Allbridge announced that they were investigating the theft, and were working with law enforcement. Meanwhile, the project suspended operations and announced that they were preparing a user compensation plan.
In October 2022, Bittrex was fined a combined $29 million by the US Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN). The OFAC fine pertained to Bittrex's service of users based in Crimea, Cuba, Iran, Sudan, and Syria, who altogether performed $263 million in transactions using the platform. FinCEN's fine was imposed as a result of alleged "willful violations" of requirements around anti-money laundering and suspicious activity reports.
Bittrex will continue operations outside of the US, and currently operate in Europe, South America, and elsewhere.
However, the airdrop had a bumpy start, with scammers latching on to the event to proliferate fake airdrop websites. Phishers reportedly scammed more than 10,000 people using these schemes. At one point, Twitter even suspended the real Arbitrum Twitter account after mistaking it for one of the many phishing accounts. Attackers also compromised a Discord account belonging to an Arbitrum developer, using it to post a phishing link to the official Arbitrum Discord server.
Then, when the time for the airdrop came, the token claiming website crashed on the traffic, as did the Arbitrum block explorer. Those who were able to claim their tokens paid exorbitant gas fees, and some wallets attempting to estimate required gas fees malfunctioned, showing estimates in the billions of dollars.
Finally, the airdrop was widely gamed by people commandeering hacked vanity addresses to receive the airdrop tokens allocated to them, with at least $500,000 worth of tokens reportedly claimed by one attacker. Other attackers scrambled to compete with one another to claim tokens allocated to compromised wallets whose private keys had been shared publicly on Github and elsewhere, trying to be the first to siphon the funds. Two additional exploiters siphoned a combined total of more than 1 million ARB tokens from other wallets. One sold them for 713 ETH ($1.27 million); the other transferred the ARB tokens to other wallets.
- "Arbitrum Shows Just How Messy (and Tricky) Crypto Airdrops Can Be", CoinDesk
- "Arbitrum Foundation Homepage Crashes as Users Rush to Claim ARB Tokens", Decrypt
- "Arbitrum airdrop: Hacked vanity addresses used to siphon $500K", Cointelegraph
- "Hackers exploit Discord server to launch fake Arbitrum airdrop", Cryptopolitan
- "Over 1M Arbitrum tokens lost to phishing attack", CryptoSlate
According to the SEC, the BXY token sale raised more than $8 million. At least $900,000 of that was misappropriated by Hamazaspyan, who used it for personal purposes, including gambling.
Some of the defendants agreed to permanent injunctions, and to pay fines of around $166,000 and disgorgement of around $62,800. The agreement also stipulates that the Beaxy platform shut down. The SEC announced they were continuing to litigate charges against Hamazaspyan for securities fraud and against Hamazaspyan and his company for the unregistered securities offering.
- "SEC Charges Crypto Trading Platform Beaxy and its Executives for Operating an Unregistered Exchange, Broker, and Clearing Agency", U.S. Securities and Exchange Commission
The CFTC has alleged that "Binance has taken a calculated, phased approach to increase its United States presence despite publicly stating its purported intent to 'block' or 'restrict' customers located in the United States from accessing its platform... All the while, Binance, Zhao, and Lim, the platform's Chief Compliance Officer ('CCO'), have each known that Binance's solicitation of customers located in the United States subjected Binance to registration and regulatory requirements under U.S. law. But Binance, Zhao, and Lim have all chosen to ignore those requirements and undermined Binance's ineffective compliance program by taking steps to help customers evade Binance's access controls."
The CFTC is only one of several US groups looking into Binance, with the SEC also reportedly scrutinizing the exchange and the Department of Justice considering charges.
After raising user funds, the project's creators drained its liquidity pools. They also convinced users to send funds to them with a technique known as "ice phishing". They then deleted their social media accounts and disappeared.
- "Kokomo Finance", CertiK
It seems perhaps even Sotheby's prestige is not sufficient to overcome the NFT downturn.
However, some confusing instructions resulted in the owner sending the punk to the burn address, effectively destroying the NFT. "I was trying to wrap it and don't know what I was doing... Thought I was following the directions exactly..." they later wrote. They also later shared that they had borrowed money in order to purchase the CryptoPunk.
The criminal charges out of the US add to civil charges he's facing from the SEC, as well as an investigation out of South Korea.