Weekly Recap: Attacks and Outages Plague Crypto Week
User Exploits Anchor Protocol Bug, Earns $800,000
Following the release of Terra 2.0 last Saturday, a user took advantage of a bug in the Anchor Protocol, earning approximately $800,000 in the process. The bug appeared when the price of LUNA Classic reached $5. The exploiter took advantage of the situation by depositing 20 million Bonded Luna (bLUNA), which the platform incorrectly valued at $100 million. In reality, the tokens deposited were worth $200,000.
The user loaned 40 million TerraUSD tokens (UST) and subsequently withdrew the UST for $800,000. Other users quickly discovered the bug and attempted to exploit it as well, but it was too late. The team identified it and resolved the problem quickly.
Terra-based Mirror Protocol Halts Exploit after $2 Million Loss
Last week, Terra-based DeFi network Mirror Protocol was compromised yet again. This development comes shortly after the discovery that Mirror had been previously exploited for approximately $90 million in October. According to reports, the new exploiter took advantage of a price oracle error between the old and new Terra tokens.
On Monday, a community member on the Mirror's forum revealed the latest exploit. Following the announcement, a well-known Terra analyst alias “FatMan” (also the discoverer of the initial exploit) further circulated the news.
FatMan estimates that Mirror Protocol has already lost about $2 million due to the new attack. Moreover, FatMan and other users alike have requested a call to action from the developers. After several hours, the developers resolved the Terra price feed issue. The team also disabled collateral withdrawals of mBTC, mETH, mGLXY, and mDOT. Consequently, the remedial measures prevented the attacker from draining more funds.
Solana Experiences Another Network Outage
Solana experienced its most recent disruption on Wednesday as a result of a bug. Solana’s team confirmed the incident and mentioned that the bug was in the blockchain’s offline transaction processes. As a result, the network was down for about four and a half hours. The latest downtime is Solana’s third failure within two months, and its eighth overall.
Solana, designed to be scalable and reliable, has ironically succumbed to high-traffic pressure and other vulnerabilities of late. Last week’s disruption prompted some users to express their growing “lack of faith” in the network, while other users complained about the possibility of losing money should the network never resuscitate again.
Five hours after the downtime, the Solana team finally announced that validator operators had successfully restarted the Mainnet Beta. The team behind the high-performance blockchain further said that the operators and decentralized applications will continue to restore client services.
Japan to Regulate Stablecoins for Investors’ Protection
The upper house of Japan's parliament passed a bill to regulate stablecoins into law on Friday. This is in response to Terra’s crash and the resulting near-death of the UST stablecoin.
According to local reports, the new law intends to reduce the risks associated with stablecoins. The legislation, which is also the first stablecoin regulatory law, aims to protect investors. Moreso, the new law limits the issuance of stablecoins to only licensed banks, registered agents, and trust companies.
Additionally, the authorities will implement a registration system for the circulation of "pegged" digital currencies. Going forward, trading stablecoins in Japan will require traders to register with the Financial Services Agency through a screening process.
Yuga Labs Loses 200 ETH after Another Phishing Attack
Yuga Labs, the maker of the popular Bored Ape Yacht Club (BAYC) and OtherSide, experienced yet another phishing attack on Saturday.
The attack resulted in a total loss of NFTs worth 200 ETH, equivalent to $360,000. Blockchain detective OkHotshot alerted crypto investors to the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. According to the detective's findings, the Discord account of Yuga Labs' community manager, Boris Vagner, was hacked.
After gaining access to the manager's account, the scammers shared various phishing links in the official BAYC and Otherside groups. Many users believed the phishing links, which contained limited-quantity NFT-related giveaways, came from a reliable source. Another individual, NFTherder, also linked the suspicious transactions to four different wallets. This is the second time in less than a month that BAYC has been attacked.
Following the attack, BAYC co-founder Gordon Goner questioned Discord’s role as web3’s most visible social media platform. The founder subsequently clamored for another web3-centric platform that’d put “security first”.
Bitcoin ATM Installations Hit a 4-year low in May
According to Coin ATM Radar data, the global installation of Bitcoin ATMs has declined this year. Only 202 new ATMs were installed last month, the lowest since 2019. The slowdown since January indicates a nearly 90% drop from December. In December, 1,971 new ATMs were installed.
Real-world difficulties may have had a brief impact on the expansion of Bitcoin ATMs. Key factors contributing to the decline include global geopolitical tensions and anti-crypto regulations. There was also the recent crackdown of the UK’s FCA on unlicensed crypto ATMs in the country which led to many ATMs closing down. Of late, Europe has a total of 1,419 ATMs, accounting for 3.8% of all ATM installations worldwide. The United States, on the other hand, currently has 87.9% of the world's 37,826 crypto ATMs.
On a positive note, 817 BTC ATMs have been installed in the first few days of June, indicating a possible surge in the coming months.