Weekly News Highlights | Nomad Cross-Chain Bridge Stolen Over $190 Million; Large-Scale Theft of Solana Wallets Affects Over 7,000 Addresses

Organizer: Runsheng, Chain Catcher

Important News

1. Binance Compliance Team: Has Spent Billions on KYC and Anti-Money Laundering Policies to Prevent Criminal Activities

On August 1, the Binance compliance team’s three main members publicly shared how they are addressing criminals laundering money through the exchange, financing terrorism, and dealing with negative news. They stated that Binance has spent billions on KYC and anti-money laundering (AML) policies to prevent criminal activities.

It is reported that Binance's compliance team is now led by former investigators Tigran Gambaryan and Matthew Price from the U.S. IRS Cyber Crime Department, who played roles in taking down the notorious dark web markets AlphaBay, Silk Road, and Hydra. Additionally, they have hired former HSBC sanctions expert Chagri Poyraz as their new global sanctions compliance officer. Since 2017, Binance has facilitated $780 million in payments related to the Russian dark web market Hydra. After Binance strictly enforced KYC policies, it lost 90% of its users and billions in revenue. (CoinDesk)

2. Voyager Approved to Return $270 Million in Cash Deposits to Customers
On August 5, cryptocurrency lending service provider Voyager Digital announced that it has received approval from a U.S. bankruptcy court to return $270 million in customer cash. Reuters cited the Wall Street Journal, stating that Judge Michael Wiles, overseeing the Voyager bankruptcy case, ruled that the company provided "sufficient grounds" to support its argument that customers should be allowed access to the Metropolitan Commercial Bank custodial accounts. (Reuters)

3. Harmony Updates on Theft Investigation: Phishing Attack, Approximately 64,000 Wallets Affected

On August 6, Harmony released details about the theft of nearly $100 million from its cross-chain bridge, stating that it was a coordinated attack and phishing attack targeting its internal infrastructure, affecting approximately 64,000 wallets. So far, there is no evidence that the cross-chain bridge smart contracts or blockchain protocols were compromised.

Specifically, decrypting the cross-chain bridge keys requires multiple operations to be performed on a set of secure servers to instantaneously generate keys on servers with privileged access (authorized roles). Harmony believes the attackers 1) used phishing schemes to trick at least one software developer into installing malware on their laptop, 2) allowed the attackers to read chat threads to understand how to operate the cross-chain bridge, and/or gain access to non-public cross-chain bridge infrastructure code, and 3) obtained backdoor access to one or more servers to execute the hack. The perpetrators successfully accomplished all three. (Source Link)

4. Nomad Bridge Hacked, 41 Addresses Profit Approximately $152 Million

On August 2, DeFi auditor @0xfoobar tweeted this morning that the cross-chain interoperability protocol Nomad Bridge is being hacked, with WETH and WBTC being transferred out at a rate of millions of dollars at a time. PeckShield monitoring shows that approximately 41 addresses profited around $152 million (80%), including about 7 MEV bots (around $7.1 million), Rari Capital hackers (around $3.4 million), and 6 white hat hackers (around $8.2 million), with about 10% of ENS domain addresses profiting $6.1 million.

The Nomad team stated that an investigation is ongoing and has contacted blockchain intelligence and forensics companies to preserve evidence, while "law enforcement has been notified and is working around the clock to resolve this situation and provide timely updates, with the goal of identifying the accounts involved and tracking and recovering funds." (Source Link)

5. Binance to Launch Soulbound Token BAB as KYC Credential

On August 2, Binance announced it will launch the soulbound token Binance Account Bound (BAB), which users who have completed KYC can mint directly in their accounts or choose to store in other wallets. Currently, BAB will serve as a KYC credential, and in the future, Binance is expected to create more soulbound tokens for applications in security and other areas. (Tech in Asia)

6. Binance Releases BUSD Reserve Details, Including 60.5% U.S. Treasury Bills and 4.21% Cash

On August 2, Binance exchange and trust company Paxos released an unaudited report on BUSD reserves, stating that as of June 30, BUSD had $738 million in cash backing, accounting for 4.21% of total reserves, and $10.6 billion in U.S. Treasury bills with maturities within 90 days, accounting for 60.5% of total reserves, while repurchase agreements accounted for over 35% of reserves.

The report shows that the 17.4 billion BUSD tokens in circulation are also supported by an additional $6.2 billion in overnight maturing collateralized reverse repurchase agreements from the U.S. Treasury. Additionally, the report disclosed the cash custodians, most of which are insured by the Federal Deposit Insurance Corporation (FDIC).

It is reported that BUSD is issued by Paxos, both of which are regulated by the New York Department of Financial Services (NYDFS). Binance stated that Paxos keeps customer assets in accounts that are separate from company funds, and if the company goes bankrupt, NYDFS will return the assets to users. (Forkast)

7. Web3 Insurance Protocol InsurAce Completes Approximately $12 Million in Insurance Payouts for UST Depegging Policyholders

On August 2, according to Cointelegraph, approximately 155 investors purchased policies from InsurAce for UST depegging. After the UST depegging incident, InsurAce processed claims according to the insurance contract, completing the payout process and paying out approximately $12 million to policyholders, with 98% of claims approved. This is also the largest payout case in the Web3 insurance field to date, highlighting the significant value of insurance as a risk management tool. (Cointelegraph)

8. Large-Scale Theft of Solana Wallets, Suspected to be Supply Chain Related
On August 3, it was reported that Solana ecosystem wallets have been subjected to large-scale thefts, with many users reporting that their funds were depleted without their knowledge. Solana Status posted on social media stating that a vulnerability allowed malicious actors to steal funds from multiple Solana wallets. As of 5 AM UTC (1 PM Beijing time), approximately 7,767 wallets were affected. The vulnerability impacted multiple wallets, including Slope and Phantom, with both mobile wallets and plugin wallets seemingly affected. Shortly after, Solana Status released a survey form for affected users on Twitter to confirm the root cause.

Solana Labs co-founder @aeyakovenko, Avalanche professor Emin Gün Sirer, and Slow Mist Security speculated that this attack may be related to the supply chain. However, as of the time of publication, the true cause of the attack has not been determined by any party. (Source Link)

9. DeFiLlama Defaults to Disable "Double Counting," Total DeFi Locked Value Drops Over $20 Billion

On August 6, DeFi data provider DeFiLlama stated that in light of recent news regarding Saber, it has set the default for "double counting" to off, eliminating duplicate calculations between protocols.

Currently, the total DeFi locked value displayed by DeFiLlama is $69.5 billion, with the total locked value of protocols like Lido, Convex Finance, and Instadapp no longer counted in the total. If the "double counting" option is selected, the total locked value is $90.6 billion, meaning DeFiLlama's move indirectly reduced the default displayed total DeFi locked value by over $20 billion. (Source Link)

10. Taiyi Group Announces Acquisition of Huobi Group's Social Product Huoxin, Plans to Build a Social Platform for Digital Collectibles and the Metaverse
On August 4, Taiyi Group announced the completion of its acquisition of Huobi Group's social product Huoxin and plans to develop Huoxin into the world's first social platform focused on digital collectibles and the metaverse, further promoting the construction of China's metaverse infrastructure.

Huoxin is an instant messaging social platform launched by Huobi Group in 2018, vertical to the blockchain field, with over 7 million registered users as of July 2022. It is reported that Huoxin will soon complete product function optimization and upgrades, build a digital collectibles and metaverse community, and will also provide users with metaverse digital identities, metaverse asset management, digital collectibles rankings and information, as well as a UGC publishing platform, providing social application scenarios for digital collectibles and access to the metaverse.

Taiyi Group is a comprehensive technology group focused on blockchain technology research and development and the implementation of the metaverse industry, and is the official partner of Unreal Engine in China. In the field of digital collectibles, Taiyi Shuyi is a well-known comprehensive service platform for digital collectibles in China. (Source Link)

11. Slope Wallet: Deleted Server-Side Log Records After Discovering Vulnerability, 1,444 Wallets May Be Traced to This Vulnerability
On August 4, Slope Wallet tweeted that based on a report from Solana auditing firm OtterSec about Slope's mobile wallet mistakenly sending user mnemonic phrases to Sentry servers via TLS, resulting in the theft of user assets, Slope has deleted server-side log records after discovering this vulnerability and stated that approximately 15% of the 9,223 affected wallets (1,444) had their assets stolen, possibly due to this vulnerability. (Source Link)

12. Starbucks Plans to Launch Web3 Loyalty Program in September, Including Coffee-Themed NFTs
On August 4, Starbucks founder Howard Schultz announced plans to launch a Web3-based loyalty program in September, which will include coffee-themed NFTs. Howard Schultz stated that the Web3-based loyalty program can be seen as a way to attract younger consumers to spend on the brand, building on the current rewards model and combining the digital Starbucks rewards ecosystem with digital collectibles of the Starbucks brand.

Previously, it was reported that Starbucks had stated in April this year that it would "enter the NFT business" by the end of 2022. (Techcrunch)

13. Sources: A Developer Faked 11 False Identities, Suspected Over 70% of Solana TVL is Fabricated

On August 5, according to CoinDesk citing informed sources, Saber chief architect Ian Macalinao has 11 false identities, including Surya Khosla, a developer of the Solana ecosystem DeFi yield aggregator protocol Sunny, 0xGhostchain, the founder of the Solana algorithmic stablecoin project Cashio, and Goki Rajesh, the founder of the multi-signature wallet Goki. Thanks to the TVL algorithm written by Ian Macalinao, billions of dollars in funds have been repeatedly calculated within Solana's DeFi ecosystem (at least including Sunny and Saber). Ian Macalinao previously stated that he believed the explosive growth of TVL triggered a surge in SOL prices.
Currently, Ian Macalinao and Dylan, also a Saber developer, announced at the end of June that they renamed their created crypto fund Ship Capital to Protagonist. According to the official website and regulatory documents, the fund has raised at least $33 million and has shifted to participate in the development of the Aptos ecosystem.

It is reported that the projects the fund has currently invested in include Aptos, programmable NFT startup Cardinal, neobank Cogni, and decentralized finance platform Delta One. (Source Link)

Important Financing/Venture Capital News

1. Singapore Venture Capital Insignia Ventures Partners Completes $516 Million Fundraising, Focusing on Web3 Industry

On August 1, according to Nikkei Asia, Singapore-based venture capital firm Insignia Ventures Partners announced that it has completed $516 million in fundraising, focusing on the Web3 industry while concentrating on the Southeast Asian market.

Insignia Ventures Partners founding managing partner Yinglan Tan stated that they will make more aggressive investments in "sunrise industries over the next 10 years." (Source Link)

2. Metaverse Digital Content Producer Terapin Studios Completes $93 Million Financing, Affirma Capital and Others Participate

On August 1, U.S. metaverse digital content producer Terapin Studios completed $93 million in financing, with Affirma Capital and South Korean private equity firm NPX Private Equity participating. Among them, Affirma Capital invested $38 million in Terapin Studios. Additionally, Terapin Studios acquired Toomics, one of South Korea's top five webtoon platforms, after this round of financing. After the acquisition, Toomics is expected to become a key part of Terapin's digital content value chain.

It is reported that Terapin Studios is a company based on South Korea's new media webtoon IP, engaged in global businesses such as games, TV dramas, and animations. Terapin Studios plans to produce content for next-generation products to create immersive experiences in the form of games, metaverse, and NFTs. Terapin's subsidiary Copin is a South Korean webtoon production studio that internalizes the development of original IP in the form of web novels and webtoons. (Asia Tech Daily)

3. Chiliz Purchases Nearly 25% Stake in Barcelona's Digital Content Creation Center Barca Studios for Approximately $100 Million

On August 1, fan token platform Socios.com announced a strategic and technical partnership with FC Barcelona, supporting the club in blockchain, NFT, digital assets, and Web3 strategies. Additionally, Socios.com developer, sports and entertainment blockchain solution provider Chiliz, will invest $100 million in Barca Studios, Barcelona's digital content creation and distribution center, acquiring a 24.5% stake. It is reported that FC Barcelona launched its fan token BAR on Socios.com in February 2020. (Source Link)

4. Intellectual Property Platform Builder MarqVision Completes $20 Million Series A Financing, Y Combinator and Others Participate
On August 3, AI-driven intellectual property (IP) protection platform builder MarqVision announced yesterday that it has raised $20 million in Series A financing, led by DST Global Partners and Atinum Investment, with participation from SoftBank Ventures, Bass Investment, and Y Combinator.

MarqVision was founded in 2020 by graduates of Harvard Law School and MIT, initially incubated at Y Combinator. The company has developed AI and machine learning technologies that can remove counterfeit products from over 1,500 global online marketplaces, covering e-commerce, social media, and NFT platforms.

It is reported that MarqVision will use this funding in the coming months to expand its services to cover all aspects of IP creation, management, protection, and monetization through a new IP operating system. Part of the funds will also be used to open a new business in Paris, where many of the company's clients are European luxury brands. Previously, in September 2021, MarqVision raised $5 million in seed funding. (nftgators)

5. Crypto Venture Capital Firm Lattice Capital Raises $60 Million for Its Second Fund

On August 5, crypto venture capital firm Lattice Capital announced today that it has raised $60 million for its second crypto fund, which will support the most promising early-stage Web3 startups. It is reported that the Lattice Capital II fund is three times the size of last year's first fund, and a regulatory document disclosed the existence of this fund in February this year.
Lattice general partner Mike Zajko stated that Lattice will issue checks ranging from $500,000 to $1.5 million from this fund and plans to invest in 40 to 50 companies, having already deployed into 9 companies. The only publicly disclosed deal, NFT smart certification company Optic, announced the completion of $11 million in seed funding in July this year. (CoinDesk)

6. Web3 Social Gaming Platform INK Games Completes $18.75 Million Financing

On August 6, according to Venturebeat, Web3 social gaming platform INK Games announced the completion of $18.75 million in its latest financing, but did not disclose the investor information. INK Games plans to use this funding to build its platform and accelerate mobile game development.

INK is building a Web3 social gaming platform that allows users to profit from their social influence and audience engagement while also earning rewards through playing games and referring others. The company previously raised $9.5 million in September last year, bringing its total funding to $28.25 million. (Source Link)

7. Web3 Startup Halliday Completes $6 Million Seed Round Financing, Led by a16z
On August 5, Web3 startup Halliday completed a $6 million seed round financing, led by Andreessen Horowitz (a16z), with participation from Hashed, A.Capital, SV Angel, and others.

It is reported that Halliday was launched in November 2021 and offers gamers the option of "play now, pay later," aiming to make in-game NFT purchases more affordable and convenient. (Decrypt)

8. BitValue Capital Launches $100 Million Web3 Growth Fund, Investing in GameFi, SocialFi, and Other Directions
On August 3, according to Yahoo Finance, global investment firm BitValue Capital announced the launch of a $100 million Web3 growth fund to encourage innovative blockchain projects, focusing on investment opportunities in game studios, the metaverse, GameFi, NFTs, SocialFi, DAOs, and DeFi.

It is reported that BitValue Capital is a VC with a quantitative trading background, headquartered in Toronto, Canada, primarily investing in primary markets and incubating projects, providing one-stop services from coding to launching trading platforms. (Source Link)