Bot

Lifinity USDC pool drained by arbitrage bot

A bug on an Immediate-or-Cancel order led to the drainage of nearly $700,000 from Lifnity’s LFNTY-USDC pool.

Decentralized exchange Lifinity had its LFNTY-USDC pool drained by an arbitrage bot on Dec. 8. According to Lifinity’s Discord channel, an unexpected response to a failed trade caused the $699,090 loss.

A Lifinity’s core member known as Durden explained that a bot attempted an arbitrage trade following the route USDC > xLFNTY > LFNTY > USDC, trying to profit from price discrepancies between different trading pairs.

The bot initiated an immediate-or-cancel market order on Serum v3, a type of order that must be executed immediately at the current market price if filled. Orders that cannot be filled immediately are canceled.

CoinMarketCap-led token airdrops ‘infected by fraud,’ crypto project claims

A crypto project claims a promotional token airdrop campaign led by CoinMarketCap was riddled with “fraud” that left its token price crumbling.

Two crypto projects have cried foul play over promotional airdrops conducted by CoinMarketCap (CMC) on their behalf, which they allege was “gamed” for the benefit of a small group of exploiters.

These promotional airdrops — designed to be distributed to thousands of wallets to raise awareness of a crypto project — ended with the tokens funneling to just a handful of wallets, suggesting potential manipulation of the system.

SATT token drop

Blockchain advertising solution SaTT alleged to Cointelegraph that a promotional airdrop it paid CMC to conduct in Dec. 2022 ended with 84% of the airdropped tokens funneling to just 21 wallets.

The promotion was meant to see 25,000 winning wallets receive 4,000 SATT each, worth $6.30 at the time per CoinGecko data.

However, SaTT claimed that shortly after the airdrop was distributed, 20,953 wallets “automatically transferred the tokens to 21 wallet addresses” which then sold off their token holdings days later around Dec. 10, netting around $142,000 for those 21 wallet owners.

The sell-off plunged the price of SATT by 70% between the end of the airdrop on Dec. 1 to when the wallets sold their tokens on Dec. 10.

*SaTT claims wallet* *0x929…* *(pictured) has over 4,500 transactions of its token, the largest it found out of the 21. Blockchain data shows the wallet sold over 4.3 million tokens through PancakeSwap.* *BscScan*

TokenBot token drop

A similar experience was shared by TokenBot co-founder Shaun Newsum, who told Cointelegraph that it did a similar CMC-led airdrop of its TKB token on Dec. 9.

Newsum said CMC provided its 30,000 airdrop winners but he chose to “stagger” the airdrop “just in case something happens.”

TokenBot sent out its tokens to a batch of 4,000 winners to start, but around 3,300 ended up sending the funds to one wallet, said Newsum.

*Blockchain data shows thousands of TKB transactions flowing to wallet* *0x5AF…* *before initiating a cross-chain swap and then selling its holdings.* *BscScan*.

Newsum said around $20,000 was lost by TokenBot in the incident and the project had to deploy more liquidity from its treasury.

“Obviously some person figured out how to game CMC,” he added. “If we were to have bulk sent, the whole airdrop would’ve been a complete disaster.”

Newsum however said he has since received an apology from CMC and was told that it was investigating the airdrop and would return with an updated winners list for the project.

In its investigation, SaTT claims to have found another 18 tokens or nonfungible tokens (NFTs) airdrops conducted by CMC since Jul. 2022 that were also allegedly “infected by fraud” to the tune of $6.6 million.

This included airdrops for projects including TopGoal, OwlDAO and AgeofGods.

SaTT theorized two possibilities of how the “fraud” occurred:

“Either a group of hackers injected tons of fake accounts [into the airdrop on CMC’s website] […] or it was actually an inside job.”

CoinMarketCap responds

Speaking to Cointelegraph, a CMC spokesperson addressed some of these claims, arguing that at least four of the projects identified by SaTT have yet to distribute rewards, meaning it would be “impossible” for them to have faced “malicious” activity.

It also noted that while three projects, including SaTT, AgeOfGods and TokenBot have spoken to the CMC team about their concerns, it has not received any communications from other projects about the alleged issues.

The spokesperson however acknowledged that “bots are an issue that touches nearly every industry.”

“The industry has been facing this issue among airdrop programs for some time and the reality is that not a single industry has been able to solve the bot issue entirely.”

“We are continuously working to improve our systems and services to limit this issue and will work closely with these projects to find solutions and help resolve any current issues,” the spokesperson added.

CMC added that any claims of bot participation in its airdrops are taken “very seriously” and itis “working on resolving each case individually.”

It also shared several features it has employed to deter bot participation, such as a CAPTCHA challenge and email verification requirements for participants. It’s also developing a two-factor authentication integration.

Cointelegraph contacted TopGoal and OwlDAO for comment but did not receive a response at the time of publicati. AgeofGods could not be reached for comment.

‘Infected by fraud’ — Projects claim CoinMarketCap airdrops were gamed

A crypto project claims a promotional token airdrop campaign led by CoinMarketCap was riddled with “fraud” that left its token price crumbling.

Two crypto projects have cried foul play over promotional airdrops conducted by CoinMarketCap (CMC) on their behalf, which they allege was “gamed” for the benefit of a small group of exploiters.

These promotional airdrops — designed to be distributed to thousands of wallets to raise awareness of a crypto project — ended with the tokens making their way to just a handful of wallets, suggesting potential manipulation of the system.

SATT token drop

Blockchain advertising solution SaTT told Cointelegraph that a promotional airdrop it paid CMC to conduct in December 2022 ended with 84% of the airdropped tokens going to just 21 wallets.

The promotion was supposed to see 25,000 winning wallets receive 4,000 SATT each, worth $6.30 at the time according to CoinGecko data.

However, SaTT claimed that shortly after the airdrop distribution, 20,953 wallets “automatically transferred the tokens to 21 wallet addresses,” which sold off their token holdings days later, netting around $142,000 for those 21 wallet owners.

The sell-off plunged the price of SATT 70% between the end of the airdrop on Dec. 1, to when the wallets sold their tokens on Dec. 10.

TokenBot token drop

TokenBot co-founder Shaun Newsum told Cointelegraph of a similar experience when the company did a CMC-led airdrop of its TKB token on Dec. 9.

Newsum said CMC provided its 30,000 airdrop winners but he chose to “stagger” the airdrop “just in case something happens.”

TokenBot sent out its tokens to a batch of 4,000 winners to start, but around 3,300 ended up sending the funds to one wallet, said Newsum.

Newsum said around $20,000 was lost by TokenBot in the incident, with the project having to deploy more liquidity from its treasury.

“Obviously some person figured out how to game CMC,” he added. “If we were to have bulk sent, the whole airdrop would’ve been a complete disaster.”

Newsum said he has since received an apology from CMC who said it was investigating the airdrop and would return with an updated winners list for the project.

In its investigation, SaTT claims to have found another 18 tokens or nonfungible token (NFT) airdrops conducted by CMC since July 2022 that were also allegedly “infected by fraud” to the tune of $6.6 million.

This included airdrops for projects including TopGoal, OwlDAO and AgeOfGods.

SaTT theorized two possibilities of how the “fraud” occurred:

“Either a group of hackers injected tons of fake accounts [into the airdrop on CMC’s website] […] or it was actually an inside job.”

CoinMarketCap responds

The spokesperson also noted that while three projects, including SaTT, AgeOfGods and TokenBot have spoken to the CMC team about their concerns, it has not received any communications from other projects about the alleged issues.

However, the spokesperson acknowledged that “bots are an issue that touches nearly every industry.”

“The industry has been facing this issue among airdrop programs for some time and the reality is that not a single industry has been able to solve the bot issue entirely.”

They added that any claims of bot participation in its airdrops are taken “very seriously” and it is “working on resolving each case individually.”

They also shared several features employed by CMC to deter bot participation, such as a CAPTCHA challenge and email verification requirements for participants. The company is also developing a two-factor authentication integration.

Cointelegraph contacted TopGoal and OwlDAO for comment but did not receive a response by the time of publication. AgeOfGods could not be reached for comment.

3Commas issues security alert as FTX deletes API keys following hack

3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX.

Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.

3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo identified that hackers used new 3Commas accounts to perform the DMG trades adding that, “The API keys were not taken from 3Commas but from outside of the 3Commas platform.”

A subsequent investigation found fraudulent websites posing as 3Commas were being used to phish API keys as users linked their FTX accounts. The FTX API keys were then used to perform the unauthorized DMG trades.

3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding:

“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”

Both FTX and 3Commas identified suspicious accounts based on user activity and suspended the API keys to avoid further losses.

*A set of guidelines shared by 3Commas for user’s safety. Source: 3Commas*

FTX users that have connected their accounts with 3Commas and receive a message regarding their API being “invalid” or “requires updating” must create new API keys. In such cases, 3Commas suggested that:

“It is possible your API details were compromised and the API key has been deleted by FTX.”

Users have the option to create a new API key on FTX and link it to their 3Commas account to ensure no disruption to active trades.

3Commas are currently working with the victims to provide assistance and gather more information about the hackers.

FTX recently partnered with Visa to roll out debit cards in 40 countries worldwide. The partnership allows FTX users to pay for goods and services using debit cards that boast “zero fees” and no yearly charges.

The market reacted to the development as the FTX token spiked 7%, momentarily reaching a trading price of $25.62.

MEVbots backdoor drains users’ Ethereum funds via arbitrage trading bot

An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users’ wallets.

MEV gain, an Ethereum arbitrage trading bot built by MEVbots, which claims to provide stress-free passive income, has been actively draining its users’ funds via a fund-stealing backdoor.

Arbitrage bots are programs that automate trading for profits based on historical market information. An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether (ETH) from its users’ wallets.

Our analysis confirms what the @mevbots promotes for the so-called "MEV gain" has a fund-stealing backdoor. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4

— PeckShield Inc. (@peckshield) September 23, 2022

The scam was first pointed out by Crypto Twitter’s monkwithchaos and later confirmed by blockchain investigator Peckshield.

*Suspect account @chemzyeth promoting MEV services. Source: Google cache*

Following the revelation, primary promoter of MEV chemzyeth disappeared from the internet.

*chemzyeth’s Twitter account deleted after community callout. Source: Twitter*

Peckshield further confirmed that at least six users had fallen victim to the backdoor attack.

*Transaction of stolen funds from MEV gain’s fund-stealing backdoor. Source: Peckshield*

However, considering that the contract is still active, at least 13,000 unwary followers of MEVbots on Twitter remain at risk of losing their funds.

Carrying forward the success of scalability-focused layer-2 solutions, Ethereum co-founder Vitalik Buterin shared his vision for layer-3 protocols. He stated:

“A three-layer scaling architecture that consists of stacking the same scaling scheme on top of itself generally does not work well. Rollups on top of rollups, where the two layers of rollups use the same technology, certainly do not.”

One of the use cases for layer-3 protocols, according to Buterin, is “customized functionality” — aimed at privacy-based applications which would utilize zk proofs to submit privacy-preserving transactions to layer 2.