Around $110 million "stuck" in Aave protocol on Polygon due to a bug that can't be fixed for a week

Recently, the Aave protocol deployed a contract upgrade on the Polygon version of their v2 project that was not compatible with Polygon. The bug has resulted in around $110 million of funds in wETH, wBTC, USDT, and wMATIC being "stuck", meaning users can't perform any actions involving those funds.

The funds are not at risk, but it will take at least a week before the funds are unstuck because any code change requires a DAO vote. "Considering governance times, if approved, the fix will be applied in approximately 7 days from now: 1 day of delay to start voting, 3 days of voting, 1 day of timelock on Ethereum, and 2 extra days of timelock on Polygon," explained a post by Bored Ghost Developing, a contributor to Aave.

Phishing-as-a-service company "Inferno Drainer" steals assets nominally worth $5.9 million in three months

A scam-as-a-service company identified by ScamSniffer and dubbed "Inferno Drainer" has stolen assets nominally worth around $5.9 million since mid-February. The vendor sells phishing scam software that is then used by phishers to target victims, who believe that they are interacting with an established crypto project. Inferno Drainer takes 20–30% of the stolen funds as "payment" for the scam software.

One Inferno Drainer victim lost assets worth around $417,000. They later sent an on-chain message to the thief, writing: "you are ruining my life and for me this money was a lifetime's work, I won't have enough my family..." They asked the attacker to return 50% of the funds stolen from them, offering to not report the scammer to Interpol and other authorities in return, and even offering to "sign a contract allowing you to use legally the stolen crypto".

Grumpy Cat trademark owner sends cease and desist via NFT over unauthorized "Grumpy Cat Coin"

A Grumpy Cat Coin memecoin emerged in May, with a website using illustrations of the late real-life Grumpy Cat to promote the coin. Crypto influencers, including the "SlumDoge Millionaire", jumped on board to promote the token. (The "SlumDoge Millionaire" is Glauber Contessoto, a person who briefly became a paper millionaire from, as he claims, emptying his bank account, selling all his stocks, and maxing out credit cards to buy 5 million Dogecoin during the 2021 crypto frenzy. His holdings spiked to over $1 million in value, but he didn't cash out; they are now priced at around $365,000.)

However, Grumpy Cat's owner owns trademarks associated with Grumpy Cat, and it seems she has become aware of the coin. On May 18, she minted an NFT and transferred it to the Grumpy Cat Coin deployer address. The NFT image is a copy of a cease and desist letter representing Grumpy Cat Limited. The letter describes the coin offering as a "blatant and willful infringement of our client's trademark rights", and insists that the coin creators stop all activities related to the coin offering or face legal action. The letter also mentioned that the URL of the project website — grumpycat.fyi — was a violation of the Anti-Cybersquatting Consumer Protection Act. The project subsequently changed its domain to gccoin.fyi in an apparent effort to avoid this issue.

Simultaneously, a message addressed to holders of the Grumpy Cat Coin was posted to Grumpy Cat's Twitter account, describing the token as a "desperate, sad attempt to scam unwitting traders" by "SlumDoge Millionaire and their cohorts".

Coin Cafe to pay $4.3 million restitution after instituting high fees without informing customers

Cryptocurrency trading platform Coin Cafe will pay $4.3 million in restitution to customers who were charged high fees after signing up for a "free" crypto custody service. The firm instituted fees for its wallet service in September 2020, but never informed customers. They also increased the fees four times without informing their users. At one point, they charged 7.99% of the account balance or $99, whichever was greater, per month if a user did not transact that month. This resulted in some investors being charged fees equal to 96% of their holdings. One investor was charged more than $51,000 in fees in 13 months; another was charged $10,000 in a single month.

The New York Attorney General found that Coin Cafe's misleading fee structure was still in effect even after the company obtained a BitLicense from the Department of Financial Services.

Swaprum decentralized exchange rug pulls for almost $3 million

Decentralized exchange Swaprum, a project on the Arbitrum layer-2 network, suddenly disappeared with around 1,628 ETH (~$2.96 million) in an apparent rug pull. The thieves then mixed the money through Tornado Cash.

The project had been audited by blockchain security firm CertiK, and displayed the "audited by CertiK" badge on their website. This added to criticisms of CertiK, who have come under fire for auditing multiple projects that later turned out to be scams. CertiK defended themselves, writing that, "As an auditor, we cannot force projects to implement our recommendations, but we can clearly and publicly call out vulnerabilities where we find them". They argued that they had identified vulnerabilities within their audit that ultimately allowed for the exploit, including the high degree of centralization and the upgradability of the smart contracts.

Sam Altman's Worldcoin project incentivizes a black market for biometric data taken from people in developing nations

"Show me the incentive and I will show you the outcome."

Sam Altman's Worldcoin project, a dystopian effort to use chrome orbs to scan the irises of people (often in developing nations) in exchange for vague promises of crypto compensation, is encountering even more difficulties. In April 2022, BuzzFeed News and MIT Technology Review both published in-depth reporting on some of the technical and ethical issues the project has run up against.

Now, the project is facing reports that people in China, who are not allowed to sign up legitimately, have been purchasing iris scans from individuals in Africa and Southeast Asia in order to circumvent the restriction. According to the news outlet BlockBeats, Chinese individuals have been engaging in "eyeball speculation": buying biometric data scanned en masse from villagers in Cambodia, Kenya, and elsewhere by people who then sell it for $30 or less, allowing the buyer to receive the associated Worldcoin payout (currently ~$20).

Worldcoin has said they are rolling out various measures to try to discourage this activity, including changing the in-person sign-up process. However, the project acknowledged that they have not figured out how to prevent this, writing: "Despite these precautions, it is important to acknowledge that they do not entirely safeguard against collusion or other attempts to bypass the one-person-one-proof principle. To address these challenges, innovative ideas in mechanism design and the attribution of social relationships will be necessary."

Former Fabric CFO accused of siphoning $35 million into his crypto startup and losing it all

Black and white headshot of Nevin ShettyNevin Shetty (attribution)
Nevin Shetty, the former chief financial officer of the Fabric e-commerce platform, was federally indicted for wire fraud after allegedly misappropriating $35 million from Fabric to put into his cryptocurrency platform HighTower. Shetty stole the money in April 2022, shortly after being told he would be fired from Fabric for performance reasons.

According to the grand jury indictment, Shetty planned to put the funds into cryptocurrency positions that "could have yielded returns of 20 percent or more annually", and planned to return 6% to Fabric, keeping the difference. This so-called "investment" contradicted the conservative investment strategy that Shetty had helped to draft for Fabric, and he concealed both the existence of the transfer and his involvement with HighTower.

Shetty "lost virtually all of [Fabric's] money" "within a matter of weeks", at which point he fessed up to Fabric. Shetty had placed all of the funds into protocols based around the Terra stablecoin, which collapsed dramatically only a month later.

Shetty has pled not guilty, and has been released on bond.

Traders lose more than $15 million to phishing website impersonating crypto exchange HitBTC

Blockchain security firm SlowMist has reported that a phishing website appearing to be the real cryptocurrency exchange HitBTC has stolen more than $15 million worth of Bitcoin, Tether, and Ether from users believing it to be the real thing. Users who didn't notice they were accessing a site with the URL hitbt2c.lol instead of hitbtc.com approved transactions to swap their crypto assets, only to find the site drained their wallets.

South Korean legislator Kim Nam-kuk resigns over allegations of improper crypto dealings

Photograph of Kim Nam-kukKim Nam-kuk (attribution)
South Korean lawmaker Kim Nam-kuk has resigned over a cryptocurrency scandal. On May 8, 2023, The Korea Times reported that Kim cashed out around 800,000 Wemix tokens priced at around ₩6 billion (~$4.5 million) in previously unreported cryptocurrency assets shortly before Korea's March 2022 imposition of the travel rule, which requires disclosures around the identities of those involved in large crypto transactions. Kim denied the allegations, claiming he had simply moved the assets to another exchange. Other legislators and citizens expressed shock at Kim's apparent crypto wealth, as he had portrayed himself as someone who was not affluent.

Other concerns arose regarding the discovery of the assets. Some were worried about possible conflicts of interest, particularly in relation to Kim's 2021 proposal of a bill that would delay taxation of crypto profits. Others were worried about the source of the funds used by Kim for crypto trading; Kim claims he did not receive money from anyone to use for trading, and obtained the money through the sale of stocks.

On May 10, the Democratic Party recommended Kim sell his crypto holdings, and launched an investigation. Kim said later that day that he would perform the sales, and "transparently disclose data to the investigation team and undergo the inquiry faithfully".

On May 14, Kim resigned from the Democratic Party "for a while", continuing to deny the allegations but expressing wishes to not burden the party and its members over the controversy.

The subsequent day, Korean authorities raided the offices of Korean crypto exchanges Bithumb and Upbit in connection to the scandal, seeking transaction records and other information. Kim was reported to use those services for his crypto wallets.

a16z-backed Mecha Fight Club NFT robot cockfighting game put on ice as maker pivots to AI

A robotic chicken with a white and blue chassisMechaFightClub #6185 "Jacques Strap" (attribution)
A year ago, Andreessen Horowitz general partner Arianna Simpson wrote about the firm's investment into Irreverent Labs. Simpson had joined their first $5 million funding round, and Andreessen Horowitz led their $40 million Series A. The company had yet to produce any product, but successfully pitched Simpson on what she described as "some sort of chicken game".

Now, the company has announced that the project will be paused "for the indefinite future", blaming "lack of clarity" and "regulatory confusion" in the United States. The company simultaneously announced "SOL 4 Cocks", in which they will repurchase the Mecha Fight Club NFTs for 18 SOL (~$380). The NFTs had originally minted for 6.969 SOL (~$290 on mint date).

Irreverent Labs' website and social media now describe the company as an AI firm building "text to 3D and video prediction tools that facilitate the creation of AI-generated 3D content".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.