The Arcadia Finance team paused related smart contracts to prevent further attacks, and began working with various crypto security projects to investigate the attack. They also sent on-chain messages to the attacker, threatening law enforcement action and suggesting they "return 90% of the funds... and walk away".
Arcadia Finance exploited
- "Arcadia Finance says exploiter contacted after $450K hack", Protos
- Tweet by PeckShield
- Etherscan transaction with message to the attacker
Hackers swipe pricey NFTs after compromising Gutter Cat Gang Twitter profile
One victim lost 36 NFTs, among them a Bored Ape NFT they'd purchased for around $130,000. Altogether, the attackers successfully stole NFTs worth between $750,000 and $900,000, depending on how resale value is estimated.
The following day, Gutter Cat Gang announced that they'd regained control over the Twitter accounts and taken down the malicious tweets. They stated that they were working with law enforcement to investigate the theft, but to the dismay of some victims, did not describe any plans to compensate those who lost assets.
"Decentralized" BarnBridge closes up shop after claiming they are under SEC investigation
On July 6, an attorney posted in the project's Discord server to say that BarnBridge and "individuals associated with the DAO" were under investigation by the U.S. Securities and Exchange Commission. The attorney wrote: "To reduce potential further legal liability, existing liquidity pools should be closed, and no more liquidity pools should be started. All work on Barnbridge related products should stop, and individuals should no longer be compensated for any work they do related to Barnbridge until further notice." Decentralized!
It's not terribly surprising that BarnBridge chose to drop the facade of decentralization when the SEC came knocking, however. A recent case by the CFTC against the Ooki DAO suggests that the mere veil of "decentralization" will not be sufficient to avoid legal liability for the actions of a DAO. However, it is interesting to see the SEC now (at least allegedly) going after a relatively small player in the defi world.
Multichain shuts down amidst $130 million suspected hack
Several hours later, Multichain wrote that they had stopped service, and that "all bridge transactions will be stuck on the source chains. There is no confirmed resume time."
In May, Multichain suffered a bizarre slew of issues, culminating in the project team admitting that their CEO had gone missing and could not be contacted. So far, they have not reported his return.
This is also not the first hack suffered by Multichain. In January 2022, the project, bafflingly, publicly announced a security vulnerability that was affecting their tokens, without first instructing users to safeguard their tokens. Attackers quickly followed the instruction manual provided to them by Multichain, making off with around $3 million in assets.
NFTPerp blows up
So anyway, that's exactly what happened. NFTPerp announced that they would be sunsetting their popular beta project after accruing bad debt.
How they're going about it has been controversial among the successful traders on the platform: essentially, those who were in profit will lose their unrealized gains, while those who had lost money in their trades will have their losses waived. "Nftperp stealing profits from winner [unrealized profit and loss] to backstop losers UPNL is insane to me", wrote one commenter. Another wrote, "If anyone else is considering NFT perps, please have the 'what happens when the illiquid market goes to zero overnight' plans clearly in place from the beginning."
Not to be deterred, the team is already preparing to launch a "v2". May it go as well as their first attempt.
Trader loses $213,000 to phishing scam, blames Twitter
burnttoast
, but the handle was actually burntteoast
. LoveMake connected their primary wallet, which was immediately drained of 61.5 ETH (~$120,000) and $93,400 in the Tether stablecoin.LoveMake wrote on Twitter that "I am dyslexic and didn't notice that the Burnt Toast acc was scam. It was very similar to the original & Verified." They appeared to blame Twitter's new verification process, writing, "@Twittersupport can you explain the meaning of the word 'verified'? we're waiting for days every time we change pfp or display name and then I got scammed by verified account with exact the same name and pfp as Doodles founder in million views thread?"
Several days later, they posted a thread again criticizing the prevalence of crypto scammers on Twitter. "I put millions $ into web3 projects, with over 90k$ into Twitter ads. I was rugged many times and finally robbed but not broken. Thanks to twitter the most profitable web3 activity now is a scam. Shouldn't Twitter pay more attention to its own security?"
Angry over the Azuki Elementals fiasco, Azuki holders form a DAO and immediately get exploited
However, shortly after the DAO was created, the governance token was exploited. Attackers were able to take advantage of a flaw in the smart contract, with two exploiters stealing around 35 ETH (~$69,000). The DAO paused the contract to prevent further thefts.
File this one under "adding insult to injury".
Encryption AI rug pulls for $2 million, developer allegedly blames gambling addiction
The developer reportedly posted a message to Telegram, apologizing for taking the funds. "I must confess that I have fallen into a severe addiction to online gambling and casinos," the developer reportedly wrote. "Despite being only 22 years old, I have struggled to overcome this addiction, and unfortunately, I have lost nearly $300,000 over the past few months, including after the launch of [Encryption AI]."
They added, "Although I cannot guarantee when or if I will be able to make amends and relaunch [Encryption AI], I promise that I will make every effort to become a better person." Oh, well, in that case.
Poly Network exploited again
Now, it's happened again, and some reports are throwing around even more massive numbers like $42 billion. In reality, the exploiters were able to mint massive quantities of tokens on multiple networks, with their wallet balances showing numbers in the billions. However, complete lack of liquidity for these tokens meant their "billions" are worth substantially less.
According to crypto research firm Beosin, the attackers have so far cashed out around 5,196 ETH (~$10.1 million) in liquid assets. Poly Network suspended services shortly after the attack.
Kraken ordered to turn over user information to U.S. tax investigators
Although Kraken argued against the order, describing it as an "unjustified treasure hunt", the judge determined that the IRS was justified in its request, and ordered Kraken to cough up the records. The IRS alleged that although the exchange has more than 4 million users, and has processed $140 billion in trades since its inception in 2011, only 288,330 of those users have filed tax returns.