BXH suffers US$130 million exploit; Squid game token meets deadly end

Transcript

Hacks and DeFi exploits are getting our newsroom buzzing today.

Welcome to The Daily Forkast November 2, 2021. I’m Angie Lau, Editor-in-Chief of Forkast.News, covering all things blockchain.

Well, the bad news keeps on coming for DeFi platforms, with BXH and Cream Finance each suffering losses of around US$130 million from hacking exploits in just the past few days alone. We’re going to take a look at the moves being made to improve security and a whole lot more coming up.

Let’s get you up to speed from Asia to the world.

Let’s kick off with some of the top stories out of Asia today.

Dot, the native cryptocurrency of Polkadot, has crossed the US$50 mark for the first time, hitting an all-time high of US$50.87 early Tuesday, Asia time.

Now Dot’s high comes with parachain auctions on Polkadot imminent and as a motion for a parachain teams to register their parachain and open their crowdloan on November 4 has gone to a public vote, after being passed by the Polkadot council.

Meanwhile, Bitcoin mining difficulty has hit its highest level since its mid-May all-time high. We saw the difficulty level drop four consecutive times immediately after China intensified its clampdown on the mining sector back then. But according to data from BTC.com, Monday’s adjustment saw an increase of 7.85%. It is the eighth increase in a row.

And you can find more on those stories at Forkast.News.

Meanwhile, more hack attacks for DeFi protocols – it seems like they just keep coming.

In a series of tweets, DeFi trading platform BXH announced that an exploit on Binance Smart Chain had resulted in the theft of around US$130 million worth of assets.

Now, its announcement was made just one day after Cream Finance got creamed, saying a hack had seen it lose a similar amount.

Forkast.News Timmy Shen reports on the work being done to prevent these hacks.

BXH responded to the incident by saying that assets on chains other than Binance Smart Chain were safe, but that it had locked contracts on the OEC and HECO chain to maintain security of assets.

The blockchain security company PeckShield has confirmed that exploit was caused by a single leaked admin key, used to drain funds, and that the whereabouts of the stolen funds is being monitored.

BXH is also cooperating with Binance Smart Chain on tracing the funds, and it has said that hacker will be offered a bonus if the assets are returned in recognition of it being a white hat action. It went on to say that any white hat team who help will be offered a reward of US$1 million.

Neo Wang, CEO of BXH, told Forkast.News that most of the affected users appear to be in mainland China, so it immediately reported the case to China’s cyber police and the police has now entered its office to help investigate the whereabouts of the hacker.

“According to the possibility at the moment, the hackers are in China, so we chose to call the police in China. The team which is participating in the investigation is the Chinese cyber security police team, they are very experienced, and they also have found some clues and evidence.”

Meanwhile, Cream Finance, who lost about US$130 million worth of tokens in a flash loan attack just one day before the BXH exploit, says it will offer a bug bounty of 10% if the funds are returned by attacker.

In a post mortem, Cream confirmed that it had patched the vulnerability and that it is working on repayment of lost funds, with details to be announced in the coming days.

Its partner, Yearn Finance, tweeted to say that it had successfully salvaged US$9.42 million of the stolen funds.

For Forkast.News, I’m Timmy Shen in Taipei, Taiwan.

And there goes the Squid Game token.

The participants of this memecoin, based on the Netflix hit series Squid Game and completely unauthorized, met a deadly ending when its price crashed down to zero dollars in five minutes Monday night from around US$2,800.

Its developers cashed out at the token’s highest point, stealing an estimated US$3.38 million.

Many investors were blinded by the global phenomenon that is Squid Game, but there were plenty of red flags that foretold a “rug pull”.

Forkast.News, Danny Park reports.

A “rug pull” happens when a crypto project developer abandons it after gathering investments. In other words, a scam. And that’s exactly what appears to have happened with the Squid Game token.

It’s a full red light for squid investors – the project’s official website is down, while its white paper is gone and Twitter has restricted access to its account due to unusual activity.

But even before the rug pull, the cryptocurrency appeared sketchy.

Coinmarketcap warned investors of multiple reports that users couldn’t sell their tokens on Pancakeswap and the token’s three-week old website featured multiple spelling and grammatical mistakes, while others pointed out that the names of the developers listed there could not be found on sites like LinkedIn.

Users were also restricted from replying to its announcements on the Telegram group and on Twitter after several raised suspicion of it being a sham.

Meanwhile, on the Squid Game crypto Telegram group, the developer sent a seemingly dubious message that the team had to stop running the project since someone tried to hack it, claiming they are depressed and overwhelmed with stress.

The event shows how a lack of research into such memecoins can prove to be a trap for innocent investors.

For Forkast.News, I’m Danny Park.

And that’s The Daily Forkast from our vantage point right here in Asia.

And unlike the Squid Game token, we promise we’re going to stick around for a long time, hit like, hit subscribe, we always appreciate our new subscribers supporting all of us here on our channel and our goal to reach even more of you.

For more, visit Forkast.News as always. I’m Editor-in-Chief Angie Lau. Until the next time.