Safeheron Weekly Dispatch | JUL 22 '22


Security Incidents

Impermax Finance 9M IMX Was Stolen

A hacker was able to steal the private key of a few of the Impermax team’s wallets which led to the 9M loss of IMX. Under Phishing Attacks With Malicious JS Files

The hackers implement phishing attacks by implanting malicious JS files on the website, deceiving users to sign transactions of setApprovalForAll(address,bool), thereby stealing users' NFTs and other assets.

Tableland's Discord Members' Permissions Were Hacked

The team members joined the external Discord server. In the onboarding process, they clicked a verification step from a bot named "Dyno". When the members went through the verification step, they clicked a bookmark button with malicious javascript and then were prompted to interact with the bookmark, triggering that script to run. The attacker posted a message to the announcements channel with a link to a fake website claiming some new assets could be minted by community members. Any individuals who clicked on the link and followed through with the wallet instructions granted the attackers access to any NFTs held in their account.

Twitter Data Breach Exposes Contact Details for 5.4M Accounts

A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. The data – which ties Twitter handles to phone numbers and email addresses – has been offered for sale on a hacking forum, for $30,000.

Industry Updates


Safeheron Attend Web3 Disruptors Week Roundtable

Safeheron CTO will attend Web3 Disruptors Week Roundtable, sharing the understanding on privacy and cybersecurity of Web3 and solutions.

Time: July 27, 8pm-8:45pm SGT/12pm-12:45pm GMT. Stay tuned here.

Safeheron Product Manual Video Out

Safeheron product manual video is officially out, check it here.


BitGo’s German Unit Cleared to Operate in Italy

BitGo’s German branch, BitGo Deutschland GmbH, registered to provide "digital wallet services" in Italy on July 15.


Fedi Raises $4.2M to Scale Bitcoin Custody With Fedimint

This new fund is to accelerate the development of the Fedimint protocol and its companion app Fedi. Fedimint is an open-source protocol that leverages federated Chaumian Ecash mints to decentralize bitcoin custody and enhance the scaling capabilities of the currency.

BNP Paribas

French Banking Giant BNP Paribas Enters Crypto Custody

French Bank BNP Paribas (BNP) is entering the cryptocurrency custody space via a partnership with Swiss digital asset safekeeping firm Metaco.


Blockdaemon Acquired Danish Startup Sepior

Crypto infrastructure provider Blockdaemon has acquired Danish startup Sepior. Sepior, a digital asset security company providing key management services for institutional clients.

Sui Launches Sui Wallet a Chrom Extension Self-Custody Wallet

Sui Wallet gives Sui users the ability to create an address, transfer SUI tokens and NFTs, view and manage assets on the Sui network, and interact with dApps, view history and verify on Sui Explorer, etc.

zkSync 2.0 Will be Live on Mainnet in 100 Days

Ethereum Layer2 scaling solution zkSync published roadmap. zkSync2.0 is the first zkEVM rollup and will be in live on mainnet in 100 days.

Ethereum’s Kaleido Collaborates With Polygon for Web3 Adoption

Enterprise Ethereum platform Kaleido is teaming up with Polygon to bring the convergence of public and private blockchains a step closer. Polygon Edge is intended to offer businesses a user-friendly, cloud-based system connected to the Ethereum mainnet. Polygon Edge now is live on Kaleido that business users can build a gas-free and easy to access, high-scaling applications.

Brave Launches New System for Privacy-Preserving Data Collection, STAR

STAR is a system that allows users to participate in private data collection through k-anonymity, under cryptographic guarantees that their data will be readable only if other users have contributed the exact same values. STAR’s main goals are to provide strong privacy guarantees while still being usable and affordable for small-to-medium sized companies.


  • Confidential EVM ParaTime Sapphire by Oasis Network is now on testnet.

  • Cyber Gallops completes $15.75M private token sale round for its racing-centric metaverse.

  • Dune launches Spellbook with a first-in-class open-source analytics engineering tool called dbt, or data build tool.

  • Blockchain security startup Halborn raises $90 million in Series A.

Market Regulation

North America

  • SEC is working with crypto exchanges, lending platforms, brokers and other industry participants to ramp up investor protection in the space.

  • FBI issues public warning over fake crypto apps.


  • G20 nations affirm need for cross-border coordination and stablecoin regulation.

  • Coinbase secures approval from Italian regulators to provide ongoing crypto services to its residents.

  • has secured registration and regulatory approval from Italy; scores regulatory approval from Cyprus SEC.

  • UK markets bill extends banking rules to crypto assets.

  • Britain kicks off post-Brexit 'transformation' of finance which will introcude rules for using stablecoins for payment.


  • India’s finance minister called on G20 to bring crypto within the “Automatic Exchange of Information” framework; The Indian government won’t reduce taxes on cryptocurrency transactions.

  • Dubai launches Dubai Metaverse Strategy.

  • Singapore-based crypto fund Fund Manager Fintonia Group Receives Provisional Virtual Assets License in Dubai.

  • The Korea Internet and Security Agency (KISA) plans to publish standards for non-fungible tokens (NFTs) by the end of this year; outh Korea postpones 20% crypto tax to 2025.

  • Indonesia plans wholesale digital currency to improve transfers.

  • Crypto asset platforms are to face stricter regulations in Thailand.

Industry Briefing

The crypto market still witnesses huge volatility and the factors of uncertainty also add up the fear, such as faces the loss of $270 million due to lending to the Three Arrow, and Su Zhu and Kyle Davies are dealing with all troubles on their sides too. All these negative messages strengthen the despair in the current market.

1,120 investment announcements (double the number in the H1 2021) and $28.8B value raised in the first half of 2022, according to Coin98 Analytics. The number effectively grew up, though uncertainty lurking around, we still see the positiveness.

Security incidents in this week varied in the way of attacking, malicious files & phishing, malicious javascript and data breach, also we see rug pulls and scams. In the rapidly changing market, always be careful, always be cautious, always be alert.

Last updated