Analytics firm Elliptic says RenBridge has been used to launder more than $540 million in proceeds from crimes over the last two years

Two days after OFAC sanctioned crypto tumbler Tornado Cash, the blockchain analytics firm Elliptic pointed to cryptocurrency bridges as a likely future target for sanctions if the Treasury Department continues its attempts to crack down on crypto money laundering. In addition to their purpose of allowing different currencies to be used cross-chain, cryptocurrency bridges are a useful tool for obscuring the path of cryptocurrencies, as it can be difficult for outside observers to link cryptocurrencies flowing into a bridge with the destination wallet(s) on the other end.

Elliptic singled out the RenBridge chain in particular, saying that at least $540 million in funds linked to crimes have been moved through the bridge in the last two years. $153 million of this, they say, originated from ransomware plots, and $53 million is allegedly linked to the Russia-based group behind the Conti ransomware.

Blur Finance rug pulls for over $600,000

The yield aggregator Blur Finance rug pulled, taking more than $600,000 in assets from the BNB Chain and Polygon-based projects before deleting their website and social media accounts. The project had only been active for about a month, and had accumulated about 750 users on its original BNB Chain implementation, and on August 5 had announced their launch on Polygon. In the announcement, they boasted returns of over 4,000% APR.

Hotbit crypto exchange suspends trading due to criminal investigation

Tweet from Hotbit News: 📢Announcement on the Suspension of Hotbit Website Service on August 10th, 2022 Details👉https://hotbit.zendesk.com/hc/en-us/articles/8074249353495 ⚠️User's assets are safe, please don't worry. We are sorry for any inconvenience caused!😢
Followed by a GIF of Anya Forger from Spy x Family cryingHotbit announcement tweet (attribution)
The Hotbit cryptocurrency exchange abruptly announced they would be suspending services because they were under criminal investigation, and law enforcement had frozen some of their assets. Hotbit claims that the investigation pertains to a former employee who was involved in a "project" unbeknownst to Hotbit, which investigators believe was illegal. Hotbit urged that all customer funds were safe, which seems a bit of a bold statement when their funds are currently frozen to the point where the exchange can no longer operate.

Hotbit announced the suspension on Twitter with a GIF of a crying Anya from the anime series Spy × Family which, despite demonstrating their good taste in shows, does not seem like it would exactly inspire confidence among customers.

CoinFLEX files for restructuring

The cryptocurrency exchange CoinFLEX announced they had filed for restructuring, a move that probably didn't surprise too many people after they stopped customer withdrawals in June, sued Roger Ver over $84 million they claimed he owed them in July, and then significantly cut staff in order to try to massively reduce their costs.

As tends to happen with insolvent exchanges, they are hoping to "compensate" their depositors with a mix of CoinFLEX-issued tokens and equity, rather than actual money or more liquid, established cryptocurrencies.

Nuri crypto exchange files for insolvency

The German cryptocurrency exchange Nuri, formerly known as Bitwala, filed for insolvency. Interestingly, they did not stop customer withdrawals — as have many exchanges who later announced they were insolvent — allowing its existing users to continue to withdraw funds and otherwise use their services.

Their announcement began by saying, "We would like to inform you about an important development that does not affect our services, funds or investments with Nuri," and throughout the post they stressed that customer funds were safe.

Nuri blamed the insolvency on everything from "the ongoing after-effects of the Corona pandemic" to "the economic and political uncertainties in the markets after Russia's invasion of Ukraine" to the more recent crypto bear market.

On October 18, the company announced they would be shutting down after failing to find someone to acquire the company. They asked customers to withdraw their funds by December 18. Unlike many of the services that faced insolvency crises this summer, Nuri is closing without any loss of customer funds.

Curve Finance frontend compromised, $620,000 stolen but later recovered by exchanges

Curve Finance's frontend at curve.fi was compromised, prompting users to give token approval to a malicious smart contract. Stolen funds were then transferred out to the FixedFloat cryptocurrency exchange and the Tornado Cash tumbler. It appears that at least 362 ETH (~$620,000) have been stolen.

Curve acknowledged the apparent exploit, tweeting at the iwantmyname domain platform to say they believed the issue was on their end. Around an hour after the issue was widely noticed, Curve announced the "issue has been found and reverted", and to use the alternate Curve Finance domain until DNS changes propagated for the affected domain. They also urged users to revoke any recent contract approvals they'd made on the Curve platform.

FixedFloat tweeted that they had been able to freeze 112 of the stolen ETH (~$192,000) that had been transferred to their platform. Binance later announced that they'd recovered the remaining stolen funds, with founder CZ tweeting, "The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂"

Truth in Advertising sends letters to 17 celebrities about undisclosed promotion of NFTs

A collage of sixteen of the seventeen recipients of TINA's letters: Drake Bell, Tom Brady, DJ Khaled, Eminem, Jimmy Fallon, Paris Hilton, Eva Longoria, Madonna, Floyd Mayweather, Meek Mill, Von Miller, Neymar, Shaquille O'Neal, Gwyneth Paltrow, Logan Paul, and Snoop DoggSome of the recipients (attribution)
Non-profit advertising watchdog organization Truth in Advertising (TINA) sent letters to seventeen celebrities, urging them to follow FTC requirements on clearly disclosing when they are being paid to promote a brand. TINA had also previously sent such letters to Justin Bieber in relation to his promotion of the inBetweeners NFT project, and to Reese Witherspoon in relation to her endorsement of World of Women.

The celebrities who received letters from TINA were Drake Bell, Tom Brady, DJ Khaled, Eminem, Jimmy Fallon, Paris Hilton, Eva Longoria, Madonna, Floyd Mayweather, Meek Mill, Von Miller, Neymar, Shaquille O'Neal, Gwyneth Paltrow, Logan Paul, Snoop Dogg, and Timbaland.

At least 101 NFT Discord servers compromised in July

A fluorescent green skull with blond hair, a piece of cheese floating above its head, a rainbow connecting its eye sockets, and padded armorTasty Bones' Discord was hacked twice in July (attribution)
I've largely stopped covering crypto Discord compromises because they occur so frequently it would drown out everything else. OKHotshot has been keeping count, though, and according to them, at least 101 servers have been compromised in the month of July. Four of the projects — EY3KON, Tasty Bones, Universe by Barnabe, and Angry Dinos — were each compromised twice in that month.

"Animate your Bored Ape" scammers linked to more phishing attacks amounting to more than $2.5 million

Screenshot of an Instagram post promising to animate users' Bored Ape NFTs. Text reads "Wanna turn your Ape or Mutant into a cool GIF? - High quality - All attributes working - Only gas fees to pay (50$) boredapeyachtclub.github.io (LINK IN BIO) PM @exyt to get gas fees refunded!"Screenshot of an Instagram post promising to animate users' Bored Ape NFTs (attribution)
Crypto sleuth zachxbt has uncovered a French scam duo, Mathys and Camille, who he believes were behind the March "turn your BAYC animated" phishing scam in which they stole a collector's Bored Ape NFT and flipped it for 264 ETH (at the time worth $764,000). He has also tied them to four other Bored Ape holders who fell victim to fake "animator" phishing schemes that also stole pricey NFTs including Doodles and Mutant Apes. Among them, they lost NFTs collectively valued at $1.7 million. In his investigation, zachxbt also uncovered other crypto wallets that appeared to contain proceeds from other phishing scams, totaling around 497 ETH (~$851,000). "Undoubtedly there is more to uncover, but there is only so much that can be tracked through Tornado Cash," he wrote.

Tornado Cash added to U.S. sanctions list

The U.S. Office of Foreign Assets Control (OFAC) added Tornado Cash to its SDN list: a list of "Specially Designated Nationals And Blocked Persons" with whom U.S. individuals and organizations are prohibited from doing business.

Tornado Cash is the most prominent cryptocurrency tumbler (or "mixer") and has been used in a multitude of instances to launder proceeds from cryptocurrency hacks and scams. In a press release, the Treasury Department named the North Korea-sponsored Lazarus Group's $625 million hack of Axie Infinity in March, the $100 million theft from Horizon Bridge in June, and the $190 million hack of the Nomad bridge in August as contributing to the decision.

Although Tornado Cash had claimed to be complying with sanctions in the wake of the Axie hack, the Treasury Department wrote in their press release that, "Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks".

Tornado Cash is also widely used to maintain privacy in a world where transactions are publicly visible, and it remains to be seen how the cryptocurrency ecosystem will react to this major development. Tornado Cash is also relatively decentralized in its operations, meaning it may be difficult for the sanctions list to be kept up to date and for the sanctions to be enforced.

The fallout from the sanction was swift: in the days following the action, Tornado's source code repository was removed from Github and the accounts of some of its developers were suspended; the project's Gitcoin funding page was taken down; and the project's own website, governance pages, and Discord server went offline.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.