Orion Protocol CEO Alexey Koloskov wrote a Twitter thread confirming the attack, but claiming that although they weren't sure how the hack was perpetrated, it wasn't due to the fault of their own code. Koloskov wrote that he thought the issue "might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers."
Orion Protocol suffers $2.9 million hack
The decentralized exchange Orion Protocol suffered a loss of 1,757 ETH (about $2.9 million) from the company treasury funds thanks to a reentrancy attack.
Bonq defi borrowing project exploited
The Polygon-based borrowing protocol Bonq suffered an attack in which 112 million ALBT tokens and around 100 million BEUR tokens were stolen. A flaw in the protocol enabled the attacker to modify prices, allowing them to new ALBT and BEUR for significantly less than market price.
The attacker quickly bridged the tokens to the Ethereum chain and swapped them for ETH and USDC, collectively worth around $1.7 million. The price of ALBT plunged around 50%, and the BEUR Euro-pegged stablecoin significantly lost its .
Rally sidechain shuts down with under a day's notice, taking users' tokens with it
Rally is an Ethereum built to support "social tokens" — typically, tokens intended for fans of various celebrities or groups.
Fans of creators including Felicia Day (actress and famous nerd), Brandon Powell (LA Rams wide receiver), and Portugal. The Man (rock band) may be disappointed, however, because Rally announced with under one day of notice that they would be shutting down. "This means that after today, the site will no longer be supported and you may experience a degradation in services or it may simply become inoperable. Additionally, since NFTs on the Rally sidechain are not transferable to mainnet, these will not be accessible once the site shuts down," they wrote in an email. The project also deleted its Twitter account.
The group behind the Rally Network had raised $57 million in funding in 2021, and was backed by VCs including Andreessen Horowitz.
Hacked Azuki Twitter account enables theft of pricey NFTs and crypto priced at more than $1.74 million
Hackers were able to compromise the Twitter account belonging to the popular Azuki NFT project, which they then used to promote a fake NFT drop to its 334,000 followers. Users who tried to the NFTs instead had their wallets emptied of pricey NFTs and cryptocurrencies.
Stolen NFTs included 74 Otherdeeds ( ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.
One single wallet transferred 750,000 of the USDC to the attacker, resulting in a particularly brutal loss for one individual.
- One of the attacker wallets on Etherscan
- Another attacker wallet on Etherscan
Kevin Rose loses pricey NFTs to wallet hack
Kevin Rose, perhaps best known as the founder of Digg, but also a prominent crypto investor and entrepreneur, lost a substantial number of pricey NFTs when he apparently signed a malicious transaction. The hacker stole 25 Squiggles NFTs, which are trading at a of 13.3 ETH, putting the estimated price based on the floor price at around 332.5 ETH (~$519,000). Rose acquired the Squiggles for between 6.3 and 16 ETH each (~$10,000 to $25,000).
The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.
Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.
FBI pins the Harmony Bridge hack on North Korea
A June 2022 hack saw cryptocurrency notionally worth $100 million stolen from Harmony's Horizon Bridge. At the time, blockchain research firm Ellipsis concluded that there were "strong indications" that the hack had been perpetrated by the North Korea state-sponsored Lazarus hacking group. Lazarus has been responsible for several major crypto hacks before this one, including the massive Axie Infinity hack in March 2022.
Now, the FBI has accused two groups of North Korean hackers — Lazarus and APT38 — of perpetrating the Harmony hack. The groups then used Tornado Cash and RAILGUN to launder the funds.
Porsche bungles NFT roll-out
For some reason, Porsche decided they needed to release a set of Porsche 911 NFTs so that customers could buy "the opportunity to co-create Porsche's future in the Web3 universe" (whatever that means). The set of 7,500 NFTs were available to for 0.911 ETH apiece, or around $1,490. If the project sold out, Porsche would have been looking at a windfall of more than $11 million.
Unfortunately for them, things didn't quite go as planned, with collectors balking at the high pricetag. Mints slowed to a crawl far before the 7,500 limit was reached, and the NFTs quickly began trading at a discount on secondary markets (meaning it was cheaper to buy a resold NFT than mint a new one).
Porsche decided to pump the brakes on the mint when fewer than 2,000 had sold. However, they botched that too — they announced they had stopped the mint before they actually did so, which caused the collection's secondary to rise back above the mint price in anticipation of higher scarcity. Observant traders who noticed this were able to arbitrage the price difference, minting new NFTs and immediately flipping them for a profit on secondary markets.
NFT collectors criticized Porsche for appearing to try to jump into web3 without knowing the space, and asking for an exorbitant mint price without a clear plan.
Wormhole hacker becomes the third largest holder of stETH
After the $320 million hack of the Wormhole blockchain bridge in February 2022, much of the funds remained dormant. Now, however, the hacker seems to have returned. On January 23, they took 95,360 ETH (~$157 million) of the 120,000 ETH they stole (now worth substantially less) and used it to lever up a position in stETH. stETH is Lido-staked Ether, an asset representing ETH that has been on Ethereum since it moved to the model.
Ultimately, the Wormhole hacker became the third-largest holder of stETH as a result. The size of the swaps was so large that it moved the stETH market, increasing trading volume by 3000% and temporarily causing the asset to move above its usual 1:1 with Ethereum.
The move, which many crypto enthusiasts took as an indication that the Wormhole hacker was a "crypto ", is unlike the activities of many crypto hackers, who typically try to launder the money and exit into fiat rather than keep it within the crypto ecosystem.
NFT GOD's wallet drained, accounts used to phish others after malware infection
According to NFT GOD, his computer was infected with malware when he clicked a sponsored link in a Google search when he went to download the streaming software OBS. This is similar to an attack in April 2022 where scammers stole millions using malicious Google ads.
According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.
The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.
FTX liquidators get liquidated
As they tried to close an Alameda position on the Aave lending project, liquidators in charge of recovering customer funds lost $72,000 due to an error in their approach. The liquidators first removed extra collateral that was supporting the position, which resulted in two in nine days. The total loss was 4.05 BTC, which is priced at around $75,000 based on prices at the time of the transactions.
This SNAFU unfortunately means that those assets won't be available to be repaid to FTX customers, although this loss is relatively small compared to the total amount owed.