‘Be Optimistic!’: Hacker Returns $15M In ‘Optimism’ Tokens🚨

QuillAudits - Web3 Security 🛡️
QuillHash
Published in
3 min readJun 11, 2022

Events Under the Spotlight 🔎

Trader Joe was exploited for ~$1M

  • Trader Joe, leading DEX on Avalanche blockchain was exploited for $1M.
  • The vulnerability lies in the protocol transaction fees process.

$15M of Optimism Tokens Stolen

  • OptimismPBC, a layer-2 scaling solution for Ethereum, lost 20M OP tokens.
  • The total loss is expected to be ~$15M.
  • The attacker returned 17 million of them on Friday.

GYM Network Protocol Hacked, $2.1 Million Stolen

  • Gym Network was exploited due to a lack of caller verification in the smart contract to steal ~7,500 BNB or $2.1M.
  • The funds were later routed through Tornado Cash.

ApolloX suffers $2.8M hack

  • ApolloX was hacked by exploiting Apollo’s Trading Reward contract to accumulate 255 signatures.
  • The hacker then used these signatures to withdraw 53 million APX tokens from the Withdrawal contract.
  • The project team made a purchase of 2,748,585 APX tokens.

Mair Exchange fell for a $113M hack

  • Mair Exchange, a major DEX on the Elrond blockchain suffered a hack.
  • It was temporarily taken down after an attacker exploited the DEX and siphoned off $113M worth of $EGLD tokens.
  • The attackers deployed a smart contract that allowed them to withdraw over 1.65 million EGLD.

Osmosis DEX Liquidity Pools Hacked for $5 Million

  • Osmosis blockchain was halted by the core team members and validators after a critical vulnerability was found in its liquidity pools that lead to a $5 million exploit.

Bored Ape Yacht Club’s Discord server was hacked

  • BAYC Discord server was hacked leading to a loss of 200 ETH or ~$360,000.
  • A total of 32 NFTs were stolen in the incident.
  • The project suffered a second hack this year till now.

A person stoles $660,000 worth of crypto from 900 victims

  • Police in Seoul, South Korea arrested a resident after discovering that the person stole $660,000 worth of cryptocurrency from 900 victims by mining credentials from social media.

Animoon rug pulls for $6.3 million

  • Animoon team rugged with taking 9,999 Pokemon NFTs after signing a non-disclosure agreement with Pokemon partner Topdeck for developing a P2E game.
  • The team deleted its website and Twitter account.

To the Numerophiles out there 🔢

  • Mastercard to allow 2.9B cardholders to make direct NFT purchases

Source

Word on the Block📦

Seed phrase

Versus Series🛡️

Hard fork VS Soft Fork

Stay updated with the latest happenings in the blockchain world; join our Discord community here🤝

--

--

QuillAudits - Web3 Security 🛡️
QuillHash

6+ Years Securing #Web3: 1M+ Lines Audited. Trusted by 1K+ Clients including StarkWare, Taiko, ZetaChain & Metis. Next-gen audits, KYC & on-chain monitoring.