Safeheron Weekly Dispatch | JUN 10 '22

06/10/2022

Security Incidents

BAYC Discord Was Attacked With About 200 ETH-Worth NFT Stolen

BAYC DIscord server was under a short attack. Though BAYC team has found the problem and solved it, but still, there were NFTs worthy of 200 ETH got stolen.

Equalizer Finance Was Under Flash Loan Attack

The main cause for this attack is that the FlashLoanProvider contract in the Equalizer Finance protocol is not compatible with the Vault contract.

Celsius Network Has At Least Lost 35,000 ETH in The Private Key Loss of Stakehound

Feb 2, 2021, Celsius Network sent 35,000 ETH in a single transaction to Stakehound. Later, Stakehound has ETH all custodied by Fireblocks. Suprisingly, on June 22, 2021, Stakehound reportedly lost the private key for the more than 38,000 ETH deposited on client's behalf.

Elrond L1 Network Hacked, With $1.65 Million EGLD Stolen

The hacker sold them through Maiar DEX, resulting in a 92% drop. the official has suspended DEX and related APIs.

Optimism Got 20 Million OP Stolen

Optimism entrusts Wintermute to provide liquidity service for OP on the secondary market. Optimism sent 20 million OP tokens to the multisig address given by Wintermute. But Wintermute later found out that they cannot control the OP token in the given address because the multisig address is not yet deployed on Optimism. Before Wintermute recovered tokens, the attacker already deployed the address on Optimism and controlled the 20 million OP tokens.

ApolloX Got Hacked, 53 Million APX Was Hacked Under Contract Vulnerability

A hacker exploited a flaw in ApolloX's Trading Rewards Contract to accumulate 255 signatures and then used these signatures to withdraw 53 million APX tokens from the Withdrawal Contract. However, there is no loss of users' funds.

The GymSinglePool is Hacked With The Loss of $2.1M

The GymSinglePool of DeFi platform GYM Network was under attack with a loss of 7,500 BNB (about $2.1M). The attack was on the recently deployed Claim & Pool function for Gym Single Pool caused a massive price drop.

Industry Updates

Safeheron

Safeheron is going to launch a new website and a new App. In the new App, Safeheron provides public cloud self-custody, a free custody plan within a 10-min account setup. Also, open source MPC basic libraries.

Entropy

Decentralized Crypto Custodian Entropy Raises $25 Million in Seed Funding

Entropy leverages cryptographic techniques based on multiparty computation. Its solution as comparable to Google Authenticator in that it doesn’t provide its own wallet or user-facing products — it simply handles the process of “signing” their data cryptographically.

Fireblocks

Checkout​.com Partners With Fireblocks to Launches 24/7 USDC Settlement

Checkout.com partners with Fireblocks to launch a new stablecoin settlement system. It will allow merchants to process crypto payments from their customers in real time — potentially widening the use cases of stablecoins within e-commerce.

Anchorage Digital

Anchorage Digital Spearheads Crypto Custody Exchange Network to Enhance Trading, Liquidity

Anchorage Digital along with other global crypto companies has formed a custody exchange network in a bid to improve the crypto marketplaces for investors. The custody exchange network seeks to promote a fairer market structure, with no pre-funding needed and with safe participation by maintaining custody with Anchorage.

Cybavo

Circle Buys Web 3 Infrastructure Platform Cybavo

Circle agreed to buy Cybavo, a digital asset infrastructure platform that focuses on custody and blockchain application development, for an undisclosed amount. The acquisition will allow Circle to offer "infrastructure as a service" for companies looking to build on Web 3.

Payments Platform Kushki Raises $100 Million in Series B Funding

In this round, Kushiki’s valuation is above $1 billion. The company said it will use the funding to accelerate the adoption of this infrastructure. Headquartered in Ecuador, Kushki's core product line includes infrastructure to make it easier for businesses across the Latin American region to send, receive and process digital payments globally. Currently, it operates only in five countries in the region.

Algorithmic Stock Adviser Delphia Raises $60M in Series A

The funding will be used to expand headcount and to launch the native Delphia Data rewards token. Delphia is an algorithm-backed stock advisor with a hedge fund for accredited investors that has a long-short market neutral strategy covering about 2,500 U.S. equities.

Professional-First Crypto Tax & Accounting Platform, Ledgible Raises $20M in Series A

The investment will be used to expand the teams within their two core lines – Professional Tax and Enterprise Accounting, including further expansion to support their growing number of institutional partners and accounting firms.

Nfinite RaiseS $100 Million in Series B

Nfinite, is a leader in next-generation visualisation and e-commerce merchandising. The funding will be used to expand nfinite's global customer, engineering, and marketing operations to provide the scale and support needed to meet rapid market adoption of its SaaS-based visual e-merchandising platform.

Ballet Raises $13 Million in Series A

The financing will allow Ballet to scale up its product development and business operations.

Immutable X Partners With Private Key Management Service Magic

Immutable X and Magic together launch a passwordless login feature. Developers can use Magic's SDK to integrate passwordless login and authentication without relying on traditional mnemonic phrases, and users can log in using only their email addresses to help improve the experience even further.

OpenSea Will Put Significant Investment in Trust and Safety

For the next half of 2022, OpenSea will put significant efforts in theft and scam prevention, IP infringement tackle, scaling review and moderation and cutting down critical response times in high-touch areas.

Identity Security 443ID Closed An $8 Million Seed Funding

The fresh capital has enabled 443ID to hire experts spanning the identity and access management, cybersecurity, cryptocurrency, adtech and open source intelligence (OSINT) realms to build the company’s OSINT identity graph powering its first products: OSINT Risk and SignalPrint.

NewsFlash

- Dubai's Retail Giant Majid Al Futtaim has partnered with Binance to accept cryptocurrencies via Binance Pay.

- Ripple and Stellar to Help Launch AUDC Stablecoin for Novatti Group, planning to issue it on the XRP Ledger.

- PayPal now allows its users to be able to transfer cryptocurrency from their accounts to other wallets and exchanges.

- P2P payment platform Metal Pay launches digital assets and payments service in Europe.

- Ethereum’s Ropsten testnet has completed its merge.

- Citadel, Charles Schwab, Fidelity join forces to build cryptocurrency trading platform.

Market Regulation

North America

  • White House Office of Science and Technology Policy (OSTP) is expected to publish a report on cryptocurrency mining and its environmental impact.

  • SEC is investigating whether BNB was a security when sold in 2017.

  • US crypto bill allegedly leaked that DAOs, exchanges, and stablecoin providers would have to become registered entities.

  • New York’s crypto regulator (NYDFS) publishes formal stablecoin guidance that issuers be fully backed by certain assets, with these assets segregated from the issuers’ operational funds and attested to by an auditor regularly.

  • Jamaica’s senate authorized the country’s national bank to issue its CBDC (central bank digital currency), the Jamaica Digital Exchange, or Jam-Dex, via an amendment. The fresh legislation expands the definition of legal tender to include virtual tokens, as well as physical notes and coins.

Europe

  • Britain will begin testing of crypto blockchain technology for traditional market activities such as trading and settlement of stocks and bonds.

Asia

  • Indian Government is to release guidelines for certain crypto-related taxations before July 1st.

  • Japan’s Ministry of Justice wants to amend laws to give courts and police officers the power to seize crypto assets in money laundering and to freeze stolen crypto.

  • The Japan Virtual and Crypto assets Exchange Association may loosen rules for exchanges listing tokens.

  • Oman’s central bank is working to develop its own digital currency.

  • South Korean policymakers asked cryptocurrency exchanges to devise guidelines with respect to the listing and delisting of digital tokens.

  • Binance courts Philippine license to target Southeast Asia.

South America

  • Digital Real Will Be Used by Banks in Brazil as Collateral to Issue Their Own Stablecoins.

Industry Briefing

Overall, the crypto market is bouncing back that DeFi and NFT market also get a bit better.

For regulation, more and more calls for universal/uniformed regulation system/rules, but now it's still quite fragmented. Besides, many countries/regions are pushing CBDC (Central Bank Digital Currency) forward. The Atlantic Council’s Geoeconomic Centre has released a major update to its Central Bank Digital Currency (CBDC) Tracker. 105 countries, representing over 95 percent of global GDP, are exploring a CBDC. A new high of 50 countries are in an advanced phase of exploration (development, pilot, or launch). 10 countries have fully launched a digital currency.

Among the G20 countries, 19 are exploring a CBDC, with 16 already in the development or pilot stage.

For security, consumers reported they have lost over $1 billion in crypto-linked fraud from January 2021 through March of this year, according to an analysis from the Federal Trade Commission (FTC). Until now, on many consumer-oriented platforms, phishing and rug pull are still luring victims. For security incidents this week, the major cause is loophole exploits, such as OP tokens theft and ApolloX got compromised.

Last updated