QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$150 000 USD
MAY 2023
GLOBAL
LAND OF GENESIS
DESCRIPTION OF EVENTS
"Land of Genesis NFT is the ecological core andeconomic construction foundation of Miracle Farm,with a total of 1500 scarce resources.If you ownland NFT will get the entrance ticket of MiracleFarm ecology."
"Today, $LAND was exploited for 200 NFTs, caused by a lack of permission control on mint"
"The DeFi protocol land was suspected of being attacked and lost about 150,000 US dollars. The reason for the attack was the lack of mint permission control."
"Odaily Planet Daily News According to Beosin EagleEye’s security risk monitoring, early warning and interruption platform monitoring under the block chain security audit company Beosin, on May 14, Beijing time, DeFi Agreementland was suspected of being attacked, with a loss of approximately US$150,000. Beosin Trace traced and found that 149,616 BUSDs have been stolen."
"The reason for the attack was the lack of mint authority control. Specifically, there are several miner addresses at the ( project side mint NFT, including 0x2e59983715d2f92468fa5ae3f9aab4e930e3ac78; )2( attacker call 0x2e59,Use the NFT cast in the previous step to exchange a large amount of XQJ tokens ( for each NFT to 200 XQJ) until the contract cannot be replaced by XQJ; (4) The attacker exchanged 149,616 BUSDs;(5."
"Some of the miner addresses of the project can mint unlimited quantity of NFTs, including this wallet: 0x2e599883715d2f92468fa5ae3f9aab4e930e3ac7"
"The scammer calls 0x2e599883715d2f92468fa5ae3f9aab4e930e3ac7 contract to mint 200 NFTs"
"Then, the scammer calls the 0x2c672a34 function of the 0xeab03ad7ea0ac5afb272b592bef88cf93ed190c5 contract to swap for a large amount of $XQJ using the previous minted NFTs (200 $XQJ per NFT)
The attacker swaps 28,601 $XQJ for 149,616 $BUS"
"The scammer minted NFTs again until the NFT issue limit was reached"
"Most of the stolen funds are still at the attacker's address."
The Land of Genesis NFTs don't appear to have a widely known homepage. There are a maximum of 1,500 of them. An attacker appears to have minted a portion of NFTs that weren't supposed to be minted. Most funds remain in the attacker's wallet.
HOW COULD THIS HAVE BEEN PREVENTED?
SlowMist Hacked - SlowMist Zone (Jun 26)
Contract Address 0x2e599883715d2f92468fa5ae3f9aab4e930e3ac7 | BscScan
(May 15)
安全公司:DeFi协议land疑似遭到攻击,损失约15万美元-快讯-ODAILY (May 15)
@BeosinAlert Twitter (May 15)
Beosin:DeFi 协议 land 疑似遭到攻击,损失约 15 万美元 - Foresight News (May 15)
https://opensea.io/collection/land-11 (May 15)
Binance Transaction Hash (Txhash) Details | BscScan
(May 15)
@DeDotFiSecurity Twitter (May 15)
land Collections | BitKeep NFT (May 15)
land (land) Token Tracker | BscScan
(May 15)
