Security and Risk

3 Nov - $1B worth of Gala Games tokens minted as defensive move

Concerns developed after a single blockchain address appeared to mint over $1 billion worth of GALA token out of thin air. [more][more-2][more-pNetwork]

• PeckShield flagged that, pNetwork – which provides routing infrastructure for decentralized finance (DeFi) and gaming tokens, including apparently GALA – seemed to imply that it was behind the mint.

• pNetwork indicated that they intentionally minted the 28.4B pGALA tokens (~$1B) to drain the PancakeSwap pool and protect tokenholders after a “misconfiguration” was identified in its bridge contracts.

• pNetwork also said that they will provide an update on post-mortem and recovery process for tokenholders.

• However, Gala Games is not happy about how pNetwork handled the incident. Jason Brink, the president of blockchain at Gala Games, said that pNetwork did not consult his team before minting a whopping 28.4B GALA tokens.

2 Nov - Skyward finance lost 1.1M Near Protocol token

Skyward finance was drained of 1.1M Near protocol token (~$3M) after an attacker managed to perform token redemption without proper validation. [more] [more-2][more-analysis]

• The attacker redeemed over 1.1 million wrapped Near tokens in a loop from Skyward’s treasury contract without checking if the token_account_ids provided is duplicated.

2 Nov - Crypto exchange Deribit hot wallet drained

Panama-based crypto exchange Deribit lost $28 million in Bitcoin, Ethereum, and Circle's USDC after its hot wallet compromised. [more][more-Deribit]

• The exchange stated that their hot wallet got hacked for $28 million, but the client assets and cold storage addresses were not affected. 

• The attacker held the hacked tokens on two wallets across Bitcoin and Ethereum after converting the stolen USDC to Ethereum. The tokens are not moved to any mixer (or) laundering service.

• The exchange has assured users that they’re still in a “financially sound position” and its reserves cover the loss without affecting the insurance fund.

2 Nov - DEX Rubix’s private keys compromised

DEX Rubic lost over $1 million after the attacker gained access to its private keys. [more][more-Rubic]

• Rubic, a service that allows users to swap cryptocurrencies between different exchanges, lost 34 million RBC and BRBC tokens after attacker gained access to the private keys of an administrator's wallet.

• The company suspected that it was malicious software that was used to get access to the admin wallet's private keys.

Monkey Drainer

Self-described “on-chain sleuth” ZachXBT shared about “Monkey Drainer” - a seemly crypto scam-as-a-service - that has been draining wallets for NFT and tokens. [more]

Other Crypto Picks

1. Hong Kong - Hong Kong securities regulators looking to lift retail ban. They will conduct a public consultation on restoring “suitable” crypto access for retail investors. It could also introduce ETFs for digital assets to its market. [more]

2. United States - The Federal Reserve’s New York branch is developing a framework for a potential wholesale central bank digital currency (CBDC) and exploring design choices. The research project, dubbed Project Cedar, revealed the results of its first phase Friday, which was a 12-week experiment to test how blockchain and distributed ledger technology (DLT) could enhance wholesale cross-border payments. [more]

3. Canada - Canada is opening consultations with crypto industry stakeholders as part of a formal legislative review of the financial sector. [more]

4. Immunefi, a bug bounty platform, has released its Whitehat Leaderboard — a scoring system that showcases the top 20 most elite white hats in Web3. The rank will measure a given white hat's skills and status amid Immunefi's security community. [more]

5. Multinational banking firm JP Morgan has successfully executed its first-ever cross-border transaction using decentralized finance (DeFi) on a public blockchain. The trade was facilitated by the Monetary Authority of Singapore’s (MAS) Project Guardian. [more]

6. Binance is open to buy a bank. It aims to ‘bridge the gap’ between crypto, traditional finance. [more]

7. Solana lost 40% of its nodes after Hetzner, a cloud provider ban hosting its network – turned off more than 1,000 Solana nodes overnight. [more]