Mediaboss Marketing

DeFi experienced six major exploits that resulted in losses of over $33 million USD, from April 7th to 14th, 2023. The incidents highlighted the need for conducting regular security audits to address vulnerabilities in smart contracts.

We're excited to announce our new security series in collaboration with D3ploy, a leading Web3 security team dedicated to enhancing the safety of the industry. Together, we'll provide regular updates on the most significant security threats and vulnerabilities encountered.

The week of April 7th to 14th, 2023, witnessed a series of high-profile exploits in the decentralized finance (DeFi) industry, causing significant financial losses and demonstrates that while DeFi holds immense potential to revolutionize the financial industry, it is still in its infancy and has a long way to go in terms of security and robustness.

By learning from these exploits we as a DeFi communitiy can work together to strengthen the ecosystem and pave the way for a more secure and stable decentralized financial future.

The six major exploits that occurred during this period include:

The total estimated value lost across these exploits is over $33 million USD, with some funds recovered across various incidents. These security breaches underscore the importance of conducting regular security audits to identify and address vulnerabilities in smart contracts, particularly when releasing updates.

Lets explore each individual exploit in a little more depth

South Korean centralized exchange GDAC experienced a severe hot wallet hack on April 9th, 2023, resulting in the loss of 14,324,040 $USD worth of cryptocurrency. The stolen assets included 60.8 $BTC, 350.5 $ETH, 220,000 $USDT, and 10,000,000 $WEMIX. This theft accounted for approximately 23% of GDACs total assets under custody.

The exchanges emergency response team acted quickly to suspend all deposit and withdrawal services and block related servers. GDAC reported the incident to the police and the Korea Internet & Security Agency (KISA) for technical support, as well as notifying the Financial Intelligence Unit (FIU). GDAC urged asset issuers, exchanges, and DeFi managers to freeze assets and collaborated with various organizations to recover the stolen funds.

Yearn Finance, a yield aggregator, and Aave Protocol, a lending and borrowing platform, fell victim to a flash loan attack on April 8th, 2023, resulting in a combined loss of 11,512,509 $USD worth of $ETH and $DAI. The attacker executed the exploit using two malicious smart contracts and took a flash loan for 2,000,000 $USDT, 5,000,000 $USDC, and 5,000,000 $DAI from Balancer. The borrowed assets were used to exploit a vulnerability in Yearn Finances USDT pool, allowing the attacker to mint a significant number of ycUSDT and yUSDT tokens, which were then swapped for various stablecoins.

A smaller attack occurred simultaneously, affecting Aaves LendingPoolCoreV1 contract. The attacker repaid all users USDT positions in the Aave V1 protocol. The stolen assets were transferred to destination wallets, with 1,000 $ETH bridged through TornadoCash.

On the morning of April 10th, 2023, Terraport was exploited, leading to losses of approximately 4 million USD in Terra, LUNC, and USTC tokens. The exploit was made possible due to a mathematical weakness in the algorithm used to calculate LP prices.

The malicious actor added a small amount of liquidity to the protocol and then manipulated the LP share price, allowing them to withdraw a large amount of liquidity. Two pools were affected, the first one drained for 9,148,426 TERRA ($1.8 million) and 15,100,861,997 LUNC ($1.88 million), and the second one for 576,736 TERRA ($115K) and 5,487,381 USTC ($117K). The total losses amounted to about $4 million USD.

SushiSwap, a cross-chain decentralized exchange, experienced an exploit on April 7th, 2023, due to a bug related to approvals of its RouterProcessor2 contract. The vulnerability led to losses of nearly 3,505,000 $USD from the user named sifuvision.eth.

The hack was caused by a smart contract bug on SushiSwaps RouterProcessor2 contract, which allowed attackers to bypass security checks and withdraw affected users approved tokens. The incident affected users who swapped on the platform within four days before detection. After detecting the exploit, Jared Grey, head developer at SushiSwap, urged users to revoke permissions for all contracts on their platform while they worked with security teams to mitigate issues.

An interesting part of the story is that the initial hack of 100 $ETH was performed by a white hat, who tweeted about the vulnerability and returned 90 $ETH back. However, several EOA addresses used the same vulnerability to exploit the same user for a more significant amount of 1,790 $ETH. Jared Grey announced the returning of 300 $ETH with the help of the community and is working on returning 700 $ETH from the Lido Vault.

MetaPoint, a metaverse running on the Binance Smart Chain, was hacked on April 11th, 2023, through a vulnerability found within their deposit function. When a user used the deposit function, it created a new contract and deposited tokens into that contract. The issue arose because this newly created contract had an approve function that gave unrestricted access to $META tokens without any restrictions or limitations.

An attacker took advantage of this by deploying a malicious smart contract with unverified source code and draining mass amounts of funds from users who had deposited $POT tokens onto their platform. The exploiter was able to steal 2,518 $BNB, worth 803,242 $USD at current market rates. All the stolen money was transferred through TornadoCash.

OpenAI ATF, a BEP20 token trading on PancakeSwap, experienced a rug pull on April 14th, 2023, by the deployer who removed liquidity worth 340,061 $USD. The deployer removed LP funds over nine transactions and swapped them for $WBTC. Part of the stolen assets remains in the deployers original address.

The turbulent week of April 7th-14th, 2023, witnessed six major exploits in the DeFi industry, resulting in over $33 million USD lost. Some of these funds have been recovered, thanks to the quick response of project teams and the collaboration of the wider DeFi community. The incidents serve as a stark reminder of the importance of conducting regular security audits to identify and address vulnerabilities in smart contracts, especially when releasing updates.

It is crucial for developers, project owners, and users to remain vigilant and prioritize security measures to ensure the overall safety of the DeFi ecosystem. As the industry continues to grow and evolve, so too will the need for robust security practices, including regular audits, thorough testing, and close collaboration.

D3ploy is an industry leading smart contract auditing service offering support to all public and private blockchains.

D3ploy offers comprehensive auditing services that cater to projects of any budget. With an impressive track record of auditing over 50 projects with zero security breaches to date and securing more than $6.5 billion in crypto assets, D3ploy is the ideal choice for DeFi projects seeking to ensure the security of their smart contracts.

Website |Twitter | Telegram |Linkedin |

View post:

D3ploy Unpacks Biggest Security Breaches of the Week - BSC NEWS

The future of the digital financial ecosystem MinePlex is set to change dramatically with its plans to shift to the new Tendermint Core architecture in a phased rollout. The transition is accompanied by the launch of two new tokens, XMine (MPX) and CrossFi (XFI), with target average payback of an MPX coin set at approximately 12 months. This upgrade, combined with MinePlexs existing payment solutions, promises to provide users with a comprehensive, user-friendly, and secure financial ecosystem.

The success of the dual token business model in the MinePlex ecosystem has already been proven on the previous version of the blockchain with its MINE and PLEX tokens, with MINE being the base token for staking, and PLEX being the utility one. By the beginning of 2023, the PLEX token was listed on 8 crypto exchanges, and the MinePlex blockchain 1.0 had bridges to Ethereum (ETH), Binance Smart Chain (BSC) and Polygon (MATIC). The need for the current transition to Tendermint Core is due to an increase in users and insufficient throughput and low scalability of the Tezos architecture. The Tendermint Core architecture has numerous benefits, including unlimited scalability, high throughput, and a fraud-resistant Byzantine Fault Tolerant consensus protocol.

The tokens of the new MinePlex blockchain have similar functionalities. MPX is a non-volatile token that represents MinePlexs blockchain computing power and is used to pay transaction fees and generate new tokens on the network through staking. XFI is a volatile utility token that provides access to MinePlexs ecosystem services and products.

As the MinePlex 2.0 blockchain utilizes the DPoS (Delegated Proof of Stake) consensus protocol, MPX holders can choose a validator and delegate tokens to start XFI mining. Each new block of XFI tokens is then distributed proportionately among the delegators based on their MPX stakes.

According to MinePlexs development strategy, the average payback of an MPX coin is about one year. However, since the XFI coin rate will be market-based and traded on exchanges, the payback and profitability of MPX can both decrease and increase.The initial MPX emission is 4,000,000,000, and the last MPX will be minted when the XFI token emission ends.

The primary objective of the project is to promote the adoption of blockchain technology by offering accessible and user-friendly financial tools that make it easy to use cryptocurrencies, just like traditional currencies.

MinePlex has been audited by Certik, a well-known cybersecurity firm. The platform also secured $100 million in financial backing from GEM, a digital asset investment firm. To offer a seamless fiat experience, MinePlex has partnered with a major Brazilian bank, which allows users to issue VISA and MasterCard cards and access conventional banking services.

MinePlex offers a wide range of products and services that provide advanced payment solutions for users worldwide. The MinePlex Wallet App for iOS and Android allows users to store and manage MinePlex ecosystem tokens and cryptocurrencies in one place. The Explorer tool provides users with blockchain data and analytics, such as price and turnover of MinePlex ecosystem tokens, transaction tracking, and wallet and pool information.

MinePlex Payment platform provides businesses with crypto-acquiring capabilities and payment solutions, including payment pages for accepting online payments in fiat and cryptocurrency, POS terminals, and tools for creating payment pages. MinePlex Finance, a new generation financial mobile platform, provides bank account and financial services online in euros, pounds sterling, and MinePlex tokens. Additionally, MinePlex Marketplace enables users to buy goods directly for ecosystem tokens, with a unique product staking tool that allows users to acquire items for a fraction of their cost.

Excerpt from:

Mineplex Ecosystem with Two-Decade Scheduled Staking Moves to ... - Blockchain Reporter

The BNB Smart Chain performed the Plank hard fork on 12 April, intended to improve the security and stability of the layer-1 network. Through a tweet, Binance confirmed the completion of the upgrade and announced the resumption of deposits and withdrawals on the chain which were halted temporarily.

The native token of the ecosystem, Binance Coin [BNB], responded positively. It recorded 24-hour gains of 1.06% on its price at press time, per CoinMarketCap.

ReadBinance Coin [BNB] Price Prediction2023-24

As part of the security enhancements, the cross-chain bridge between the Beacon Chain and the Smart Chain will be made stronger by introducing several features.

They include enabling validators to pause cross-chain channels, automatic pausing in case of forged proof detection, and applying a timer lock for large cross-chain transfers.

The upgrade comes at a time when the BNB Chain was making headlines for an increase in cross-bridge hacks.

As per a report by ImmuneFi, a Web3 bug bounty platform, BNB Chain was the most targeted in Q1. There were 33 incidents of hacking on BNB Chain, representing more than 40% of the total losses across targeted chains.

In fact, when we asked ChatGPT if increasing hacks will be the undoing for Binance, it responded by stating that they were definitely a cause for concern.

The AI bot added that hacks could impact not only the adoption of the BNB Chain but the value of the BNB coin as well.

Despite the growing incidents of hacks and looming regulatory concerns, BNB Chain adoption didnt show signs of sluggishness. According to Token Terminal data, daily active users on the platform surged 10% over the last 30 days. However, it lost the first spot in the rankings of the chain with the greatest number of daily active users to Tron [TRX].

The transaction fees collected on the platform exhibited a steady growth rate over the previous month. Conversely, the fees declined by 2% in the last week.

Source: Token Terminal

How much are1,10,100 BNBs worthtoday?

BNBs Open Interest (OI), or the dollar value locked in the outstanding contracts on futures exchanges, was $308.72 million. This represented a fall of 0.12% in the last 24 hours.

The OI has moved sideways in the last few days of trading, implying that bullish and bearish traders were uncertain about the direction of BNB.

See original here:

BNB Chain executes hard fork upgrade- Heres everything you need to know - AMBCrypto News

A couple of crypto whales unloaded millions of Arbitrum (ARB) after the popular Ethereum (ETH) scaling solution witnessed significant gains this week.

Blockchain tracker Lookonchain notes that the largest buyer of Arbitrum on its first day of listing back in March transferred a large stack of nearly 10,000 ARB, worth about $17 million, to top crypto exchange Binance a few days ago.

A separate ARB whale also transferred its entire Arbitrum bag, worth $18 million, to Binance on Friday, according to Lookonchain.

The whale with 11 million ARB ($18 million) transferred all ARB to Binance

The buying cost was $13.55 million and the average buying price was ~$1.24.

If he sells at $1.64, he will make a profit of $4.54 million, an ROI (return on investment) of 33%.

The 33rd-ranked crypto asset by market cap rallied from a seven-day low of $1.16 to a high of $1.71, marking gains of over 47%. ARB has slightly given up some of its gains and is trading for $1.63 at time of writing.

Arbitrum currently ranks fourth among all chains in terms of total value locked (TVL) with $2.27 billion, behind Ethereum, Tron (TRX) and BNB Smart Chain, according to the decentralized finance trackerDeFi Llama.

The TVL of a blockchain represents the total capital held within its smart contracts. The metricis calculated by multiplying the amount of collateral locked into the network by the current value of the assets.

Generated Image: Midjourney

Read the original here:

Top Ethereum Altcoin Explodes 47% in One Week As Whales Send Millions of Tokens to Crypto Exchange - The Daily Hodl

Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult ourwebsite policyprior to making financial decisions.

In July this year, the Federal Reserve will launch the most significant financial innovation in its history FedNow. This 24/7 instant payment infrastructure has all the hallmarks of a CBDC precursor. However, is the tokenized dollar even needed?

When innovation comes along, the best way to grasp its importance is to place it in an existing framework. From this point of view, what is USD in its current form?

In other words, central banks liabilities come from banknotes and commercial bank reserves. Typically, the latter holds the bulk of the total money supply in their balance sheets. In both forms, this money is a type of IOU as a legally recognized vehicle to settle transactions.

Accordingly, the central bank guarantees the convertibility of commercial banks balance sheets into physical banknotes. By the same token, the role of the central bank is to provide this liability from its balance sheet.

If the Fed can already create money digitally, what does having a Central Bank Digital Currency (CBDC) mean? If the central bank already creates such money as an expression of its balance sheet, what would be different with CBDCs?

Fortunately, there is little ambiguity on this question, courtesy of the BIS chief, Agustin Carstens:

The key difference with the CBDC is that the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability. And also, we will have the technology to enforce that.

The present pre-CBDC system works through different accounting layers. Commercial banks serve as the secondary money layer to the primary layer of the central bank. These layers are ledgers from which transactions are added and subtracted.

What CBDCs represent is the unification of those layers. However, the digital token itself a retail CBDC such as Chinese eCNY would simply be an extra utility of the new network infrastructure. For instance, BTC is a token of Bitcoins distributed ledger, keeping track of all transactions as a type of energy receipt from miners.

Because Bitcoin launched as a decentralized ledger without hierarchical top-down control, BTC was already baked in the DLT cake.

But within the context of the Federal Reserve, distributed ledger technology (DLT) would be deployed under the rules and conditions of the central bank. The upcoming FedNow network is a step in that direction, which may or may not build up to retail CBDCs.

After all, digital dollars already exist under the central banks control.

In March 2020, in a 60 Minutes interview, one of the Fed Governors, Neel Kashkari, said that there is an infinite amount of cash at the Federal Reserve. As already noted, this somewhat fantastical claim is born of the fact that the central bank is the sole entity that can create money digitally to express its electronic ledger.

This means that the central bank can be insolvent and have negative equity. The Feds balance sheet read $44.2 billion in unrealized losses at the end of March. However, when commercial banks go into negative territory, they are at risk of collapse, as happened with Silicon Valley Bank.

With FedNow in play, potential stress in the banking system can be relieved. When connected to FedNow, all financial institutions can settle payments instantly, 24/7, removing the long-standing payment legacy of having to wait 3-4 business days. More importantly, FedNow network participants can access cleared funds on the same payment day for commercial banks.

Previously, there was a considerable gap between made payments and those payments become available. FedNows intraday access to funds would provide commercial banks with a superior and more stable liquidity management system.

If financial institutions connect to the Federal Reserve via FedNow, all the lower-tier economic participants also connect to it. For instance, a business would use FedNow automatically via its commercial bank/credit union. In turn, a customer interacting with the business would also use FedNow.

If the FedNow rules are tweaked down the line, it would be the role of commercial banks to trickle them down to customers.

This is made possible by ISO20022, a new financial standard for relaying electronic data between financial institutions, regardless of country and language. Given that the USD enjoys the status of global reserve currency (GRC), this also means that FedNow is poised to become a new clearing house for most of the worlds transactions.

In the blockchain space, two key factors determine a networks performance transaction settlement time and settlement cost. FedNow charges $0.045 per transaction for payments up to $100,000. Moreover, financial institutions must only pay a $25 monthly access fee.

This is drastically cheaper than running any blockchain node.

In addition to instant settlements, this makes FedNow the most cost-efficient payment network in the world. For comparison, although Binance Smart Chain (BSC) has a near-instant performance of 3 seconds, its average network fee is 4x more expensive than FedNows, at $0.189.

The blockchain trilemma is not in effect because FedNow doesnt have to worry about decentralization. FedNow can be scalable and secure, likely more than any other existing or future public blockchain network.

With that said, Bitcoins Lightning Network is equal to FedNows performance, both in terms of ultra-low fees and speed. Most importantly, if the Fed decides to dilute the value of USD through its monetary policies, Bitcoin would be a viable hedge against such USD debasement.

In this context, FedNow may only speed up the process of fiat-to-crypto inflows, making it more convenient. However, if the condition of using FedNow is for banks to de-platform crypto businesses via Operation Chokepoint 2.0, the decentralized blockchain space may find itself in a liquidity bind. It may also happen that banks would have to conform to other conditions when using FedNow, placing integrated FedNow banks into an advantageous position.

Finance is changing.

Learn how, with Five Minute Finance.

A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Awesome

Youve subscribed.

Youre well on your way to being in the know.

Do you think FedNow will eventually supplant physical banknotes as card payments dominate? Let us know in the comments below.

Read the original here:

FedNow: Digital Dollars without the Tokens - The Tokenist