A hot wallet security violation at the sports NFT minting platform resulted in the loss of $18 million in native LMT tokens over various project wallets.
Lympo, a sports NFT minting platform and an Animoca Brands subsidiary, experienced a hot wallet security violation and lost 165.2 million LMT tokens worth $18.7 million at the moment of the breach.
According to a brief Medium report from the Lympo group, hackers got control of Lympo's operational hot wallet on January 10 and "stole a total of approximately 165.2 million LMT from it."
As per the statement, the hack impacted ten distinct project wallets. The majority of the stolen tokens appear to have been transmitted to a single address, swapped for Ether (ETH) on Uniswap and Sushiswap, and then sent elsewhere.
After hackers relocated and then sold wealth from the project's hot wallets, the value of LMT dropped 92% to $0.0093.
A follow-up tweet from the group on Jan. 11 indicated that they were "working on stabilising the situation and resuming all operations back to normal." The team also mentioned that liquidity LMT had been eliminated from liquidity pools to “minimise disruption to token prices.”
When liquidity is eliminated from LMT trading pools, traders will be unable to purchase or sell any notable amount of the tokens without suffering a significant decline in value on their trade.
The team suggested traders avoid buying or selling LMT tokens until they finished their inquiry and decided on the next optimal plan of conduct, which they did early on Jan. 11.
Lympo, as a subordinate property of Animoca Brands, may facilitate from Animoca team involvement. "We are working with Lympo to assist them on a recovery plan, but we don't have any specific mechanisms," Animoca CEO Yat Siu told.
The second hot wallet breach of the week.
On Jan. 8, centralised crypto exchange LCX experienced a security attack on its hot wallets, resulting in a loss of around $7 million. The hacker got off with 8 distinct crypto assets in this instance.
MKR, ENJ, LINK, QNT, SAND, ETH, LCX, and USDC were all lost in varying quantities by LCX. The majority of the capital was turned to ETH before being transferred through Tornado Cash, a privacy mechanism intended to conceal the origin and location of ETH.
On January 10, the LCX team issued an update in which they assured users that they would be reimbursed for their losses and stated no personal information had been affected during the hack. As per the team:
“LCX will use our own funds to cover the incident and compensate affected users. There will be no impact on user balances at LCX.”