BigWhale loses $1.5 million in private key leak

The defi staking and lending project BigWhale announced that the private key to one of their crypto wallets had been leaked, and 7,200 BNB (~$1.5 million) had been stolen.

In a long post on Twitter, the project promised "we will refund all investor funds down to the last cent". They also wrote that "Not only are we going to use the fullest extent of the law to go after the person or persons behind this hack / attack, we will also use ALL OTHER MEANS NECESSARY - and we do have such resources at our disposal, to go after the ones who are behind this. (We work with assets within the Russian government directly...)"

In a later post on their website, however, they wrote that they do "not bear legal liability to refund investors for the losses incurred unless the hacked funds are successfully recovered", attributing the incident to force majeure. They repeatedly claimed that they had not been involved in the theft. The project completely took down its website, redirecting it to this post.

Crypto.com fined $3.1 million in the Netherlands for operating without registration

Crypto.com spent around two years operating in the Netherlands without bothering to register as required by the Dutch central bank — or pay the supervisory fees they were supposed to be paying. On October 2, 2023, the central bank imposed a €2.85 million (US$3.12 million) fine on the company for the period of unlicensed registration. The company had registered with the regulator in July of that year.

The fine was announced in March 2024, and Crypto.com said it had appealed the penalty.

Crypto.com was hardly the first exchange to fall afoul of the regulator: Binance was fined $3.35 million in July 2022 for the same, and Coinbase was hit with a $3.6 million for the same in January 2023. Binance later shut down their Dutch operations after failing to obtain a license.

Former FTX auditor Prager Metis sued by SEC for hundreds of alleged violations

Prager Metis' headquarters in Decentraland, a blocky, slightly futuristic, grey and orange building with the Prager Metis logoPrager Metis' headquarters in Decentraland (attribution)
The U.S. Securities and Exchange Commission filed a lawsuit against auditor Prager Metis, who they allege violated auditor independence rules and aided and abetted their clients' violations of federal securities laws. According to the SEC, Prager Metis included indemnification provisions in more than 200 audits, reviews, and exams, which renders the firm no longer independent in its investigations of those clients.

Prager Metis is among the auditors who audited FTX, and was noted by FTX's CEO-in-bankruptcy John J. Ray III for advertising itself as "the first CPA firm to officially open its headquarters inside the metaverse".

None of the clients involved with the faulty audits were disclosed in the lawsuit, and the SEC has not issued any statements connecting the charges to the FTX collapse.

Three Arrows Capital co-founder Su Zhu jailed for four months

Co-founder of the collapsed Three Arrows Capital hedge fund, Su Zhu, was arrested in Singapore while allegedly trying to leave the country. He and his cofounder Kyle Davies have been uncooperative with investigations into the June 2022 implosion of the fund, and were both sentenced to four months imprisonment as a result. Davies has not been arrested because his whereabouts are currently unknown.

Three Arrows Capital fell apart in June 2022, and was among one of the first major collapses that set off a domino effect of crypto company failures throughout that summer and the rest of the year.

Chase UK to block payments for crypto

Chase Bank’s UK branch has decided it will completely block debit card purchases and bank transfers that it identifies as being "related to crypto assets", a move they say is motivated by an increase in crypto scams targeting UK customers. Chase customers who want to buy crypto will have to use some other bank, Chase has said.

The change is scheduled to go into effect on October 16.

JPEX appears to be a $191 million fraud

After the Hong Kong-based JPEX exchange limited withdrawals amidst what appeared to be an impending collapse of the platform, things are now looking a lot more like fraud.

Police have received more than 2,200 complaints pertaining to the exchange, involving $191 million (and counting) in possible losses. Eleven people, including various crypto influencers who had promoted the exchange, were taken in for questioning. However, police have said those eleven people were not likely central to the fraud, and that the leaders of the JPEX project are on the run.

According to the South China Morning Post, "The alleged case of financial fraud involving HK$1.37 billion is the largest of its kind in Hong Kong's history."

Upbit briefly suspends Aptos transactions after people were able to deposit counterfeit tokens

Upbit, a major South Korean cryptocurrency exchange, suddenly suspended deposits and withdrawals of the Aptos $APT token after some users were able to deposit and withdraw fake versions of the token that were intended to spoof the original. Because of a bug in how Upbit verified tokens, transfers of the spoofed token were identified as transfers of the native Aptos token, which could have caused a massive loss if users began redeeming the fake Aptos tokens as though they were real.

However, a bug on the part of the counterfeiter prevented massive losses. The spoofer used only six decimal places instead of eight, meaning that those who tried to redeem the fake tokens only received $250 instead of $25,000.

Upbit later re-enabled Aptos transactions after patching the bug.

Huobi exchange hacked for $8 million

Justin Sun confirmed on September 25 that his crypto exchange Huobi (recently rebranded to "HTX") had been hacked for 5,000 ETH ($8 million) the prior day. He reassured customers that the exchange would be covering the shortfall, and that "all user assets are #SAFU".

Sun offered a bounty to the hacker to return 95% of the funds, also promising to hire them as a "security white hat advisor" for the exchange. Otherwise, he threatened to go to law enforcement.

Two weeks later, the thief returned the funds, with a note that their hot wallet key had leaked. Huobi paid the $410,000 bounty.

Mixin Network discloses $200 million hack

The operators of the Mixin Network disclosed that hackers had stolen around $200 million in funds in the largest known hack of the year (to date). Mixin Network is a cross-chain project that boasts zero transaction fees.

In their announcement, Mixin wrote that "the database of Mixin Network's cloud service provider was attacked by hackers", leading to some confusion as Mixin is supposed to be a decentralized network that ostensibly shouldn't have a centralized cloud database.

Mixin announced they would be suspending deposits and withdrawals pending analysis of the incident. They also told users that they would be compensated "up to a maximum of 50%" on assets that had been stolen from them, and receive "tokenized liability claims" (that is, IOUs) for the rest.

Wallet phished for $4.46 million in fake mining scam

Someone lost over $4.4 million of the Tether stablecoin after falling victim to a phishing scam that promised them fake mining rewards. A phisher lured in the victim, likely earning their trust and then promising high returns thanks to a "mining" operation. Typically, these projects fool their victims by showing them a growing balance on the platform's software, even as the phishers drain their wallets.

These types of scams draw in tens of millions of dollars each month, and one researcher has estimated around $350 million in Tether have been stolen in these types of scams since September 2021.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.