Supply chain attack drains $3 million from SushiSwap
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.
Head of Product for major NFT platform, OpenSea, is asked to resign following allegations of NFT insider trading
A Twitter sleuth discovers that OpenSea's Head of Product, Nate Chastain, had apparently been engaging in a form of insider trading by buying NFTs that he knew would later be featured on the front page of OpenSea, then selling them once their value increased from the spotlight. The Twitter user identified a chain of transactions show Chastain laundering the transactions through several anonymous accounts. OpenSea posted a statement confirming the shady trades had taken place, and that they had requested and received the employee's resignation, though they didn't specifically name Chastain as the culprit. Chastain's Twitter profile was updated shortly after, identifying him as a former OpenSea employee. OpenSea announced the next day that they had implemented policies preventing employees from trading on confidential information, which I guess they just hadn't bothered to think about previously.
GTV Media Group, a media company operated by Steve Bannon and Guo Wengui, pay $539 million settlement over ICO
The SEC filed charges against GTV Media Group and related entities, alleging they engaged in an unregistered ICO when they offered investors the opportunity to buy "G-Coins" (also called "G-Dollars"). GTV immediately settled with the SEC, agreeing to pay over $539 million.
GTV Media Group is a media company co-founded by Steve Bannon and Guo Wengui, both figures in the American far right who have close ties to Donald Trump.
- "SEC Charges Three Media Companies with Illegal Offerings of Stock and Digital Assets", U.S. Securities and Exchange Commission
Fake press release dupes media outlets into reporting that Walmart will begin accepting Litecoin
A press release distributed via GlobeNewswire claimed Walmart was announcing a partnership with Litecoin to begin accepting the cryptocurrency as a payment method. The value of Litecoin spiked before tumbling after Walmart said the announcement was fake.
SEC charges Rivetz Corp. and related entities for $18 million ICO
The SEC charged Rivetz Corp. and related entities with running an illegal ICO when they launched their "RvT tokens". They raised $18 million through the ICO, which they never registered with the SEC, to raise funds for the Rivetz blockchain security company. The funds, which were raised in ETH, were used to give the company's founder a $1 million bonus, plus a $2.5 million loan which he used to "purchase a house in the Cayman Islands that he then leased back to Rivetz Int'l."
- "SEC Charges Issuers and CEO for $18 Million Illegal Securities Offering", U.S. Securities and Exchange Commission
El Salvador adopts Bitcoin as legal tender
Nayib Bukele unexpectedly announced that El Salvador would be adopting Bitcoin as legal tender, and the policy went into effect on September 7, 2021. With the benefit of hindsight, we can see that the decision came near the very top of the Bitcoin prices. Those who put money into Bitcoin at Bukele's urging have lost quite a lot of money.
So has El Salvador itself, assuming Bukele is telling the truth about his many claimed Bitcoin purchases. As of December 2022, Nayib Bukele has lost more than $67 million on those investments.
C.R.E.A.M. Finance exploited again, this time for $25 to $30 million
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $25 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of the year.
xToken loses another $4.5 million in second hack of the year
A vulnerability in xToken's xSNX product allowed hackers to use flash loans to empty $4.5 million from xToken. This hack followed an even larger hack in May, where the platform was exploited for around $25 million.
Scammers posing as Bored Ape Yacht Club founders scam NFT collector Sohrob Farudi out of $800,000
The day after Nicholas lost almost $500,000 to NFT scammers, another collector was targeted for an even larger sum. "I've never felt more dumb, helpless, embarrassed or just plain sad in my entire life", Farudi wrote on Twitter. The scammers, who pretended to be the founders of the popular Bored Ape NFT collection, had tricked him into exposing his private key QR code to them in another Discord/OpenSea scam.
Scammers posing as OpenSea support staff steal $480,000 from NFT collector Jeff Nicholas
After asking for help in the OpenSea Discord channel, Nicholas was successfully scammed by individuals posing as customer support. After convincing the investor to share his screen, allowing scammers to view his private key, they transferred all of his NFTs, worth almost $500,000, from his wallet in transactions that can't be reversed. Earlier that year, Nicholas had appeared as a guest on a podcast episode titled "How NFTs Will Change Everything".
- "The NFT scammers are here", The Verge