3 lines of code costed 320 Million dollars : Recent Crypto Events — Feb_2022
February was sure an expensive month to start. There were a total of six incidents, the first is an expensive one, which lead to a loss of 320 Million dollars.
First incident in the Second month(February) was reported on the Third day.
Well we have to know what is Multi-chain at the least ?
A physical bridge as you know it, connects two parts of a land.
In the Blockchain world, bridges connect two different blockchains. Just as a physical bridge connects two physical locations, a blockchain bridge connects two blockchain ecosystems. Bridges facilitate communication between blockchains through the transfer of information and assets.
Let’s take an example :
You are working in U.S.A and you would like to transfer a dollar to Indian Rupee. You login to Xoom.com and send one dollar and that gets converted to an India Rupee. As you are familiar this is called “currency exchange” the technical term.
Now how can we do the same in the blockchain world ?
Let’s say you have ETH and you want to convert that to SOLANO. Now here is where bridges come in an help converting ETH to SOLANO.
More information on Bridge : https://ethereum.org/en/bridges/
This month alone there was roughly half a billion dollars lost when using bridges in the blockchain world.
A note from Vitalik, :
Blockchain IR Event #1: https://portalbridge.com
The PortalBridge event took place on Feb 2, 2022. ( 02/02/2022 :) . Portal is a bridge that offers unlimited transfers across chains for tokens and NFTs wrapped by Wormhole.
Wormhole is a decentralized, cross-chain message passing protocol. It enables applications to send messages from one chain to another. The network is operated by a decentralized group of nineteen Guardians who sign each transmitted message to attest to its authenticity.
Portal enables users to deposit funds into a contract on a source chain, then mint a Wormhole-wrapped version of the token on a destination chain. The minting function requires a Wormhole-authenticated message from the source chain contract
Attack :
An unidentified attacker exploited a vulnerability in the Solana-side Wormhole contract and tricked it into minting 120,000 uncollateralized Wormhole-wrapped ETH (weETH). The attacker then sent 93,750 weETH back to Ethereum, redeeming it for native ETH (1, 2, 3), and swapped the remaining weETH into SOL on Solana.
Detailed IR : https://wormholecrypto.medium.com/wormhole-incident-report-02-02-22-ad9b8f21eec6
The vulnerability was fixed by adding the missing check:
Blockchain IR Event #2 : https://meter.io/
Meter.io is a highly decentralized Ethereum scaling solution with a built-in metastable gas currency. It connects to Ethereum and other blockchains as a layer-two protocol and allows smart contracts to scale and communicate seamlessly through heterogeneous blockchain networks.
The Vulnerability.
The deposit method of the ERC20 Handler contracts on the Meter Passport had the ability to automatically wrap and unwrap native gas tokens like BNB and ETH to enhance user experience. However, the implementation of this functionality introduced a vulnerability. This deposit method assumed that if the token being bridged is a wrapped Native token, then it does not need to be burned or locked since the wrapped Native token is already unwrapped and the amount already transferred to the handler contract.
Post mortem : https://medium.com/meter-io/post-mortem-report-meter-passport-12af6b50393d
Blockchain IR Event # 3 : https://dego.finance/
DEGO Finance is an NFT+DeFi protocol and infrastructure with two functions: The project acts as an independent and open NFT ecosystem drawing users to the blockchain space. The NFT Suite offers services covering the full NFT lifecycle, enabling anyone to issue NFTs, participate in auctions, and trade NFTs. Recently, DEGO has embarked on a new journey on GameFi and will input more on R&D of Blockchain Games, Tokenisation of Game Assets, Asset Lending, and more.
Post mortem : https://degofinance.medium.com/to-dego-community-summary-of-the-event-after-a-thorough-investigation-and-efforts-5315a98d9984
Blockchain IR Event # 4: https://titano.finance/
Titano is positioned to lead a revolution in DeFi with the Titano Autostaking Protocol or TAP, a new financial protocol that makes staking easier, and gives $TITANO token holders the highest stable returns in crypto.
The smart contract code included a statement that allowed either the smart contract owner or the deployer of the contract to set the PrizeStrategy for the pool. The Titano hack was allegedly performed by the contractor using the original deployment address. The contractor was able to exploit these privileges to steal 4828.7 BNB from the contract.
Hack explained : https://halborn.com/explained-the-titano-finance-hack-february-2022/
IR : https://titano.medium.com/important-announcement-dec5a6078d46
Blockchain IR Event # 5 :
Decentralized protocol Build Finance suffered a governance attack this week, losing custody of its treasury funds in the process.
The attacker succeeded in the takeover by having a large enough vote in favour of the proposal and there were not enough countervotes to prevent the takeover from happening.
Blockchain IR Event # 6 : https://opensea.io/
attackers stole hundreds of NFTs from OpenSea users, causing a late-night panic among the site’s broad user base. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club, with the bulk of the attacks taking place between 5PM and 8PM ET.
More info : https://www.theverge.com/2022/2/20/22943228/opensea-phishing-hack-smart-contract-bug-stolen-nft
