Welcome back to our weekly recap of the crypto space. As the market picks up momentum towards the holiday, each week brings new developments and events. Our roundup covers everything from the SEC's actions to the most recent security breaches and hacks. Stay updated on the latest happenings with Tangem's crypto industry digest. Let's dive in.
SEC postpones decision on spot Ethereum ETF
The U.S. Securities and Exchange Commission (SEC) delayed its decision on several Ethereum exchange-traded funds (ETFs) until May 2024. Among the ETFs affected are the Hashdex Nasdaq Ethereum ETF and the Grayscale Ethereum Futures ETF. The SEC has initiated further proceedings, including seeking public input on whether these ETFs should be listed.
In addition to the mentioned ETFs, the SEC has also postponed decisions on the VanEck spot Ethereum ETF and the spot Ethereum ETF proposed by Cathie Wood's ARK Invest and 21Shares. Analysts anticipate these delays, citing the regulator's historical approach. The SEC has previously approved Ethereum futures ETFs but has not given the green light to a spot or mixed-type product.
Market attention is currently focused on the SEC's approval of 13 spot Bitcoin ETFs, with analysts predicting a 90% likelihood of approval and speculating that a decision may be reached as early as January 10.
The potential approval is a positive signal for institutional access to Bitcoin, which has experienced over 44% growth in the last six months.
NFT Trader exploited, but Apes recovered
In a recent cyberattack on the P2P trading platform NFT Trader — a "scavenger" made away with nonfungible tokens (NFTs) from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) collections — a swift community initiative successfully recovered all the assets within 24 hours.
The hacker demanded a 120 Ether (ETH) ransom (approximately $267,000). Boring Security — a non-profit Web3 security project funded by ApeCoin — led the effort and paid the bounty. Greg Solano — co-founder of Yuga Labs (home of the NFT collections)— covered the cost.
The incident shed light on a vulnerability introduced in a smart contract upgrade 11 days prior, enabling unauthorized transfers of NFTs due to the misuse of a multicall feature.
The attack prompted the community to take action by revoking permissions granted to specific contracts, preventing future thefts. This exploit underscores the ongoing security challenges faced by the NFT space.
Ledger library compromised: what were they thinking?
In a recent DeFi tragedy, a malicious actor exploited a vulnerability in the Ledger hardware wallet's connector library on December 14, putting the entire decentralized application (DApp) ecosystem at risk.
Despite Ledger releasing a patch promptly, the exploit resulted in the theft of over $650,000 from multiple victims. The hacker tricked Web3 users into making malicious token approvals by exploiting a phishing vulnerability that compromised a former Ledger employee's computer.
The attack affected the front end of various DApps, including SushiSwap, Zapper, Phantom, Balancer, and Revoke.cash. Ledger replaced the compromised file with the authentic version approximately three hours after discovering the breach.
Yearn.finance: another month, another exploit
DeFi protocol Yearn.finance faced a $1.4 million loss in a separate incident due to a multi-signature scripting error that drained a significant portion of its treasury. Yearn.finance is currently appealing to arbitrage traders to return the funds, explaining that a faulty multisig script caused the entire treasury balance of 3,794,894 lp-yCRVv2 tokens to be swapped.
The error occurred as Yearn converted its yVault LP-yCurve (lp-yCRVv2), earned from performance fees on vault harvests, into stablecoins on the decentralized exchange CowSwap.
During the trade, Yearn encountered significant slippage, receiving 779,958 DAI yVault (yvDAI) tokens, leading to a 63% drop in the liquidity pool value from its treasury compared to the spot price of lp-yCRVv2 at that time.
Yearn confirmed the $1.4 million loss and clarified that the affected tokens were strictly protocol-owned liquidity in the Yearn treasury without impacting customer funds.
Yearn contributor Dudesahn highlighted the importance of these tokens to Yearn's yCRV liquidity and appealed to successful arbitrage traders who profited from the error to consider returning some of the funds.
This incident follows Yearn's previous vulnerability, where an $11.6 million exploit occurred on April 11, involving a hacker minting and trading one quadrillion Yearn Tether (yUSDT) tokens.
OKX falls victim to private key leak
OKX decentralized exchange (DEX) suffered a significant exploit, resulting in approximately $2.7 million in losses of various cryptocurrencies on December 13, 2023. The incident occurred after a proxy admin owner upgraded the DEX proxy contract to a new implementation contract, allowing a hacker to compromise the private key.
The attacker began stealing tokens after the upgrade, and despite a subsequent upgrade by the proxy admin owner, the exploitation continued. The blockchain security firm SlowMist Zone reported the issue, suggesting that the attack might be linked to the leaked key of the proxy admin owner.
Scopescan — an on-chain analysis firm — confirmed the attack and revealed that an old abandoned contract was targeted but has since been located and stopped. OKX DEX stated that the platform would fully bear any losses incurred by users due to the hack.
The OKX DEX exploit comes amidst other significant security incidents in crypto, including a $100 million exploit on Poloniex and an $80 million loss due to the HECO Chain bridge hack in the fourth quarter of the year.
Tangem set to launch exchange aggregator in the next app update
Tangem has made a giant leap in the self-custodial cold wallet space, offering its users an efficient way of swapping tokens without moving them out of their cold wallet.
This new feature will allow Tangem Wallet users to swap their tokens for others on the same or different blockchains while accessing the best rates in the market.
Tangem Express is an innovative solution that aligns with the growing demand for user-centric tools in hardware wallets. It offers a simple way for users to manage their digital assets securely without moving to centralized exchanges.
Thank you for tuning in to this week's crypto digest. We hope you found the insights and updates valuable. As the market continues to evolve, stay informed and empowered with the latest developments and trends.
If you have any questions or topics you'd like us to cover in future digests, please leave your suggestions on our social media channels. Don't forget to tune in for regular updates. Until next week, stay secure!