Solana Stablecoin Nirvana Flash Loan Attack - $3.5 Million stolen

Nirvana Finance, a decentralized finance (DeFi) yield protocol on Solana, has suffered a flash loan exploit to the tune of about $3.5 million. Nirvana's native token ANA and its stablecoin NIRV suffered massive price falls due to the attack. ANA slipped 89% from $8.97 to $0.93 while the stablecoin has lost 90% of its US dollar value in the process.

On-chain data shows the attacker used a $10 million flash loan in USDC to mint $10 million worth of ANA tokens. The attacker then manipulated the protocol’s oracle feed thereby inflating the price of ANA coins so that their holdings exceeded $10 million. The attacker subsequently swapped what was actually $10 million in ANA tokens for $13.49 million in USDT.

The attacker bridged the profit via Wormhole and converted it to the DAI stablecoin.

Audius Governance Takeover - $6 Million

The decentralized music platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.

Audius is a decentralized streaming platform hosted on the Ethereum blockchain where artists can earn AUDIO tokens by sharing their music, and users can earn tokens by curating and listening to content.

After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.

the hacker exploited a bug in the contract initialization code that allowed them to perform repeated invocations of the initialize functions.

This enabled the intruder to transfer 18.5 million AUDIO tokens held by the so-called “community treasury” to their wallet, essentially stealing a significant amount of money and changing the platform's governance dynamics.

Next, the actor attempted to execute four governance proposals, three of which failed and one passed, transferring the entirety of the Audius community pool to the attacker's wallet.

As Audius concluded in the post-mortem report, no new tokens were minted, and the incident had no impact on the circulation of token supply. All remaining user funds are now safe according to the platform.

By late Sunday, the AUDIO token was fully functional again, but the “Staking” and “Delegate Manager” smart contract systems have not resumed operation as the fixes are still being evaluated.

In the meantime, the attacker traded their tokens on Uniswap for only $1.07 million, losing 5/6 of their value, and then passed them through the Tornado Cash mixing service to hide the trail of the stolen funds.

Uniswap Phishing Attack - $8 Million Stolen

A phishing scam offering a fraudulent airdrop managed to rob Uniswap users of nearly $8 million in funds. The phishing scam promised a free airdrop of 400 UNI tokens (worth approximately $2,200). Users were asked to connect their crypto wallets and sign the transaction to claim the malicious airdrop. Upon connection, the unknown hacker grabbed user funds through a malicious smart contract. To date, more than 74,000 wallets have interacted with the phishing scam smart contract.

The phishing actors created an ERC20 token and airdropped it to users who held UNI tokens, spending 8.5 ETH in TX fees for the high volume of the transactions

After deployment, for collecting their airdropped tokens, the hacker tricked users into signing a transaction. Instead, this transaction served as an approval transaction, giving the hacker access to all the Uniswap LP (Liquidity Pool) tokens held by the user.

It seems like Uniswap V3 sent the tokens because it was spoofed on Etherscan. When the victim viewed the token a phishing website was listed which was UniswapLP{.}com

The attacker spoofed the sender to Uniswap on Etherscan. That happened because block explorers such as Etherscan can take the data from the emit functionality of the contract, which is just a transaction log. These logs are stored on the blockchain and are accessible. But the emit function does not necessarily have to be the actual address.

Premint Hack - $400,000 Stolen

Hackers infiltrated popular NFT registration platform Premint and made away with 320 stolen NFTs and more than $400,000. The hackers compromised the Premint website on Sunday with malicious JavaScript code. They then created a pop-up within the site that prompted users to verify their wallet ownership, ostensibly as an additional security measure.

Over the course of Sunday, the hackers collected 275 ETH, or just over $400,000, through the sale of 302 stolen NFTs. The hackers have so far retained 18 unsold NFTs. The hackers then sent the funds to Tornado Cash.

The hack appears to stem from a bad actor's dependency injection (boomerang.js) via a similarly named domain

FBI Warning About Malicious Crypto Apps

Cybercriminals posing as legitimate investment firms and cryptocurrency exchanges have stolen tens of millions of dollars from more than 200 people by convincing them to download mobile apps and deposit cryptocurrency into wallets owned by the perpetrators.

According to an alert sent out by the FBI, the cyber-thieves are contacting US investors, fraudulently claiming to be legitimate organizations offering cryptocurrency services and mobile apps. Once the marks download the apps and deposit funds into the account, they are unable to get them back.

To date, the Feds have identified 244 victims of the scams, saying that $42.7 million was stolen between October 2021 and this May. The bureau is warning both financial institutions and investors to protect themselves against such schemes.