Critical Bug in world's largest NFT marketplaceđź‘ľ

Hashing Bits || Week 41

This Week in Hacks

Indexed Finance Exploited for - $16M

Indexed Finance, a passive income DeFi platform was attacked in which two fund pools were affected. The attack method is still unknown but the total loss is worth $16 Million. As the news came in light, the price of NDX (Indexed Finance Governance Token) fell down to 22%.

Vulnerability spotted in OpenSea

OpenSea, the world’s largest NFT marketplace, patched a critical vulnerability which could have let attackers drain crypto funds by sending a specially-crafted token.

The transfer confirmation message users may see while viewing an infected NFT. Image: Check Point Research

Lido Finance noticed Vulnerability

Lido Finance, a liquid staking solution for Ethereum, Solana and Terra, revealed a vulnerability which could have been used by node operators to steal a portion of user-funds. Approximately 20,000 ETH were exposed.

Vulnerability Writeups

Indexed Attack Post-Mortem by Indexed Finance.

RocketPool and Lido Frontrunning Bug Fix Postmortem by Immunefi.

DeFi Security

DeFi Security Risks: is it safe to connect wallets to DeFi platforms? by

How to Build a Defense System for DeFi Security by Immunefi.

DeFi Hacks and Future Threats- The Role of Economics in Secure Protocol Design by Prysm Group.

Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts by Kushal Babel, Philip Daian, Mahimna Kelkar and Ari Juels (Colonel University).

DeFi in Numbers

Stablecoins are the top DeFi trend—


More From Editor’s Desk

To term DeFi a sort of wild west won’t be an exaggeration. Positivity and potential are rampant, but you can also smell fraudsters just round the corner. With a regulatory system yet undeveloped in the DeFi realm and many people still considering it outside the realm of mainstream fintech, it is always going to be more likely to attract criminals.

More than $284 million has been lost as a result of Defi hacks since 2019, according to research by Messari. The crypto research provider says that the average amount stolen in these incidents amounts to $11.9 million.

While projects might try to sweep situations under the rug when only one or a handful of victims are involved, rug-pulls typically hit a much greater number of users and threaten to wipe out an entire or a major chunk of capital.

checkout how you can preempt Rug Pulls in the DeFi space through Smart Contract Audits-

Read More