Phishing attack drains $2 million from one victim
Incognito Market drug marketplace pulls multi-million dollar double scam
Making matters worse, on March 10 the website posted a message reading, "Yes, this is an extortion !!" They wrote that, although the platform promised to "auto-encrypt" messages between buyers and sellers, and auto-delete after an expiry date, messages were not encrypted or deleted. They demanded that users pay an additional $100 to $20,000 to have their information removed from the dataset, which they promised to release at the end of May. "Whether or not you and your customers' info is on that list is totally up to you."
The tactic is reminiscent of that of ransomware groups, which often demand double fees: one from victims of hacks first to regain access to their systems, and another in exchange for a promise to destroy stolen data.
- Incognito Darknet Market Mass-Extorts Buyers, Sellers, Krebs on Security [archive]
Kickstarter's bizarre "pivot to blockchain" spurred by secret $100 million Andreessen Horowitz investment
Crowdfunding website Kickstarter surprised and dismayed many of its users in December 2021 when they announced they would be moving the product to the blockchain in December 2021 for... reasons. That blockchain would just so happen to be the relatively unknown Andreessen Horowitz-backed Celo blockchain. "How this will actually work, beyond Kickstarter being able to yell 'blockchain' like a spell to summon investors ... is unclear," wrote Tom McKay at Gizmodo.
He probably didn't realize how right he was, but now it's been revealed that KickStarter was able to land a $100 million investment from Andreessen Horowitz with handwavy proclamations about the blockchain that its own COO didn't seem to quite understand.
The company seems to have since given up on its blockchain ambitions — in no small part thanks to user revolt. It seems that $100 million windfall didn't include any terms actually requiring Kickstarter to follow through.
Twitter phishers steal over $46 million from 57,000 victims in February
The largest individual loss was the phishing attack against kirilm.eth, who had over 180 million $BEAM tokens notionally worth over $5 million drained from their crypto wallet. The attacker sold the tokens for around $4.5 million.
The total amount stolen is down slightly from January, in which $55 million was taken. Altogether, scammers have stolen over $100 million via Twitter phishing alone in the first two months of 2024.
Crypto4Winners investment firm claims funds were stolen
The company had paused withdrawals the previous day, and has not re-enabled them. They also have not disclosed the amount that was allegedly stolen.
Crypto4Winners claims it has earned 377% returns on customer investments since 2019, producing 3–20% monthly returns.
The company is co-owned by Luc Schiltz, who was sentenced to six years in prison in 2017 for defrauding victims of over $1.5 million through various investment frauds. He was released after two years, and quickly started the Crypto4Winners project after.
Unizen platform hacked for $2.1 million
The project team sent on-chain messages to the attacker, offering a 20% "bounty" for the return of the remaining funds.
WOOFi hacked for $8.75 million
Blockchain security firms detected the attack quickly, and the project team paused the project's smart contract within fifteen minutes, but not before the millions were stolen. They contacted the attacker via an on-chain message to offer a 10% "bounty", later threatening that they had a "strong lead that we think will soon reveal the identity of the exploiter".
- Woofi, Rekt [archive]
- "WOOFi sPMM exploit post-mortem", WOOFi [archive]
"The AI Protocol" burns tokens after holder suffers $4.3 million theft
Blockchain sleuth zachxbt was able to coordinate with the project to organize a community governance vote to burn the stolen tokens before the attacker was able to cash out. Although this doesn't return the stolen funds to their original owner, it at least keeps the attacker from profiting.
Shido exploited for at least $3.3 million
Although the stolen tokens were nominally priced at $35 million, the massive theft caused the price to plummet 94%. The attacker has converted the stolen tokens to around 956 ETH ($3.3 million).
The Shido team announced that they would be trying to offer a "bounty" to the hacker.
Seneca Protocol bug enables at least $3 million in stolen user funds
Making things worse, although the project's smart contract inherits the Pausable
module that should allow the Seneca team to halt the malfunctioning code, they never implemented the function, meaning there's no way for them to stop the thefts. Instead, individual users must each revoke access to the flawed contract.