Safeheron Weekly Dispatch | JUN 03 '22

Security Incidents

Synthetic Asset Protocol Mirror’s Been Suspectible to One Exploit That Over $30 Million Lost in 7 Months

The Mirror protocol, a synthetic asset protocol developed by Terraform Labs, has a longstanding exploit. From October 2021, attackers exploited multiple times over seven months, none of which were discovered by Terraform Labs or the Mirror team. By the time the bug was fixed, the attacker's total profit could have exceeded $30 million. The Mirror Lock contract (that locks your collateral for 14 days when you short) lets you call an unlock function to unlock collateral via a list of position IDs. But they left out something crucial... A duplicate check. having no duplicate check is an attacker can create a short position, and after 14 days, they could call their position ID multiple times in a list. This would let them steal funds from the lock contract over and over at little cost and zero risk.

Mirror Protocol Currently Suffered New Exploit

An error in price oracle implementation has allegedly allowed up to $2 million to be siphoned from the protocol.

Scammers Use Fake New LUNA Token For Phishing That $230 Thousand Been Lost

The deployer created dozens of fake Terra2.0 and LUNAv2 token, and distributed into user wallets to lure trading. But it is a RugPull. The scammer has got 730 BNB (about $233,600).

Anchor Protocol Got Exploited with Launch of Luna 2.0, User Makes "Free" $800,000

Reportedly, the price oracle of LUNC (Luna Classic) went to $5 despite the price of the actual assets being significantly lower than $5. One of the users on Anchor's platform noticed the bug and deposited around 20 million Lido Bonded Luna tokens, which was considered $100 million by the platform.

DeFi Project Novo Got Attacked

DeFi project Novo is under contract exploit attacking. Hacker has transferred 280 BNB (about $89,600）to Tornado.cash.

Industry Updates

Safeheron

• Safeheron CSO joined community AMA, sharing Safeheron view on Web3 security, how to balance security and efficiency.

• Safeheron will soon open source MPC-related cryptography infrastructure and threshold signature algorithm based on this infrastructure.

Limina

Digital Asset Custodian Liminal Raises $4.7M Seed Funding

Liminal claims to be the first wallet architecture to provide secure multiparty computation (MPC) and multisignature wallets to secure digital assets across different blockchains. According to Liminal, it has eliminated manual operations by 90% and that in one year of operation, it has processed over transactions $2.5 billion in transactions and gathered around $50 million in assets under protection. Liminal provides services to clients such as exchanges, custodians, banks, trading desks and hedge funds.

Copper

Copper's Swiss Unit Gains Regulatory Approval From Swiss’s Financial Services Standard Association

The body, known as VQF, is a self-regulatory organization recognized by the Swiss regulator. VQF’s validation underscores Copper to work with regulators around the world, to standards set in multiple jurisdictions, to become a worldwide provider of digital asset custody and infrastructure.

First Digital Trust

First Digital Trust Completes $20 Million Funding

First Digital Trust will use a portion of the new capital to build secondary markets for private equity and digital assets and to grow into the Singaporean, British, and Canadian markets.

Astra Protocol is Raising $100 Million Series A at Valuation of $500 Million

Astra Protocol is laser-focused on bringing legitimacy to the Blockchain and Crypto industry with its state-of-the-art KYC (know your customer) and AML (anti-money laundering) platform, which enables more businesses to safely participate in the Web3 economy. The infusion of funds from the Series A will be used to continue to scale up the Astra Network as it continues working towards a more transparent and compliant DeFi ecosystem.

BNB Chain Releases Year-Long Technical Roadmap

Some of the more notable developments of the roadmap include the introduction of mainnet BNB Application Sidechains with META Apes and Metaverse World; a near-doubling the number of decentralized validators to 41 via the BEP-131 proposal and successively enhancing the Block Gas Capacity of the BNB Smart Chain to 200 million in Q3 to improve efficiencies of cost and speed, among others.

Fidelity Digital Asset Services LLC Plans to Build Digital Infrastructure to Support Services for Cryptocurrencies

The company plans to hire 110 tech workers, including engineers and developers with blockchain expertise. The technology hires will help build out infrastructure to support custody and trading services for ether, the digital currency on the Ethereum network as the platform was built to handle the storing, securing, and trading of Bitcoin.

Pseudonymity Startup Big Whale Labs Raises $3.8 Million Seed Round

Big Whale Labs' project SealCred will be an open-source privacy-focused protocol that lets users create pseudonymous wallets – that are verified – to transfer social capital from one wallet to another.

Web 3 Infrastructure Firm InfStones Raises $66M Round

The new capital will help InfStones grow its team, build out its blockchain infrastructure solutions, expand into new markets and pursue potential partnerships and acquisitions. InfStones offers an Amazon Web Services-like node management platform and application programming interface (API) for Web 3 developers. The platform provides access to protocol consensus and proof-of-stake staking benefits, plus the ability to run validator nodes, access on-chain data and build multi-chain decentralized applications.

KuCoin Officially Launched KuCoin Wallet

KuCoin Wallet is a decentralized crypto wallet that supports multi-chain aggregation powered by the KuCoin ecosystem. And, KuCoin Wallet will add many leading DeFi, NFT, and GameFi sections to continuously provide users with convenient experience in the future.

The Brazilian Development Bank Launched the Brazilian Blockchain Network

The Brazilian Development Bank has officially launched the Brazilian Blockchain Network, a structure designed to aid other institutions in the country in increasing public transparency. The launch, which was also assisted by the Court of Accounts of the Union, serves to call more institutions to adhere to this project, which aims to have its first applications ready for 2023.

NFT Layer2 Solution Immutable X Launched Open-Source Core SDK

The open-source core SDK launched by Immutable X enhances the developer experiences on IMX L2 with better performance, scalability & readability while enabling contributions from the community. In the coming weeks more frequent documentation updates will be released.

Mobile identity pioneer Incognia Raises $15.5M Series A

The new funding round will support Incognia’s continued growth. Incognia addresses the balancing act between friction and security for user authentication and fraud prevention on mobile applications, across industries including fintech, crypto, gaming, delivery and social. As an identity solution, Incognia is 10 times more accurate than FaceID in uniquely identifying a user, and has a false acceptance rate of less than 1 in 17 million.

NewsFlash

- Abrdn completes 1.49bn pounds Interactive Investor acquisition.

- Jadu, a Los Angeles-based Web3 augmented reality (AR) startup, has raised $36 million in Series A led by Bain Capital.

- Tripp raised $11.2 million to build mindeful metaverse, and the new funding will be used for improving AR, VR and mobile application for user mental health.

- Blockchain data-sharing platform Vendia raises $300 million Series B.

- Indian e-commerce giant Meesho is to look at metaverse, web3, other blockchain use cases.

- IGoldman Sachs Is Eyeing a Derivatives Trading Deal with Crypto Exchange FTX.

- IMoneyGram CEO sees a future in stablecoin remittances and is to soon launch a platform with Stellar blockchain.

- ICanonical Crypto launches $20M inaugural fund to invest in infrastructure projects for blockchain developers.

- IFabric Ventures closes $140 million venture fund and announces first close of Web3 growth fund of $100 million.

- IBinance Labs launches $500M fund to drive Web3 adoption.

- IUnionBank of the Philippines has raised $ 209 million from its maiden digital peso bond offering.

- IThe South Korea Government is to invest $177 million directly in metaverse platforms.

Market Regulation

The Financial Conduct Authority (FCA) Took A Different Tack in Its First CryptoSprint

The CryptoSprint, held earlier this month, explored how to handle disclosing information related to the issuance of crypto assets, regulatory obligations and custody regulations. Over the course of two days, participants worked in mixed-discipline teams to explore the challenges facing the crypto industry, including how the FCA, the U.K.’s financial regulator, can support and balance innovation with standards that protect consumers.

Fed Paper Looks at The Potential Effects of CBDC on Monetary Policy

The paper considered four scenarios that illustrate the potential effects of a retail CBDC on monetary policy from the perspective of three stakeholder groups: the Fed, commercial banks and U.S. households. The paper showed that “the potential effects on monetary policy implementation from a retail CBDC are highly dependent on the initial conditions of the Federal Reserve’s balance sheet.” Their analysis also demonstrated how the Fed could use existing tools to manage the impact of retail CBDCs on monetary policy implementation.

Japan Passes Stablecoin Bill That Enshrines Investor Protection

Japan’s parliament passed a bill on Friday that clarified the legal status of stablecoins, defining them essentially as digital money. Stablecoins must be linked to the yen or another legal tender and guarantee holders the right to redeem them at face value, according to the new law. Stablecoins can only be issued by licensed banks, registered money transfer agents and trust companies. The legislation doesn’t address existing asset-backed stablecoins from overseas issuers or algorithmic counterparts. The new legal framework will take effect in a year. Japan’s Financial Services Agency has said it will introduce regulations governing stablecoin issuers in coming months.

NewsFlash

- Binance‘s been granted a Virtual Asset Service Provider registration by ‘Organismo per gli agenti e mediatori’ (OAM) in Italy.

- German Ministry of Finance opposes the comprehensive verification of "unhosted" wallets and suspicion-independent transaction reports to AML authorities required by EU.

- The Korea Financial Supervisory Service comprehensively investigates the holdings of crypto assets by 157 payment and settlement institutions； Several South Korean banks are considering integrating digital assets into personal credit management business; The South Korean government plans to form a committee specifically to oversee the digital assets market.

- Singapore has begun a project to investigate potential uses of asset tokenization and DeFi.

- Crypto.com Secures Provisional Approval To Open Crypto Exchange in Dubai.

Industry Briefing

Overally, the recent trend of Cypto and the stock market is gradually decoupling. The trend of Bitcoin and Ethereum is still not optimistic. The DeFi market is mainly in a downward trend, and Goblintown.wtf in the NFT market is rising against the unpromising trend. According to BanklessTimes, 51% of global blockchain funding will come from the US, and they expect the market to grow to USD 67.4 billion by 2026. The growth will be at a CAGR (Compound annual growth rate) of 68.4 percent during the forecast period. And some of the primary factors leading to the rapid expansion of the blockchain market are an increase in venture capital funding and investments; adoption of blockchain tech in cybersecurity; easy access to smart contracts and digital identities thanks to the widespread use of blockchain technology; rising government efforts.

Total venture capital funding in the crypto space fell 38% from April to May, according to Dove Metrics, even though the amount of capital deployed into crypto is down in the short term, it’s significantly higher than levels from a year ago. Morgan Stanley says a slowdown is expected as activity across eight of the most important VC bellwether markets over the past 12 months has reset 50% from peak.

Security incidents in this week are mainly on contract exploits using, and as the platforms also lack enough regular checking which gives a time gap to attackers, thus, the loss is more severe. Security is always the core strength the projects shall strengthen persistently。

Last, Safeheron team wishes you on this Dragon Boat Festival: