KEY POINTS
- The alleged NMD rug pull saw investors losing $123,000 to the exit scammers
- Pike Finance saw $1.6 million in ARB, OP and ETH tokens lost to hackers
- A crypto whale lost some $68 million in WBTC to exploiters at the time of the address poisoning scam
The cryptocurrency sector lost over $71 million to security-related incidents in the past week, with a single event targeting a crypto whale accounting for most of the losses, a blockchain security firm said.
Nearly $71.4 million was lost to various types of security hacks in the digital assets industry from April 28 through May 4, SlowMist said Sunday, based on reported exploits and scams throughout the week. There were a total of seven known incidents last week, but the SlowMist team noted that there could have been more unreported incidents.
Among the past week's victims were investors into the Ethereum network project NOVAMIND_ (NMD), which was allegedly a rug pull – a type of exit scam wherein developers sell a token to fund a project then disappear when they've taken investors' funds. The rug pull attack resulted in losses of approximately 41 Ether (ETH) worth around $123,000. The NMD token's price plunged by 97% after news of the rug pull surfaced.
Another significant security incident last week was that of cross-chain lending and borrowing provider Pike Finance wherein it saw total losses of over $1.6 million in Arbitrum (ARB), Optimism (OP) and ETH tokens. "Weak security measures in Pike's contract functions facilitated the exploit," the SlowMist team said.
In the nonfungible token (NFT) realm, a vulnerability in the Ember Sword NFT Auction resulted in the extraction of 60 Wrapped Ether (WETH) from 159 victims. The amount lost was said to be at around $195,000.
However, the biggest incident in the said period was that of an "address poisoning attack" that saw a crypto whale losing 1,155 Wrapped Bitcoin (WBTC) valued at around $70 million based on current prices.
Blockchain security firm Cyvers first alerted the community about the attack. "Are we mistaken or has someone truly lost $68M worth of $WBTC?" Cyvers said of the incident. The company's CEO, Meir Dolev, noted that the said exploit is "probably the highest value lost due to an address-poisoning scam."
Hacks and scams have been proliferating in the crypto industry for years, and experts have said exploiters have been evolving the methods through which they breach supposedly secure networks.
Just recently, crypto sleuth ZachXBT published the tactics used by North Korea-linked Lazarus Group in laundering millions in cryptocurrencies that it stole from multiple exploits in the sector. The notorious hacking group consolidated its stolen digital assets into one address then gradually moved them to embattled cryptocurrency mixer Tornado Cash before they were sent to peer-to-peer marketplaces where the crypto was converted into fiat.