Does VC-Backed Equal VC-Secure
HodlX Guest Post Submit Your Post
Blockchain projects often use their investment successes to boast as well as build up an audience.
It’s common to assume that if a project is good enough for a venture fund, it must be good enough for a user.
After all, would something so big and rich fail to perform due diligence? Sadly, money does not always equal security and some users had to find that out the hard way.
Despite having access to powerful mechanisms, ‘money people’ are not usually experts in Web 3.0 security. To put it simply, they won’t know where to look.
So, even if a project might be safe from a rug pull or malicious actions from within the company (that they would likely check), it might fall victim to external attacks.
And these attacks may affect not just the investor and the owner but the user too.
Vulnerabilities, especially those that end in financial tragedy, often lead to loss of financing. But that’s only a part of the bigger problem.
They end up hurting the industry as a whole, convincing potential investors, developers and participants, that Web 3.0 isn’t safe and can collapse at any given moment.
The sooner we detect and eliminate vulnerabilities, the more chances we have to prevent incidents. This helps save the reputation of the aforementioned venture funds.
To get a better understanding, let’s take a look at five well-financed projects, find out what happened to bring them down and discuss why venture funds should pay special attention to security.
WazirX
WazirX is a major Indian exchange platform. Founded in 2018, the company ran an extremely successful ICO in 2019-2020.
The project managed to gather an impressive $2.9 million in investments.
Among three notable sources, the most noticeable was Kalaari Capital a well-known tech-focused venture capital firm. This, of course, cemented the reputation of WazirX at a rather early stage.
Unfortunately, in July 2024, the company lost $230 million in digital assets.
The cause for the loss was a multi-signature wallet vulnerability, due to which the attackers managed to manipulate discrepancies in transaction data.
A hacker group called Lazarus Group was the main suspect, but insider involvement was not out of the question.
As a result of the attack, WazirX was sued by its rival company CoinSwitch for failing to recover $9.7 million of its funds.
Radiant Capital
DeFi protocol Radiant Capital managed to secure $12.3 million during its investment rounds.
The project promised to build a unified money market with the possibility of depositing, buying and borrowing assets across different blockchains.
It’s not entirely surprising that the concept attracted hackers.
The first incident occurred in October 2024 and included a flash loan attack that had cost Radiant Capital $4.5 million.
But the misfortunes didn’t end there, and the second attack came soon after, leaving the project short of another $53 million.
The attackers exploited the 3-of-11 multisig scheme, using malware to present false transactions for signing.
The attacker then deployed their own malicious contracts on four chains, executing only those on Binance Smart Chain and ARB.
Playdapp
The successful South Korean platform Playdapp aimed to revolutionize the gaming industry by utilizing blockchain.
That promise was enough to secure the company $3.8 million during investment rounds in 2022.
With the popularity of Web 3.0 gaming, Playdapp had all the makings of an incredibly successful project and up to February 2024, this was the plan.
In the span of three days, Playdapp was hit by two consecutive attacks. A private key exploit turned out to be the cause of the attack.
During the first incident, the attacker’s address was added as the minter of tokens, and over 200 million PLA tokens were minted.
During the second attack, an additional 1.6 billion were minted, which resulted in a total loss of $290 million.
Hedgey Finance
The DeFi project Hedgey Finance was founded in 2021 as a token vesting platform. The company quickly rose to popularity among large and well-known funds.
The list of investors includes names such as Hiddentao Ventures, WAGMI Ventures, Blockchange Ventures and Compound.
Hedgey Finance successfully raised money from 13 different funds.
Alas, the story didn’t have a happy ending. Hedgey Finance was attacked on April 19, 2024. The attacker made away with approximately $2 million in ETH and additional BONUS tokens on Arbitrum (ARB).
The cause was a vulnerability in the smart contract that allowed any user to exploit a certain command to transfer tokens from the contract to their own wallet.
The Munchables
The Munchables is yet another successfully funded project. The Web 3.0 gaming platform is based on Ethereum layer-two Blast.
The project was launched in response to the growing popularity of GameFi projects and quickly received funding from 20 large investors.
In March 2024, The Munchables fell victim to the project’s poor security measures.
The attack was a result of the compromised upgradable proxy contract. The contract was used during the game’s development, and the ownership belonged to the developer.
Even after the contract was upgraded, the owner still had options to manipulate the contract. This resulted in the loss of $62.5 million in ETH.
What can be done
Looking at the issues that caused all of the losses listed above, it’s easy to notice a pattern.
Sure, the projects may have been well-funded and promising, but crucial mistakes must have been made during the audit.
Multisig issues are one of the most common causes of third-party attacks on exchanges. The only effective way to eliminate them is a thorough security audit.
Unfortunately, not all projects take it as seriously as they should.
Many put their trust in the hands of cheap yet unreliable security companies that promise quick results and end up losing money as well as credibility.
Here are some ways to avoid such situations.
- Research your potential auditors. Familiarize yourselves with the reviews, testimonials and the fate of the company’s previous clients.
- Increase the depth of a security audit by ordering not one but several audits from different reputable companies.
- Stay in constant communication with your auditor and take their recommendations seriously. It’s better to be overprepared than unprotected.
An audit has to be performed at an early stage of the project development. Vulnerabilities never stay hidden for long and any of them may lead to financial losses.
Dmitry Mishunin, CEO of HashEx Blockchain Security, excels in cybersecurity, focusing on Web 3.0 and blockchain. With a background in physics, applied mathematics and IT management, he’s a seasoned tech entrepreneur skilled in strategic management and team coaching. Under his leadership, HashEx has conducted over 1,300 audits, securing $3.8 billion in funds.
Follow Us on Twitter Facebook Telegram
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
The post Does VC-Backed Equal VC-Secure appeared first on The Daily Hodl.
Go to Source
Author: Dmitry Mishunin
