Safeheron Weekly Dispatch | JUL 15 '22


Security Incidents

Phishing Attack on Uniswap V3 Resulting 4,295 ETH Loss

This was a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions. The protocol has no problem.

Multichain NFT Protocol Citizen Finance Was Attacked

CifiMigration and FamosoStaking contracts and its wallet address are compromised with 57k MATIC, 244 BNB and 7k USDC stolen.

NFT Artist DeeKay’s Twitter Hacked, Over $150K in NFTs Stolen

The hacker published a link to a phishing website instructing users to approve a malicious transaction under the pretense of claiming an exclusive NFT drop from the artist.

Staking Platform Freeway Token FWT Under Price Volatility

This volatility was caused when our blockchain bridge service provider, Coffe was compromised. A large number of FWT tokens were removed from Coffe’s bridging wallet and were subsequently sold. These tokens were meant to be used for bridging between blockchains only and should not be part of the circulating supply.

Hacker Drains $1.4M worth of ETH From NFT Lender Omni

Omni was drained of about 1,300 ETH ($1.43 million) in a flash loan reentrancy attack. This action triggered a malicious callback function to the benefit of the attacker. This function allowed the hacker to use the borrowed funds to buy even more Doodles before liquidating the loan position.

Industry Updates


Safeheron Android V1.0.2 Launched

A brand new redesigned Safeheron App Android V1.0.2 officially launched. Download and start enjoying institutional-grade security within 10 mins, and have multiple people co-manage the business with 100% control of your assets, efficient and secure transaction. More in Welcome to The New Safeheron.

Gnosis Safe

Gnosis Safe Raised $100 Million

Gnosis Safe rebranded itself as Safe. Safe's aim is to provide custody for Web3 applications through its platform, which offers management of digital assets, data and identity for retail and institutional investors.


ING Bank Spins Off Its Crypto Custody Platform to GMEX Group

Netherlands-based ING Bank has spun off Pyctor, its cryptocurrency custody and post-trade infrastructure platform, to GMEX Group. Pyctor was incubated in ING Neo’s Amsterdam innovation lab. It combines hardware-based security favored by banks with software-based "sharding" of keys used to move digital assets.

Go+ Security integrates zkSync ecosystem into the security service

Go+ Security is to integrate with zkSync to provide multiple security services to the zkSync ecosystem, including token security API, malicious address API, NFT security API, etc.


  • Web3 Startup zbyte raises $10M to build decentralized applications (dApps) stores.

  • Decentralized social protocol Farcaster raises $30M funds led by a16z.

  • KPMG to audit the new pound-backed stablecoin GBP which is launched by Blackfridge.

  • Blockchain sports gaming platform Scorefam secured $25 million.

  • Crypto banking and payment company Zamp raises $25M.

Market Regulation

North America

  • Securities regulators in Texas and Alabama are expanding their investigations into Voyager Digital Ltd. and Celsius Network Ltd.

  • The U.S. Patent and Trademark Office and U.S. Copyright Office are launching a joint study on nonfungible tokens.

  • US Treasury opens door for public comments on Biden’s crypto order.

  • California regulator is investigating firms that offer crypto interest accounts.


  • Russia's draft legislation on regulating cryptocurrencies would be submitted in the autumn.

  • Putin signs law prohibiting payments with digital assets in Russia.

  • FSB issues statement on the international regulation and supervision of crypto-asset activities.

  • The ECB is inviting technology experts to take part in technical talks to explore CBDC design options.

  • European Central Bank sets key objectives of the digital euro, including privacy protection.

  • International Organization of Securities Commissions publishes crypto roadmap for 2023.

  • BIS CPMI and the International Organization of Securities Commissions (IOSCO) publish their guidanc「Application of the Principles for Financial Market Infrastructures to stablecoin arrangements」。

  • UK fund managers push for regulatory approval for tokenization of funds.

  • UK Treasury Committee opens door for public comments on potential risks and opportunities associated with the use of crypto-assets.

  • UK court allows serving legal documents via NFTs.

  • The US and UK will deepen ties on crypto-asset regulation and market developments – including in relation to stablecoins and the exploration of central bank digital currencies.


  • Hong Kong is to introduce licensing for crypto platforms through AML Law.

  • Bank Indonesia Governor says country is actively exploring crypto assets.

  • Kazakhstan President signed law a bill amending the country’s Tax Code to impose higher tax rates on crypto miners.

  • Central Bank of Korea (BOK) is ready to test its central bank digital currenc (CBDC) with commercial banks.


  • South African Reserve Bank will regulate crypto as financial assets to make it ‘mainstream’.

  • The Central African Republic (CAR) will launch the Sango Platform on July 25 and a bitcoin sidechain.

Industry Briefing

Still, the crypto market is very volatile while at the same time, regulations and laws are advancing that multiple countires/regions are releasing crypto proposals, opening doors for public comments, collaboration with related organizations and others. The market is continually growing, business expansion, new fundraising and all other development are sings for positiveness.

In the second quarter of 2022, 48 major attacks were monitored in the Web3 space, with total losses of approximately $718.34 million according to Beosin & Footprint Analytics. The greatest loss this quarter was on Ethereum, $381.35 million, 53% of the loss. This week witnessed a sequence of security incidents, and from which we can see that the connection between projects can influence each other. So, building on secure connections, own platforms, etc. cannot be ignored.

Last updated