Balancer had around $850 million TVL prior to the announcement. Since revealing the issue, users have removed more than $150 million in assets from the project. Balancer has stated that "only 1.4% of the total TVL is at risk", though 1.4% of $850 million would still be a sizeable $12 million windfall for any potential exploiter.
Users pull $150 million in funds from Balancer protocol within hours after reports of a critical vulnerability
On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.
Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".
Titan advertised "annualized" performance results of up to 2,700% on its Titan Crypto trading strategy, which the SEC says was misleading because it failed to include material information about how the performance was calculated. Titan had based the calculation on three weeks of performance, assuming it would continue for a full year.
Titan has agreed to a cease-and-desist order, censure, and over a million in disgorgement and penalties.
According to data on DefiLlama, TVL on the project dropped from around $370,000 to only $81,000. The TVL was already significantly down from the project's peak of almost $1.5 million.
Lawrence is now suing Crypto.com, although this may be challenging given they apparently weren't behind the scam. Lawrence has also said that he has sold his house to pay for legal costs.
In December 2021, the company offered $300 "Recur Passes", which promised holders early access to NFT drops and other perks. One of them resold for $88,888 in February 2022.
Now, Recur has announced they will be closing up shop, and warned users to migrate their assets away from the platform in advance of a November shutdown. The company cited "unforeseen challenges and shifts in the business landscape".
As for the Recur Passes, they're currently selling for somewhere between $7 and $11.
Despite a tweet on August 19 that "sites are coming back online", and a developer stating that they were "mostly back in control", the website apparently remained compromised for several days. The project reiterated via tweet on August 20 that the website was still not safe to use.
It's unclear how much was stolen as a result of the hijacking.
An attacker has siphoned more than 7,160 ETH (~$12 million) from the project, which they've bridged back to the Ethereum main chain. The Exactly Protocol's TVL plunged from $37 million to under $12 million following the attack.
Exactly writes on their website that they had been audited by four different firms: Chainsafe, Coinspect, ABDK, and Cryptecon.
Now, the Federal Reserve Board has issued a cease and desist to Farmington State/Moonstone, claiming they have violated the commitments they made while going through the approval process. Despite promises not to do so, the bank engaged in digital asset activity, reportedly working with stablecoin issuers.
- "Crypto Firm FTX’s Ownership of a U.S. Bank Raises Questions", New York Times
- "Alameda-funded bank Farmington State gets cease and desist from Fed", Protos
- Cease and desist from the Board of Governors of the Federal Reserve System
The attackers also tried to steal around 80 BTC and 6,500 ETH (currently worth over $12.6 million) from a cold wallet belonging to Stephens, but were thwarted by an email alert sent to Blockchain Capital employee.