jiang added.
The attack has led to a massive decline in the price of BONDLY tokens. Since the incident came to light, the token has registered an 82% fall, from roughly $0.06 to $0.01 in seven hours, as per CoinGecko.
Bondly Finance first made headlines in Feb. 2021 after it collaborated with YouTuber Logan Paul to issue Pokémon NFTs on Ethereum. Now, it’s become a talking point for a different reason.
Bondly Finance has promised that updates will follow.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
YouTuber Logan Paul Mints Pokémon NFTs on Ethereum
The NFT space has a new celebrity entrant. This time, it’s the popular YouTuber Logan Paul. YouTuber Gets Tokenized The American YouTube celebrity will be releasing the digital art pieces…
Efficient Market Hypothesis: Does Crypto Follow?
The Efficient Market Hypothesis (EMH) is a concept in financial economics which states that security prices reflect all the available information about a financial instrument. EMH is one of the…
Alpha Finance Exploited in $37.5 Million Attack
An attacker targeted DeFi protocol Alpha Finance for a sum of $37.5 million earlier this morning. The exploit was found in the protocol’s Alpha Homora V2 product—not Cream Finance, as…
Polygon Project SafeDollar Crashes to Zero After Attack
Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…
Bondly Finance, a well-known DeFi and NFT project, was exploited today by “an unknown party,” the team said.
After the liquidity pools were exploited, the attacker minted 373 million BONDLY to sell on the open market, leading to an 82% price crash.
While team claims to be investigating the incident, it is suspected the attack may have been an insider job.
Share this article
NFT project Bondly Finance was exploited today due to a token-minting attack from a still-unknown assailant.
Attacker Mints 373 million BONDLY tokens
Bondly Finance has suffered an attack.
🚨Attention Bondly Community:
Unfortunately we have been compromised by an unknown party
We would like to take this time to advise you to STOP TRADING $BONDLY
Rest assure we have already taken action and will be operating as usual ASAP
Stay tuned for more updates
— Bondly (@BondlyFinance) July 15, 2021
The DeFi and NFT project was exploited today by “an unknown party,” the team said. The incident is only the latest in a series of major exploits that have hit the DeFi sector this year.
During the attack, someone minted 373 million BONDLY tokens and sold off the inflated supply in the liquidity pools, leading to a price crash.
In the official Bondly Finance Telegram group, the team has confirmed the protocol exploit and told the community that it is still investigating the matter. It also advised everyone to stop trading the token.
The Ethereum address associated with the exploit has been funneling funds through various decentralized exchanges. They’ve also used Tornado.Cash to move $100,000 worth of DAI multiple times over. At the time of writing, the address contains about $1.45 million, though the total gains come closer to $7.5 million.
While the team claims to be investigating the incident, some suspect that the attack may have been an inside job, otherwise known as a “rug pull” in the crypto community.
Source: PeckShield
According to analysis from PeckShield, a blockchain security firm, the illegitimately minted BONDLY tokens that the attacker received came from Bondly’s owner address through an owner transfer operation. Discussing the possibility of a rug pull, Xuxian Jiang, founder and CEO of PeckShield, told Crypto Briefing:
“It is potentially a rug pull as the owner (0x58a058ca4b1b2b183077e830bc929b5eb0d3330c) pulls the trigger in transferring out 373M $BONDLY to sell.”
If not an insider job, the other possibility is that the owner’s private key was leaked, Jiang added.
The attack has led to a massive decline in the price of BONDLY tokens. Since the incident came to light, the token has registered an 82% fall, from roughly $0.06 to $0.01 in seven hours, as per CoinGecko.
Bondly Finance first made headlines in Feb. 2021 after it collaborated with YouTuber Logan Paul to issue Pokémon NFTs on Ethereum. Now, it’s become a talking point for a different reason.
Bondly Finance has promised that updates will follow.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
YouTuber Logan Paul Mints Pokémon NFTs on Ethereum
The NFT space has a new celebrity entrant. This time, it’s the popular YouTuber Logan Paul. YouTuber Gets Tokenized The American YouTube celebrity will be releasing the digital art pieces…
Efficient Market Hypothesis: Does Crypto Follow?
The Efficient Market Hypothesis (EMH) is a concept in financial economics which states that security prices reflect all the available information about a financial instrument. EMH is one of the…
Alpha Finance Exploited in $37.5 Million Attack
An attacker targeted DeFi protocol Alpha Finance for a sum of $37.5 million earlier this morning. The exploit was found in the protocol’s Alpha Homora V2 product—not Cream Finance, as…
Polygon Project SafeDollar Crashes to Zero After Attack
Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…
ChainSwap suffered an exploit last night, resulting in $8 million worth of losses.
The attacker sold several tokens available on the protocol through decentralized exchanges, meaning they tanked in value.
ChainSwap has paused its Ethereum to Binance Smart Chain bridge and pledged to airdrop new ASAP tokens to holders.
Share this article
ChainSwap gets hit again.
Tokens Suffer in ChainSwap Attack
ChainSwap has suffered another exploit.
A hacker found a vulnerability in the decentralized exchange’s smart contract code last night. It gave them a way to access the protocol and sell tokens available on ChainSwap via other exchanges.
Wilder World’s n3o posted an analysis of the incident, explaining that the exploit allowed the attackers to mint 20 million WILD tokens to its address.
🚨ChainSwap Hack 🚨
1/ Citizens of @WilderWorld and holders of $WILD, we have completed our initial analysis of the @chain_swap hack. See below. 👇
— n3o (@real_n3o) July 11, 2021
Several tokens were affected and have plummeted in value as a result of the hacker selling them on the open market. Other than Wilder World, Antimatter, Optionroom, Umbrellabank, Nord, Razor, Peri, Unido, Oro, Vortex, Blank, Unifarm, and several other projects suffered in the incident.
The attack is estimated to be worth around $8 million. One of the hacker’s wallets, which shows them executing multiple swaps on the 1inch Exchange, can be viewed onEtherscan.
ChainSwap is a cross-chain bridge that acts as a hub for multiple chains. It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain. The project raised $3 million in a funding round featuring big industry players like Alameda Research, CMS Holdings, and Rarestone Capital in April.
The attack follows another ChainSwap exploit that occurred on Jul. 2, which resulted in losses of around $800,000. The team published a post-mortem and compensation plan following the incident, though it’s yet to post a full follow-up on last night’s attack.
Several projects announced that they had been affected by the attack on Twitter last night. Many have posted announcements urging token holders to avoid trading tokens as they plan to compensate investors by minting new tokens. ChainSwap also posted about the incident, confirming that it was “investigating the exploit” and had pulled liquidity for its ASAP token. It added that it would airdrop a new ASAP token to affected holders. ChainSwap then followed up with a post confirming that it had frozen its Ethereum to Binance Smart Chain bridge.
The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses.
Balances might temporarily show 0 until we are done filtering.
Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe
— ChainSwap ($ASAP) (@chain_swap) July 11, 2021
ASAP is currently down 13.3%, but many other tokens have been hit a lot harder. Antimatter’s MATTER, for instance, is down 68.8%. Many other tokens have tanked 30% or more.
Disclosure: At the time of writing, the author of this feature owned ETH, ETH2X-FLI, and several other cryptocurrencies.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
REvil Demands $70M in Bitcoin After Ransomware Attack
Russian cybercriminal group REvil is demading a $70 million Bitcoin ransom after carrying out a major ransomware attack in the U.S. and Europe. A Colossal Ransomware Attack A group of…
Polygon Project SafeDollar Crashes to Zero After Attack
Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…
$7 Million Lost in Flash Loan Attack on BSC’s BurgerSwap
Another Binance Smart Chain app has suffered a flash loan attack. More than $7 million of users’ funds was drained from BurgerSwap last night. BurgerSwap Suffers Attack Flash loan attackers…
What is Polygon (MATIC): Ethereum’s Internet of Blockchains
In terms of both decentralized app (DApp) development and adoption, no blockchain has been more successful than Ethereum (ETH). But despite its relative success, the Ethereum network still contains several…
ChainSwap suffered an exploit last night, resulting in $8 million worth of losses.
The attacker sold several tokens available on the protocol through decentralized exchanges, meaning they tanked in value.
ChainSwap has paused its Ethereum to Binance Smart Chain bridge and pledged to airdrop new ASAP tokens to holders.
Share this article
ChainSwap gets hit again.
Tokens Suffer in ChainSwap Attack
ChainSwap has suffered another exploit.
A hacker found a vulnerability in the decentralized exchange’s smart contract code last night. It gave them a way to access the protocol and sell tokens available on ChainSwap via other exchanges.
Wilder World’s n3o posted an analysis of the incident, explaining that the exploit allowed the attackers to mint 20 million WILD tokens to its address.
🚨ChainSwap Hack 🚨
1/ Citizens of @WilderWorld and holders of $WILD, we have completed our initial analysis of the @chain_swap hack. See below. 👇
— n3o (@real_n3o) July 11, 2021
Several tokens were affected and have plummeted in value as a result of the hacker selling them on the open market. Other than Wilder World, Antimatter, Optionroom, Umbrellabank, Nord, Razor, Peri, Unido, Oro, Vortex, Blank, Unifarm, and several other projects suffered in the incident.
The attack is estimated to be worth around $8 million. One of the hacker’s wallets, which shows them executing multiple swaps on the 1inch Exchange, can be viewed onEtherscan.
ChainSwap is a cross-chain bridge that acts as a hub for multiple chains. It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain. The project raised $3 million in a funding round featuring big industry players like Alameda Research, CMS Holdings, and Rarestone Capital in April.
The attack follows another ChainSwap exploit that occurred on Jul. 2, which resulted in losses of around $800,000. The team published a post-mortem and compensation plan following the incident, though it’s yet to post a full follow-up on last night’s attack.
Several projects announced that they had been affected by the attack on Twitter last night. Many have posted announcements urging token holders to avoid trading tokens as they plan to compensate investors by minting new tokens. ChainSwap also posted about the incident, confirming that it was “investigating the exploit” and had pulled liquidity for its ASAP token. It added that it would airdrop a new ASAP token to affected holders. ChainSwap then followed up with a post confirming that it had frozen its Ethereum to Binance Smart Chain bridge.
The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses.
Balances might temporarily show 0 until we are done filtering.
Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe
— ChainSwap ($ASAP) (@chain_swap) July 11, 2021
ASAP is currently down 13.3%, but many other tokens have been hit a lot harder. Antimatter’s MATTER, for instance, is down 68.8%. Many other tokens have tanked 30% or more.
Disclosure: At the time of writing, the author of this feature owned ETH, ETH2X-FLI, and several other cryptocurrencies.
This news was brought to you by ANKR, our preferred DeFi Partner.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
REvil Demands $70M in Bitcoin After Ransomware Attack
Russian cybercriminal group REvil is demading a $70 million Bitcoin ransom after carrying out a major ransomware attack in the U.S. and Europe. A Colossal Ransomware Attack A group of…
Polygon Project SafeDollar Crashes to Zero After Attack
Polygon-based stablecoin SafeDollar collapsed to zero after its liquidity pools were exploited in a security incident. SafeDollar Plunges To Zero Within a couple of weeks of launch, algorithmic stablecoin SafeDollar…
$7 Million Lost in Flash Loan Attack on BSC’s BurgerSwap
Another Binance Smart Chain app has suffered a flash loan attack. More than $7 million of users’ funds was drained from BurgerSwap last night. BurgerSwap Suffers Attack Flash loan attackers…
What is Polygon (MATIC): Ethereum’s Internet of Blockchains
In terms of both decentralized app (DApp) development and adoption, no blockchain has been more successful than Ethereum (ETH). But despite its relative success, the Ethereum network still contains several…
On June 7, the United States government task force seized more than $2 million in Bitcoin (BTC) to pay a ransom following an attack on the Colonial Pipeline system. A warrant filed with the U.S. District Court for the Northern District of California shows that authorities recovered 63.7 BTC.
As news of the recovery spread through mainstream media, some outlets suggested that the U.S. government somehow hacked the Bitcoin address in order to extract the funds. For example, University of Michigan professor and New York Times contributor Justin Wolfers tweeted:
News that the government has figured out how to snatch bitcoin from the online wallets of cyber criminals surely reduces the use cases for Bitcoin even further.
— Justin Wolfers (@JustinWolfers) June 8, 2021
This triggered a discussion on whether an entity could break through SHA-256 encryption, and if so, why waste this ability on unlocking a Bitcoin wallet that only contains $2 million?
The same type of cryptography is used by the National Security Agency, banks, foreign agencies, cloud storage systems, and most electronic devices like smartphones and communication apps.
If governments wanted to create short-term havoc in the cryptocurrency market, they would need to make large sales to negatively impact the price. However, there would probably be at least 3 telling signs that would hint that this type of scenario was unfolding.
Open interest at CME BTC futures would spike
The most likely vehicle for government entities to short (sell) is by trading CME Bitcoin futures. In addition to the price pressure, analysts would need to confirm a large increase in open interest, which is the number of contracts in play. Unfortunately, CME does not provide real-time data for this indicator.
CME Bitcoin futures settlement data. Source: CME
As shown above, each CME Bitcoin futures contract represents 5 BTC, so the 7,572 open interest totals 37,860 BTC. These contracts are financially settled, meaning that the winner is paid in dollars.
While the current $1.25 billion open interest does not seem significant enough to create shockwaves, the figure did reach $3.3 billion in February as Bitcoin traded at $58,000. Therefore, a substantial and rapid increase in the open interest is a potential indicator of government-related activity.
The futures premium should flip negative
A large futures contract seller will cause a momentary distortion in the futures premium. Unlike perpetual contracts, these fixed-calendar futures do not have a funding rate, so their price will vastly differ from regular spot exchanges.
By measuring the price gap between futures and the regular spot market, a trader can gauge the level of bullishness in the market. Whenever there’s an aggressive activity from shorts (sellers), the two-month futures contract will trade at a 1% or higher discount.
CME July Bitcoin futures premium/discount vs. Coinbase, May 2021. Source: TradingView
Notice how the July CME futures usually trade between a 0.5% discount and a 1.5% premium versus regular spot exchanges. However, during the May 19 crash, aggressive futures contracts selling caused the price to trade 2.5% below Coinbase.
This movement can either occur during liquidation orders or when large players decide to short the market using derivatives.
Exchange infrastructure would come under attack
Even though most cryptocurrency exchanges have established their servers in remote locations, governments could try to seize physical servers or web domains.
Investors who have been following the crypto sector since 2017 will remember that Alex Vinnik, the founder of BTC-e, was arrested and the website hijacked by the U.S. government in July 2017.
In November 2020, Cointelegraph published an excellent article that explained how, according to a framework from the U.S. Department of Justice, it could be enough for a crypto transaction to “touch financial, data storage, or other computer systems within the United States” to provoke enforcement action.
Any coordinated effort by governments to suppress cryptocurrencies will likely involve a massive “anti-money laundering” effort against exchanges, especially those offering derivatives products to retail investors.
Thus, unless these 3 signs are in place, there is little reason to believe that a massive government-led campaign to disrupt the industry is underway.
The views and opinions expressed here are solely those of theauthorand do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.
