The Weekly Rug 3
The Weekly Rug 3
Introduction
Luckily, this was another quiet week in the land of rugs and scams in crypto. Perhaps scammers are waiting to see the aftermath of the merge before they get back to their old ways. As always, if we missed anything or if there was an event you want turned into a RugZombie Grave, let us know!
Nomad Grave
Before we get into the news, let’s go over our newest Grave for the Nomad Bridge exploit (covered by us in this article). The grave currently has a 16x multiplier on its yield and will earn you a Legendary RugZombie NFT (picture shown below). It costs $10 (in BNB) to unlock the grave along with at least 1 zNOMAD token (can be found in the Catacombs).
KyberSwap Frontend Attack
Kyber Network’s decentralized exchange, KyberSwap suffered a frontend attack on September 1st. The team noticed a suspicious element on their frontend and immediately shut it down to investigate. They found malicious code in their Google Tag Manager (GTM) which inserted a fake approval and allowed hackers to transfer all funds from that address.
After responding quickly and shutting down the frontend, the team was able to easily identify and get rid of the malicious code by disabling GTM. In total, $265,000 was stolen from 2 wallets and the team fully resolved the issue in less than two hours, releasing a statement that ensured the full restoration of all lost funds.
In the first edition of The Weekly Rug, we covered two separate attacks on Curve Finance and Celer Network that were very similar to the one on KyberSwap. Unfortunately, frontend attacks are becoming increasingly common, and they are one of the harder attacks to identify as a user. However, teams are aware of these attacks and have been quick to act, so none of these attacks were too major.
ShadowFi Exploit
The privacy token, ShadowFi (SDF), experienced an exploit in their contract which caused their LP to be fully drained. The exploit allowed anyone to burn SDF tokens, which made it so the attacker could burn SDF, sync the price in the pair, and run off with about $300,000 worth of BNB. This $300k was immediately sent to Tornado Cash.
ShadowFi alerted its community of the hack, stating that “all presale proceeds are secured and safe”. However, on the surface, this appears to be the textbook definition of a rug pull and it’s probably best to stay away from this project for the time being.
