Blockchain security firm SolidProof had audited Kannagi in June.
However, serious flaws in the Pond0x contract resulted in traders losing at least $2.2 million as people discovered that anyone could transfer coins belonging to other people. People quickly began rushing to steal coins from one another.
Pauly0x responded by blaming the traders who bought and sold the tokens, and spent the following day variously posting on Twitter that he was teaching people a lesson, that it wasn't his fault that people lost money, and suggesting that the flaw was part of a bigger plan for the project. "No one stole your tokens lol. The contract is literally designed as such," he wrote to angry traders accusing him of a rug pull. He added to the website a message reading, "GREED KILLS".
withdrawFundsfunction to make off with the project's assets.
DeFiLabs claimed on Twitter that the platform "encountered an unexpected issue" while "undergoing maintenance and updates".
DeFiLabs had been audited by blockchain security firm CertiK.
- "DeFiLabs", Rekt
After prominent Bitcoiner Jameson Lopp tweeted that the issue "look[s] more like a hack", CoinsPaid replied "Our team is aware of the issue... Please wait for the official announcement on this topic." Crypto researcher zachxbt responded, "The issue is you got hacked by North Korea that's what lol", referencing the increasing suspicion that the Lazarus group may be behind the disruption. Sure enough, CoinsPaid later confirmed that they had been hacked for $37.3 million, and announced that they suspected the Lazarus Group was behind it.
Some have been speculating that there are connections between this incident and the $60 million hack of the Alphapo crypto payments processor on July 22. Alphapo also provided services to various online casinos. Indeed, there seem to be connections between Alphapo and CoinsPaid, and they may in fact be operated by the same people.
EraLend paused various functions of their protocol while they investigated the attack, and said they were working with various security research organizations and law enforcement to investigate the theft.
The BlockSec security research firm warned other projects that re-used a portion of code to be cautious if they re-used a portion of code from SyncSwap, because they could also be vulnerable.
HypeDrop disabled withdrawals on their platform, and wrote on Twitter that they were experiencing "ongoing deposit and withdrawal issues" due to "an issue on the cryptocurrency provider's side."
- "Post Mortem — ETH and crvUSD Omnipool Exploits", Conic Finance Medium
Party Parrot team prepares to "vote" to allocate themselves 80% of initial offering funds, around $60 million
If the vote passes, and it likely will given the massive supply of tokens available to the team, the team will have just decided to distribute around $60 million in remaining funds to themselves, leaving $12 million to the token holders.
One commenter on the proposal described the move as "a pure financial crime". Another wrote, "The community has already explained in painstaking detail why we're not interested in this. The pro-rata value is an extreme lowball and fails to account for many of the team's misuses of the treasury without the community's consent. The team also prematurely unlocked the team and VCs' vesting tokens, so they are the majority token holders, making this vote meaningless and a total farce."
Conic Finance announced that they had disabled deposits on the front-end of their project, and were working to patch the vulnerable smart contract. The team also attempted to contact the exploiter via blockchain message, asking if they "would be open to discussing any potential next steps".