Blockchain Intel Tuesday #11

March 1, 2022 - Massive run up in bitcoin and other alt-coins. It is all about Ukraine! BofA says there is no crypto winter. Read on...

Blockchain News
Notable Hacks and Scams (Link to Zero Friction Hack and Scam Database)
  • Arriva announced that one of the staking wallets was hacked. Peckshield determined that it may possibly be an inside job. Total losses ~ $600,000

  • Spear Finance just rugged investors within their genesis pools which launched 3 hours ago. The rugger added two little lines to the add function which allowed them to bypass the safety guard (e.g., the governanceRecoverUnsupported which allows the admin to take out any tokens staked into the contract) and steal all tokens prematurely. Total losses ~ $180,000

  • Flurry Finance informed their community that it was hacked and has paused all smart contracts running on the BSC and polygon to avoid further losses. As a precautionary measure, they have paused all smart contracts of rhoTokens including those on BSC and Polygon, which means converting/ redeeming rhoTokens. According to CertiK analysis Flurry Finance Vault contracts were exploited using external dependencies. Total losses ~ $293,000

  • Raptor 2 is a decentralized financial payment network that rebuilds the traditional payment stack on the blockchain. It utilizes a basket of fiat-pegged stablecoins, algorithmically stabilized by its reserve currency RAPTOR2 to facilitate programmable payments and open financial infrastructure development. PeckShield has detected $Raptor2 rugged. Total losses ~ $316,000

  • TopGoal_NFT is Global NFT & GameFi Platform of Football Metaverse. Collect certified digital cards & Build your own fantasy squad. Peckshield detected that the deployer had huge amount of TMT pre-minted, just dumped to 2660+ BNB, and washed through Tornado Cash. Total losses ~ $1M

  • Owners of high-value NFTs are having their Opensea-listed assets pulled out from under them by an unknown attacker. Either the new Opensea contract was hacked, or users were hit by a phishing attack. The hacker sent a fake email designed to have people sign half of a valid wyvern order (e.g., the order was basically empty except the target (attacker contract) and calldata) and the attacker signs other half of order. Any users who interacted with Opensea’s new contracts should revoke the token approvals from Opensea immediately. Etherscan and Revoke.cash both provide interfaces for this, but are experiencing intense server load. Use whichever service will load. The attacker currently holds 641.5 ETH liquid, and many high-ticket NFTs, including 17 Azuki, 3 BAYC, 2 Cool Cats, and 2 Mutant Ape Yacht Clubs. The attacker also pocketed a racial slur ENS name. The loss amount include the values for the high-valued 16 Azuki's and 3 BoredApeYachtClub's estimated at 48 and 177 ETH respectively. Total losses ~ $3.4M Updated 2/23/22: Loss statistics for @opensea phishing incident: 1. The hacker sold NFTs valued at more than 1,200 Ether (~$3.4m), most of the funds has been deposited to @TornadoCash 2. The hacker returned most of the unsold NFTs to victims.

  • BNB42 is a 100% decentralized investment platform that operates on the Binance Smart Chain. BNB42 reaches 6k users on Feb 13 with liquidity over $2.5M and then the rug pull was executed. The deployer drained liquidity, more than 6400 BNB into 8 addresses (as reported by Peckshield). At least 5 of the stolen funds were taken into Tornado Cash. Total losses ~ $2.7M

  • Fake Animoca Brands Metaverse pulled its liquidity removing 227 ETH and 220M Animoca Metaverse tokens from Uniswap. The real company, Animoca Brands, issued a scam alert about a new ERC-20 token “Animoca Brands Metaverse” on Uniswap V2 that fraudulently claims to be associated with Animoca Brands and uses the symbol “Animoca”. Animoca Brands wishes to make it clear that this token has no connection to the company. Total losses ~ $700,000 The company strongly urges the public to stay away from this fraudulent token and any related activities, including social media and messaging apps. Do not interact with this token or the scammers behind it in any manner, and if you have already received or bought some of these tokens, then consider switching to a new wallet immediately in order to reduce your risk of being targeted in future scams.