The Intelligent Insurer #45 — NFT marketplace exploited as users bear brunt of risk
The Vulcan Forged NFT marketplace was a victim of an attack that saw $100 million worth of PYR tokens stolen on December 13th, 2021. This attack joins the growing list of exploits across DeFi platforms, especially those enabled with custodial functionalities.
In the latest Intelligent Insurer, we highlight the details of the hack as reported by the project team and the impact it has had on the primary token that was stolen, PYR. We also detail how the marketplace is trying to track the hacker while addressing the concerns of its customers. However, we’ll first address the progress we’ve made via our weekly software development update.
Insured Finance software development update
We continued to make rapid progress towards improving our next-generation digital asset insurance platform. We deployed major security updates to our proxy contract pattern and our API to CoinGecko. In addition, we hit the following milestones.
- We received user feedback from our Alpha tests and are in the process of initiating changes based on recommendations.
- We created additional documentation to assist our smart contract auditors.
- We continued testing our token bridge withdrawal mechanism and continue to prioritize rectifying any security issues we encounter.
As our platform continues to improve, we’re prioritizing the simplification of the payout process with ChainLink. We are excited about upcoming updates and fixes we’ve identified. Users can expect a secure and transformational experience as our vision of a sublime digital asset insurance platform continues to evolve and become a reality.
Vulcan Forged hacked for $100 million
In an announcement by the Vulcan Forged team on Twitter, news emerged that 4.5 million PYR tokens were stolen from 148 wallets. The development team promised to replace all the PYR tokens stolen and promised to make efforts to understand how the hack was executed.
Shortly after the announcement, PYR experienced a massive sell-off, and the price dropped by about 30%. As the marketplace reassured users of reimbursement of their stolen tokens, PYR attempted a rebound from the initial low, suggesting that some users may have bought the dip in anticipation of further recovery. This rebound has so far been unsustainable, as prices dropped even further.
As of the time of writing, Vulcan Forged has announced that they have refunded the majority of stolen PYR tokens to the affected wallets. The platform also claimed to be planning on overhauling its wallet setup, cryptically noting that a decentralized solution is in the works. The team hasn’t released any further details of the vulnerability the hacker exploited or how these funds were stolen
On the positive side of things, the Vulcan Forged team identified the blockchain address associated with the hack and has requested connected addresses be blacklisted across associated exchanges. It’s questionable whether these exchanges will comply with the request. What is certain is that KYC-enabled exchanges will be able to verify the identity of the user(s) associated with the blacklisted addresses and notify the Vulcan Forged team.
While the affected users have been compensated, there is another problem looming on the horizon. The attacker has not returned any of the coins stolen which means there is currently an oversupply of PYR in the market. How the Vulcan Forged team will burn supply to rectify the imbalance is unknown. Indeed, it’s safe to say the team hasn’t yet thought of addressing this issue.
Users deserve better digital asset protection
As it stands, the marketplace can only remain hopeful, as the possibility of recovering the stolen funds is no longer within its control. This is the kind of uncomfortable position that many digital assets users find themselves in when confronted with risks like exchange hacks, stablecoin failures, rug pulls, and other risks that exist in the DeFi industry.
To protect against these risks, DeFi users now adopt industry-specific insurance solutions like Insured Finance. Since the evolving DeFi industry remains exposed to various vulnerabilities, insuring one’s digital assets has become the safest way to protect them. For instance, Insured Finance users would have been fully compensated for their losses by now. The DeFi industry meanwhile awaits developments regarding Vulcan Forged and the way forward.
About Insured Finance
Insured Finance is a decentralized, peer-to-peer insurance marketplace. Users can request customized insurance on a wide variety of digital assets, thereby ensuring full protection. Those fulfilling requests can earn premiums and earn a competitive return on their capital. Claims are fully collateralized and settled instantly.