Hack Summer Continues with Acala, Curve, and other Victims🚨

In brief —

Events Under the Spotlight 🔎

GenomesDAO, a project on MATIC was hacked

GenomesDAO was attacked by hackers, resulting in the unexpected withdrawal of funds in its LPSTAKING contract.

Cameo’s CEO fell victim to a $231k NFT breach

• Steven Galanis, the CEO, and co-founder of popular video-sharing app Cameo was victim of a hack.
• The attackers made off with $231,000 in crypto and NFTs.
• The exact hack mechanics aren’t clear from Galanis’ tweets.
• Some Twitter users suggested he’d kept a copy of his seed phrase (essentially a security key that can be used to get access to a crypto wallet) in a service that uses iCloud backups, giving the hacker access after his account was compromised.

EGD_Finance Fell for a Price manipulation Hack

The EGD_Finance project on BSC was attacked by hackers, resulting in the unexpected withdrawal of funds from its pool.

Curve.Finance Gets Hacked and ~$570K Stolen

• As per the Curve Finance team, the hack alerted the users to restrain from using the site.
• The team later announced that the issue was resolved.
• However, the hackers could still hijack around $537,000 USD coin (USDC) before the issue was resolved.

Over $600K Vanished from Blur Finance — Developers disappear

• Blur Finance was a yield aggregator that used different Decentralised Finance protocols to optimise and maximise yield on funds deposited from its users.
• The project was based on the Binance BNB Chain and had migrated to Polygon (MATIC).
• The protocol’s website returns an invalid certificate, and a link to its Discord channel results in an “invite invalid” message.
• The move is a textbook rug pull; a scam carried out by developers who launch a working decentralized finance application and carry out social media marketing to popularize it before issuing a token and listing it on a decentralized exchange (DEX).
• After investors have purchased the tokens in the hopes of a positive return, the developers shut up shop and disappear.

DeFi Platform Acala’s Stablecoin Falls 99% After Hackers Issue 1.3B Tokens

• Polkadot’s DeFi Hub Acala Network suffered an exploit that saw its native over-collateralized stablecoin aUSD plummet to zero.
• The exploit was due to a “misconfiguration" issue in the newly launched iBTC/aUSD liquidity pool that allowed users to mint unlimited aUSD from thin air.
• After the incident, Acala immediately halted swaps and cross-chain transfers, leaving the exploiters stuck with around 99% of the erroneously minted aUSD on the parachain.

||Acala Dollar (AUSD) 7-day price chart:

The Bribe Protocol’s $5.5M Scam

The Bribe Protocol which raised $5.5m in January 2022 has gone completely dark across all socials for 3+ months.

Trending Blog of the Week📈

Despite being an automated, decentralized version of a typical cryptocurrency mixer, Tornado Cash was sanctioned by the U.S. government last week as the Treasury Department’s Office of Foreign Assets Control (OFAC) added Ethereum addresses associated with the tool to its specially designated nationals and blocked persons (SDN) list.

Check out this blog to learn more about Tornado Cash and its working!

Read More

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :

Linkedin | Twitter | Website | Newsletter | Discord | Telegram