Over $100 Million Stolen During the First Week of 2024

The MangoFarm exploit became one of the most discussed events in the crypto space last week due to its potential connection to the infamous Banana Miner Ponzi scheme.

Thief on the mango farm
MangoFarm investors have reportedly lost nearly $1 million in the alleged rug pull.

Web3 cybersecurity team SlowMist has shared its weekly incident report with the X community. The statistics provided by cyber defenders span from December 31 to January 6. Unfortunately, despite the festive season, last week experienced severe exploits with total damages surpassing $100 million.

To be accurate, it is necessary to emphasize that such a staggering figure stems from the attack on Orbit Chain, which took place during the final hours of last year. The heist affecting Orbit Chain resulted in the loss of approximately $81.5 million, making it the largest December cybercrime. The suspected perpetrators behind this exploit are believed to be the Lazarus Group, a notorious hacking group with ties to North Korea.

Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers

The second-largest security incident last week, as reported by SlowMist, involved a series of unauthorized transactions within the cryptocurrency payment system Coinspaid. On January 6, on-chain detective ZachXBT was among the first to highlight a potential security incident, estimating losses at nearly $6.1 million. However, SlowMist suggests the damage was more extensive, reaching almost $7.5 million.

Gamma Strategies, an active liquidity management protocol, incurred slightly smaller losses of $6.18 million in a series of flash loan attacks affecting its Arbitrum contracts. This incident closely followed an exploit on the Radiant protocol, resulting in a reported loss of approximately $4.5 million.

Earlier, CertiK shared details of the incident with its X community, explaining that the exploit involved manipulating the liquidity index and exploiting a rounding issue within the rayDiv() function during deposit() and withdraw() operations.

The project's team provided insights into the hack too, explaining that the exploit led to the protocol accumulating bad debt in the WETH market, amounting to about 1.3% of the total protocol TVL (Total Value Locked). The malicious actor took advantage of vulnerabilities in the protocol's mechanisms, specifically targeting the newly introduced market on the Arbitrum network.

Read also: Private Key Compromises and Exit Scams Are Current Major Web3 Threats

Social media service compromises and other suspicious activities

Last week, the crypto community also witnessed hacks of social media accounts popular in the crypto space. One of them was the X profile of CertiK itself. The cybersecurity firm warned its followers on X about the compromise on January 5.

The X account of Polychain Capital’s CEO, Olaf, and the Discord account of Wabalaba Land, a global IP for free digital collectibles, were also hacked.

Among other notable incidents was the exploit of MangoFarm which led to a loss estimated at $1 million. The X platform has been filled with warnings from numerous blockchain analysts about MangoFarm draining connected wallets after it migrated to Version 2.

While some experts, including the team behind Scam Sniffer, investigated the compromise of MangoFarm’s frontend, comparing the activity to the operations of a notorious Ethereum-focused scam vendor, Angel Drainer, others like crypto influencer Borovik.eth believe it could be a deliberate rug pull.

MangoFarm developer's message
Source: 0x_charlemagne, X

Furthermore, the Solana Floor X account, focused on publishing news related to events on this blockchain, links the MangoFarm developer to the "Banana Miner Ponzi" scheme active between 2016 and 2018. According to the screenshots of the project’s code shared with the community by X influencer Charlemagne, King of the Dead, the scam deployer left an SOS message in the code asking for help, saying, "I am in the Sweatshop forced to deploy coin. My hand is chained to the keyboard. PLEASE HELP ME TO SEE FAMILY."

While such a message may imply that the developer is held captive and forced to conduct the exploit, further scrutiny of the embedded messages made many individuals in the community believe that the cries for help were actually a form of mocking the victims of the exploit.

Banana Miner was a deceptive cryptocurrency project that ultimately revealed itself to be a Ponzi scheme. The operator of Banana Miner, identified as Richard Matthew John O’Neill, also known as “Jo Cook,” initially attracted investors by claiming to establish a crowdfunded business development company.

However, it later became apparent that the project was not legitimate, and O’Neill confessed to investors that Banana Miner had failed. The damage caused by the scam was estimated to be at least $6.5 million worth of Tether and Bitcoin.

In addition to this incident, SlowMist also mentioned reports of issues affecting the wallet service of NFP. However, the cybersecurity experts claim that no financial damage was recorded.

Ongoing threats

In the meantime, SlowMist warns the crypto community against phishing attacks on X, particularly those involving links to the popular event-scheduling application Calendly.

"Upon clicking, the link’s name changes to 'Calendly.,' with an additional dot," which, according to SlowMist, "tricks you into authorizing control of your X account, enabling the scammers to post phishing links through your posts."