SudoRare, an automated market maker (AMM) protocol for ERC-721 to ERC-20 swaps, suddenly shut down its services and social media accounts after reportedly making away with 519 Ether (ETH), worth roughly $815,000. A crypto community member, sungjae_han, was first to point out a suspicious transaction that drained substantial funds off SudoRare using LooksRare (LOOKS) and USD Coin (USDC) tokens. #PeckShieldAlert #rugpull Seems like @SudoRare rugged 519 $ETH (~$815k). SudoRare already deleted its social accounts/groups, sudorare[.]xyz is down Stole funds already transferred to 3 new addresses (173 $ETH/address): 0x75c3b2...3981 0x0498d1...8074 0xbFb784...7EAa https://t.co/mPC4bl4k6W pic.twitter.com/O5D7jThYvm — PeckShieldAlert (@PeckShieldAlert) August 23, 2022 A subsequent …

The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …

Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream. Smart contract vulnerabilities While the blockchains that host Web3 applications remain impenetrable …

An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community. Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and …

BNB Chain, a blockchain network created by crypto exchange Binance, identified over 50 on-chain projects that pose a significant risk to the users. A mix of crypto spin-offs resembling Dogecoin (DOGE) and Binance and others dedicated to pandas, cyborgs and koalas made the list as untrustworthy and high-risk projects. BNB Chain’s Red Alarm feature, which was implemented to protect investors from potential rug pulls and scams, flagged projects based on two main criteria — if the contract performs differently from what the project owners advertised or if the contract shows risks that might influence users' funds. Speaking to Cointelegraph, Gwendolyn …

The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized. On Aug. 14, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode. The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet …

Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the …

BlueBenx, a Brazilian crypto lending platform, reportedly blocked all of its 22,000 users from withdrawing their funds following an alleged hack that drained $32 million (or 160 million Brazilian real). While no details about the hack were made available, the company allegedly laid off most of its employees. BlueBenx joins the growing list of crypto companies that failed to deliver on their promise of exorbitant yield returns this crypto winter. The Brazilian crypto lender promised up to 66% returns for users investing in cryptocurrencies via various in-house earning avenues. A report from the local news board Portal do Bitcoin highlighted …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, cross-bridge protocols became the center of DeFi discussions as a new report showed RenBridge was used to launder $540 million in stolen funds. Curve Finance, on the other hand, resolved its site exploit and directed users to revoke any recent contracts. Interlay, a London-based blockchain firm, launched a Bitcoin (BTC)-based cross-chain bridge on Polkadot named interBTC (iBTC), DeFi platform Oasis.app says that sanctioned addresses will no longer be able to access …

2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …

Decentralized finance (DeFi) protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a DNS hijacking incident. The automated market maker warned users not to use the front end of its website on Aug. 9 after the incident was flagged online by a number of members of the wider cryptocurrency community. While the exact attack mechanism is still under investigation, the consensus is that attackers managed to clone the Curve Finance website and rerouted the DNS server to the fake page. Users that attempted to make use of the platform then had …

Cross-chain protocols and Web3 firms continue to be targeted by hacking groups as deBridge Finance unpacks a failed attack that bears the hallmarks of North Korea’s Lazarus Group hackers. deBridge Finance employees received what looked like another ordinary email from co-founder Alex Smirnov on a Friday afternoon. An attachment labeled ‘New Salary Adjustments’ was bound to pique interest, with various cryptocurrency firms instituting staff layoffs and pay cuts during the ongoing cryptocurrency winter. A handful of employees flagged the email and its attachment as suspicious, but one staff member took the bait and downloaded the PDF file. This would prove …