Don’t get REKT!
Let’s revisit the recent crypto exploits and losses that shook the market
Who got REKT? ☠️
Well, maybe not you — but many crypto projects and hodlers did. However, that’s how the universe works. Even your emotions get rekt from time to time, let alone blockchain, a still evolving technology.
Diving into the low-down and dirty rekt cryptos can be painful, and maybe spread FUD — but that’s not necessary! Just follow the news, learn from other projects’ mistakes and don’t get rekt.
Once in a blue moon? Not.
The multi-billion dollar bankruptcy — LUNA and UST collapse.
The most successful algorithmic stable coin attempt came from Terra Labs. LUNA & UST were in the top 10 cryptocurrencies, until they suddenly weren’t. Do Kwon, the co-founder & CEO of Terra Labs, has created the perception of the stability of these tokens. The reason people invested so heavily is that Anchor Protocol promised a yearly 20% return on holding a stable coin which just wasn’t sustainable in the long run, considering the volatile nature of the crypto market. Some would call it insane, others a clear Ponzi scheme, and some believe it was just a mistake born out of greed.
The current bear market that started in Q1 2022 unexpectedly saw UST’s market cap soar to over $18B and $LUNA to an ATH of $119.18 as users retreated to the yearly 20% gains offered by Anchor.
It was all lavenders and roses, and the moonlight 😉.
The crash that took $LUNA and $UST back down to Earth, and ultimately below ground, started when whales began cashing out. These enormous value holders started selling not only their holdings, but also their 20% yearly rewards, which triggered an enormous influx into the supply of $LUNA, which in turn caused the $LUNA price to start falling rapidly and subsequently the de-pegging of the UST stablecoin. Stable coins are pegged to fiat, and UST is pegged to the value of the USD, which means that it is supposed to be worth a dollar at any given time. This equality is provided by algorithmical stabilization. To achieve that, a smart contract based algorithm burns LUNA tokens to mint new UST tokens to anchor the price of UST to $1.
In May, UST was de-pegged from the USD due to concerns about the rising interest rates, resulting in faster burning of LUNA tokens and increased rate of minting new UST tokens. Expectably, as the UST was de-pegging, the price of LUNA also fell — as in %99.9 price drop. In response to the sudden fall in price, Terra Labs liquidated their entire Bitcoin holdings, but that didn’t help much. The liquidation led to the price of Bitcoin falling below $27,000 after a long time.
Throughout the crash, yes it was a period of time, the price of LUNA fell more than %99 two separate times. The price hovered around $80 before the crash and soon fell down to $0.00001675 in less than a week.
Today, LUNA’s price fluctuates around $0.0001277. Will it ever revive?
WORMHOLE’s got a loophole
Solana’s space-time continuum was distorted, to be exact — the Wormhole Network was exploited for $326M. The hacker found a way to exploit Solana VAA verification and mint tokens.
Wormhole is a cross-chain bridging protocol that allows users to move cryptocurrencies and NFTs between the Solana and Ethereum blockchains. The hacker appears to have found an exploit in Wormhole’s smart contract code that allowed them to mint 120,000 wETH without putting up the necessary equivalent Ethereum collateral.
An on-chain message was sent to the hacker from Certus One, the team behind the Wormhole bridge:
We noticed you were able to exploit the Solana VAA verification and mint tokens. We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and return the wETH you’ve minted. You can reach out to us at firstname.lastname@example.org.
$10M for bug bounty — good time to learn hacking, right? Yet, there is $326M on the other side… Is it basic math or also a moral dilemma?
Jump Trading supplied the Ether to replace what was stolen, after attempts to pay the hacker a bounty in return for the stolen funds were ignored.
Approximately $624M was stolen from Ronin Network — and guess what? Nobody noticed for 6 days.
Apparently, the team discovered the attack after a report from a user being unable to withdraw 5k ETH from the bridge.
Ronin — rekt.
How did it happen?
Ronin was launched as an Ethereum side-chain in 2021. Decentralization and trustlessness were neglected to maximize TPS, resulting in just nine validators putting their reputation at stake. A consensus of five of these nine validators is necessary to approve transactions.
Four of the validators are operated by Sky Mavis, which means that if there was a security breach, only one more signature was needed to control the network — and that is exactly what the attacker did.
The attacker was able to gain access to the additional validator due to an arrangement made between Sky Mavis and the Axie DAO — then authorized two withdrawals, draining first 173,600 ETH and 25.5M USDC from the Ronin Bridge contract.
Finding out that you’ve been robbed of ~$624M, from a user, 6 days after the incident… DeFi is a strange place.
Poly Network is a cross-chain protocol for implementing blockchain interoperability and building Web3.0 infrastructure.
In August 2021, Poly Network was hacked for $611M worth of Poly Network tokens. According to the analysis, the hacker found a way to unlock tokens on the network without locking the corresponding tokens on other blockchains.
Fortunately, the attacker began returning the tokens the very next day. Some speculations say that the attackers had struggled to sell the tokens, while others say that the attacker stole the tokens just for fun — a daredevil one might say.
By the end of the week, all assets were returned except for $33M worth of stablecoin Tether, which had been frozen immediately after the attack.
Roughly $280M of KuCoin’s funds have been compromised in a security breach. The hacker has attempted to launder the money via Binance and Uniswap, selling all tokens for ETH.
On the official website, the KuCoin team explained that the hack was made because of a leakage of the private keys of KuCoin hot wallets. As a result, 1,008 BTC was stolen, along with 14,713 BSV, 26,733 LTC, 9,588,383 XLM, Omni, and EOS-based Tether (USDT) worth $14 million, $153 million in Ether and ERC20s, and over 18 million XRP.
One of the first tokens removed from the hacker’s address was 50,000 USDT. Tether then responded quickly to freeze the remaining tokens in the wallet — the predictable move left questions about why the hacker didn’t convert this currency first. Other stolen tokens were forked, frozen or blacklisted in order to reduce the damage caused by the hack.
Some assumed that the hacker was a KuCoin employee by interpreting the relatively unadvanced techniques used to launder the funds.
KuCoin managed to recover 84% of the funds, according to KuCoin CEO Johnny Lyu. While the hackers made off with the remaining 16%, some $45.55 million, the exchange covered this through its insurance fund.
Three Arrows Capital, a crypto-focused hedge fund, had to meet a deadline to repay more than $670M in loans to Voyager Digital or face default.
How did it happen?!
The founders’ extreme investing activities built a time bomb for themselves, and their creditors, who they have allegedly been ghosting — but the crash of LUNA has been a wake up call for 3AC. Although they did not disclose how much they lost, Zhu Su, the co-founder of 3AC, admitted that they were at a loss from their LUNA investment.
Danny, the head of trading in 8Blocks Capital, said that while the market was falling on June 12, they wanted to withdraw money from their accounts for positions in other exchanges, but they could not reach the founders of Three Arrows Capital. They did not dwell too much on the issue of not being able to reach them, thinking that they were busy. However, it was noticed that 1 million dollars was withdrawn from the funds without permission and in violation of the agreement. In other words, Three Arrows Capital is transferring its clients’ money without permission, in violation of the contract they made with their client.
Voyager Digital, a digital asset brokerage, said that it had lent 3AC 15,250 bitcoins and $350M of USDC. The total loan equates to more than $675M. Voyager gave 3AC until June 24 to repay $25 million USDC and the entire outstanding loan by June 27, Monday.
Voyager Digital said Monday morning that it has issued a default notice on 3AC after the firm failed to repay a loan of 15,250 BTC and 350 million USDC.
3AC has stayed quiet on the allegations and has avoided contact with the parties involved. The situation has not been resolved yet, and the outcome remains uncertain. We’ll be keeping an eye on it.
It’s not always that protocols get rekt. Sometimes, the tables are turned and the hackers taste their own medicine 👇
Robin Hood, or not?
EthCC, the crypto conference that will take place in Paris in July, is coming soon! This time, instead of the project, the scammers got rekt. Let’s see what happened:
The tickets for the conference are sold in batches and the third batch of 308 tickets were sold out in 3 minutes. Jerome De Tychey, the president of Ethereum France, reported:
10 tickets were sold via credit cards
98 tickets were sold via USDC
& 200 tickets were scalped in USDC by a single user
A group of people tried to trick the system and bought 200 tickets with the hope of selling them at a higher price. Clever, right? Life doesn’t always go as planned…
The tickets were sold as NFTs with a special metadata, which allows the holder access to the conference. This means that the tickets are non-transferable and if it is attempted to be transferred, it gives an error and reverts the transaction. When the organization found out about the purchase, they stripped the NFTs of their metadata leaving 200 useless tickets for $68,000.
The ambitious people they are, the scalpers tried to create a Gnosis Safe contract for each ticket with the intention of changing the owner of said contract. Then created a collection on OpenSea trying to resell the tickets.
Although this scalping method may seem clever at first, the minted tickets actually have no registration metadata since the normal sales funnel was by-passed. After the incident, the scalpers sent a message to De Tychey requesting the refund of their $68,000 claiming that they “got a bit carried away with how many they got”. EthCC transferred half of the money, and declared that the other half will be donated to a third party if there is no tax on it.
Robin Hood, or not?
Cryptocurrency is reputed for its transparency, but unfortunately, it is also well-known for hackers targeting platforms and exchanges to exploit them. Exchanges are targeted regularly as they tend to have open-source code libraries.
The sheer scale of some of these attacks highlights the need for exchanges and protocols to be extremely vigilant so that they can keep an eye on unauthorized activities.
How many crypto scandals will we have in 2022 — any guesses? Create a public bet on ibetyou.xyz and hope that you’ll win. Who knows? Maybe you will get rekt — but that’s a risk you have to take ✌️
Learn more & connect with us:
✨ Social feed
⚡ ️Have a proposal? Write us!