Sports NFT Platform Lympo Hacked for $18M

  • The hacker got away with 165.2 million of the project’s LMT tokens, which fell in price by 92% after the accident.
  • Lympo’s team removed LMT from various liquidity pools shortly after the incident, and is currently working on a plan to remedy the situation.
hack

Shutterstock

Lympo, a sports-focused NFT platform and subsidiary of Animoca Brands, has suffered a hack that saw 165.2 million LMT tokens leave its hot wallets, the platform said in a blog post on 10 January.

According to the announcement, on Monday the hacker was able to gain access to 10 of Lympo’s operational wallets and steal 165.2 million LMT tokens, which at the time of the hack were worth approximately $18.5 million. Shortly after the hacker sold his stolen tokens, the price of LMT dropped by approximately 92%. and is now being traded for $0.018 a piece. The team behind the project tweeted on Monday:

Data from Etherscan shows that most of the stolen tokens were sent to a single address. The hacker then used DeFi platforms Uniswap and Sushiswap to exchange his LMT tokens for Ethereum (ETH), which was then sent to an unidentified wallet. In order to “minimize disruption to token prices”, Lympo temporarily removed LMT from various liquidity pools shortly after the incident.

The platform also assured its users that the incident is being investigated, and that the team was working hard to resume the normal operations of Lympo “as soon as possible”. A comprehensive plan on how to remedy the effects of the attack is also being prepared, and will be made available to the community once it has been completed.

This is the second hot wallet hack in the last week, with Liechtenstein-based crypto exchange LCX losing $7 million worth of tokens last Saturday. Similarly to the Lympo accident, the hacker converted most of the stolen tokens to ETH, and then sent them to privacy tool Tornado Cash. The team behind LCX has already stated that they will use their own funds to compensate the affected users.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.