Terraport Finance launched on March 31, apparently having gone live without any sort of audit. On April 10, Terraport disclosed that an attacker had apparently managed to drain all project liquidity pools, making off with assets priced at around $2 million.
Today, Sifu himself was the victim of a theft as a bug in the SushiSwap decentralized exchange allowed a hacker to make off with around 1,800 ETH (more than $3.3 million) belonging to him. According to SushiSwap leader Jared Grey, around 300 ETH (~$557,000) of Sifu's funds were subsequently recovered.
Analysts have found that almost 200 addresses on the Ethereum network have approved the vulnerable contract, and around 2,000 addresses approved the vulnerable contract on Arbitrum, Polygon, and other chains. It's not yet clear how much was stolen in total. SushiSwap leader Grey urged users via Twitter to revoke approval for the vulnerable smart contract.
Bitcoin mining firm sues business partner after they allegedly lose $500,000 in Bitcoin to fraudster
The lawsuit also alleges that Gryphon has " dutifully collected its exorbitant Management Fee while shirking its duties under the MSA and delivering abhorrent management services" and "skimm[ed] off the top (i.e., st[ole]) from Sphere's assets".
Canada has become more strict on cryptocurrency exchanges in recent months, particularly following the collapse of FTX.
The Bored Ape would likely fetch somewhere around $125,000 if resold. The other three NFTs would likely resell for somewhere around $8,700. Together with around $3,400 in stolen tokens, Bryant's total loss is around $139,000.
After some observers spotted the suspicious-looking transactions, Bryant confirmed on Twitter: "Yes my ape was stolen and I don't know how this is crazy".
.transfer()— a common function used with Ethereum projects that is not supported by zkSync.
The zkSync project evidently came to the rescue of Gemholic, announcing that they would change the protocol in a new release to add support for Solidity functions such as
.transfer(), which will ultimately free Gemoholic's locked funds.
Binance will continue to operate its spot exchange product in Australia, but customers will no longer be able to trade derivatives on the platform after April 21.
A trader apparently trying to bid $100 for one of the NFTs seems to have mistakenly entered 100 ETH, or around $190,000. The trade was of course quickly accepted by a seller who made a tidy 1666x the typical floor price.
Some have speculated the massive offer was money laundering, but the fact that the bid was an open offer that could be accepted by anyone seems to make that theory less likely.
- "NFT trader accidentally bids 100 eth on a freely minted NFT", r/CryptoCurrency
- Transaction on Etherscan
The attacker apparently took advantage of a re-entrancy vulnerability to execute the theft, then swapped the tokens and bridged them to the Ethereum main chain.
Sentiment tweeted that they were aware of the attack and investigating what had happened. They also stated that they were working with law enforcement. Later that evening, they sent a message to the hacker, offering to let them keep 10% of the stolen funds as a bounty if they returned the rest. Sentiment was audited by two crypto security firms.
On April 6, Sentiment announced that the exploiter had returned 90% of the funds, keeping $95,000 and receiving a promise from the organization that they would not try to prosecute the theft.