Attackers steal around $265,000 of user funds from KyberSwap exchange

An attacker was able to insert malicious code into the frontend of the decentralized exchange KyberSwap and steal $265,000 of user funds. The project used Google Tag Manager to allow code to be injected into the project frontend (often for analytics, ads, or marketing purposes), which was used by the attacker to insert malicious code into the project UI that specifically targeted whale accounts — that is, those with large balances.

Kyber identified and remedied the issue after two hours of investigating it, and only two wallets were affected. Kyber promised to compensate the users who lost funds, and also tried to tempt the hacker into returning funds by allowing them to keep 15% of the stolen money as a "bounty" (~$40,000).

Snapchat abandons its web3 plans

Snap Program Manager Jake Sheinman tweeted that "As a result of the company restructure, decisions were made to sunset our web3 team. The same team that I co-founded last year with other pirates who believed in digital ownership and the role that AR can play to support that." Snap, the company behind Snapchat, had been working on a feature that would enable users to import their NFTs and use them as augmented reality filters.

This news came amidst the announcement that Snap would be laying off 20% of its staff, a whopping 1,300 people.

Unable to recover from the April Rari exploit, Babylon Finance shuts down

In April, an attacker exploited vulnerabilities in the defi lending project Rari Capital to steal $80 million. The asset management project Babylon Finance was a major lending pool on Rari, and lost $3.4 million in the hack. After the incident, users withdrew more than 3/4 of the assets on the project.

Since April, Babylon tried to recover from the hack. However, they described it as "the domino that kickstarted a series of unfortunate events". Rari canceled their planned reimbursement, users withdrew their funds from Babylon Finance, the Fuse pool on Rari was abandoned, and the token price decreased from around $20 to around $5.

On August 31, Babylon Finance's founder Ramon Recuero published a blog post announcing that Babylon would be shutting down. They promised to distribute the remaining project treasury among holders. Users were told to withdraw their funds by November 15.

Lawyer Kyle Roche withdraws from several crypto class-action lawsuits after allegations that he was involved in "gangster-style" schemes to hurt competitor projects

Kyle Roche sitting in a dim restaurant setting, speaking and gesturing. A caption on the video reads "I'm just a crazy motherfucker".Roche in one of the secretly recorded videos (attribution)
Kyle Roche, a founding partner and namesake of the Roche Freedman law firm, has withdrawn from class-action lawsuits filed by the company against projects including Tether and Bitfinex, the Tron Foundation, and BitMEX. This change came less than a week after a whistleblower website alleged he had been paid to attack competitors of the Avalanche blockchain with lawsuits intended to harm them and reveal corporate secrets.

Although Roche has denied the claims by the site, and stated that someone deliberately got him drunk and then took clips of videos out of context, it probably doesn't look so good for a lawyer to be referring to jurors as "10 idiots", or plaintiffs in class-action lawsuits as "100,000 idiots".

Helium ditches its blockchain

Helium is a network of wireless hotspots that decided to bolt on a cryptocurrency layer a few years after it was created. Through this, they hoped to convince people to spend hundreds of dollars on Helium hotspots, which earn an average of 0.07 HNT ($0.37) a day (2.1 HNT/$11.24 a month) for supplying connectivity to internet of things devices.

Now, Helium is ditching its custom Helium chain in favor of a Solana-based token, and scrapping the blockchain entirely for the portions of its service that actually used the blockchain for anything beyond handling rewards.

Helium seems to have realized, finally, that blockchains tend to be slow as hell. In a blog post about the change, they wrote that "specific transactions, including Proof-of-Coverage and Data Transfer Accounting, are processed on-chain unnecessarily. This data bottleneck can cause efficiency issues such as device join delays and problems with data packet communications, which bloats the Network and causes slow processing times." They outline their plans to move these portions of the project to a "more traditional large data pipeline" — that is, infrastructure that's actually well-suited to that kind of processing.

DC Attorney General sues Michael Saylor and MicroStrategy for tax evasion

Michael Saylor sitting in front of a large model shipMichael Saylor (attribution)
DC-based Bitcoin evangelist and former CEO (now chairman) of MicroStrategy has been accused by the DC Attorney General of avoiding years of taxes by pretending to live in Florida, a state without personal income tax. The AG says he evaded more than $25 million in DC taxes this way, with the help of MicroStrategy (which is also named in the suit for helping to enable the tax evasion).

DC permits the court to impose "treble damages" on Saylor if he is determined to have evaded the taxes he owes, which could end up costing him and MicroStrategy more than $100 million in taxes and penalties.

Compound Finance breaks their cETH market for a week

Compound Finance released an update to change the price feed used by the Compound v2 protocol. Despite being audited by three firms, no one caught a bug that caused all transactions for ETH borrowers and lenders to revert, effectively freezing the entire cETH market on the protocol. Because code changes require a seven-day-long vote, the change can't be reverted until a new proposal passes. In the meantime, users with positions they can't access will need to add collateral or repay loans carefully in order to avoid being liquidated if the price of ETH drops by the time the market is operational again.

Thodex CEO arrested over a year after fleeing Turkey in the wake of the exchange's collapse

Faruk Fatih Özer, the CEO of the Thodex cryptocurrency exchange, swore that when they halted trading and shut off customers' access to accounts in April 2021, it was just to investigate suspicious activity. Then he disappeared, leaving behind a collapsed exchange and total losses estimated to be anywhere from $24 million and $2.5 billion in assets (depending who you ask). He left a statement in which he claimed that he was only on the lam in order to "work and repay my debts" to customers, after which he would turn himself in to Turkish authorities.

His plan to somehow work off anywhere from $24 million to $2.5 billion in debts was stymied when he was apprehended by Albanian authorities. He faces extradition to Turkey, where a prosecutor has asked for sentences of 40,564 years for him and other executives (just in case, I guess).

Thai SEC punishes Bitkub CTO for trading Bitkub Coin on insider information

The Securities and Exchange Commission in Thailand took action against Samret Wajanasathian, the chief technology officer of the Thai crypto exchange Bitkub. The SEC fined him 8.5 million baht (~$234,000), and said they would bar him from serving as a director or executive at any crypto firms for a year.

The SEC reported that Wajanasathian had purchased around $61,000 of Bitkub Coin ($KUB) just before it was publicized that the Siam Commercial Bank would purchase a 51% stake in Bitkub. After the announcement, the value of KUB rose 100%.

Earlier that week, the SCM had announced they would not be following through on purchasing the planned $500 million stake in Bitkub, due to concerns over "various issues" that were raised by the Thai SEC.

Crypto.com wants back the $7.2 million they accidentally sent a customer last year

Crypto.com somehow managed to not only send a woman AUD$10.5 million (US$7.2 million) in May 2021, but not notice it for months afterwards. The woman had requested a $100 refund, but someone accidentally entered an account number into the refund amount section and granted this woman a sudden windfall.

Rather than contacting Crypto.com about the error, she put the money into a joint account shared with her sister, and purchased her sister a five-bedroom home with nearly US$1 million of the funds.

Crypto.com only discovered the error in a December 2021 audit, and sued the woman for the erroneously-sent funds. She's just been ordered by the Victoria Supreme Court to sell the home and return the remaining money.

Unlike with many crypto transactions, erroneous transactions on centralized exchanges can typically be reversed by the exchange. However, Crypto.com would have had to notice the error much sooner, before the recipient transferred the funds elsewhere.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.