Join Our Telegram channel to stay up to date on breaking news coverage
The crypto world, despite getting a lot of mainstream adoption lately, can still present many risks to those brave enough to sail these water. Two recent exploits highlight these dangers.
The recent exploit of the Solana-based game ‘Aurory’, reminiscent of Pokémon, led to a significant security breach on Sunday evening. An attacker managed to extract approximately 600,000 AURY tokens, valued around $830,000 at the time of the attack. In response to this security issue, the developers of Aurory took immediate action, shutting down the SyncSpace blockchain bridge. This bridge is a crucial element that links Aurory to both the Ethereum scaling network, Arbitrum, and Solana.
Jonathan Campeau, the Executive Producer of Aurory, when approached for a statement, disclosed that the team is actively working on deploying a comprehensive patch for their backend services to address the security flaw. He detailed the nature of the attack, describing it as a race condition assault on the off-chain marketplace. This allowed the perpetrator to simultaneously send multiple buy requests. As a result, the seller received double the amount, while the buyer was charged only once.
Just a few hours ago, our team detected unusual activity on our marketplace. After quickly investigating, we discovered that a bad actor was able to exploit our marketplace’s buy endpoint, allowing them to increase their $AURY balance in SyncSpace. This allowed them to withdraw…
— Aurory (Play Now) (@AuroryProject) December 17, 2023
The consequence of this marketplace exploit was a dramatic 80% drop in AURY-USDC liquidity on Camelot, a decentralized exchange, with AURY’s value falling by approximately 17% since the early hours of Sunday. According to the latest figures from CoinGecko, the value of the stolen AURY, initially pegged at around $830,000, has decreased to about $690,000. The AURY token saw a significant price fluctuation, initially dropping to around $0.95 before recovering to approximately $1.15.
Further insights were shared by the Aurory team via X. They revealed that the exploit enabled the hacker to transfer funds from an Aurory developer team wallet directly to Arbitrum. The studio assured that no user funds or NFTs were compromised or currently at risk. Campeau also mentioned the increased attention Aurory has been receiving following the release of their new game expansion ‘Seekers of Tokane’ last month, which has unfortunately also attracted malicious actors attempting to exploit their systems.
Prior to this incident, Aurory’s platform had undergone a security audit conducted by cybersecurity firm Ottersec, which failed to identify this particular vulnerability.
Bored Apes and Pudgy Penguins NFT Stolen
Adjacent to the Aurory incident, another significant exploit occurred involving Floor Protocol, where a variety of Bored Apes and Pudgy Penguins NFTs were stolen. This exploit was linked to a recent contract upgrade by Floor Protocol, which introduced a security loophole. The NFTs were moved to a wallet, now marked for involvement in a phishing scam, as reported by ‘foobar’, the founder of the NFT marketplace Delegate. This wallet is identified as 0x4d0D746E0F66bf825418E6b3deF1a46Ec3c0B847 on Etherscan.
vuln was bad upgrade 11 days ago that allowed multicalling to external contracts
simple: nftContract.transferFrom(nftHolder, me, tokenId)
and bc nftHolder approved flooring, it would succeed
left image is safe internal multicall
right image is unsafe external multicall pic.twitter.com/gEHHZyLzDc— foobar (@0xfoobar) December 17, 2023
Flooring Lab, the company behind Floor Protocol, promotes high standards in user experience, security, and asset protection on its website. However, the recent update responsible for the vulnerability appears to have bypassed auditing. The Halborn audit on Flooring Lab’s website dates back to September 8, 2023, while the OtterSec audit is dated October 4.
Curiously, the ‘smart_contract’ repository audited by OtterSec now shows a 404 error, and Flooring Lab’s GitHub only lists repositories containing logos and configuration files for their website. A team member from Flooring Lab announced a corrective update they believe has resolved the issue. This Floor Protocol exploit follows closely behind a major hack of NFT Trader, which resulted in the theft of numerous high-value NFTs.
Related News
New Crypto Mining Platform – Bitcoin Minetrix
- Audited By Coinsult
- Decentralized, Secure Cloud Mining
- Earn Free Bitcoin Daily
- Native Token On Presale Now – BTCMTX
- Staking Rewards – Over 100% APY
Join Our Telegram channel to stay up to date on breaking news coverage
Credit: Source link
