Binance gave Putin regime information on users who donated to opposition leader Alexei Navalny

Alexei Navalny, pictured from the shoulders up, wearing a navy scarf and coatAlexei Navalny (attribution)
Binance, the largest cryptocurrency exchange, shared customer data with the Russian government according to a Reuters special report. Reuters detailed how Binance provided the Russian government's financial monitoring service with data on Binance users who donated to Alexei Navalny, an anti-corruption activist and prominent opponent of Putin. Reuters reported this was part of a broader effort by Binance to form allegiances with Russian governmental agencies as it worked to expand its footprint in Russia.

Navalny has been imprisoned in Russia since returning in January 2021, shortly after recovering from poisoning: an attempt on his life reportedly ordered by Putin. While in prison, Navalny's foundation has encouraged people to donate cryptocurrency using Binance. They have raised more than 670 Bitcoin ($28 million) so far, despite the Russian government outlawing the foundation and labeling it a terrorist organization. Donors to Navalny's cause now face potentially serious danger as they've been identified to the Putin regime by Binance.

Crypto proponents have long promoted the technology's potential to fund individuals who are targeted by oppressive regimes, and to allow anonymous and untraceable donations.

AkuDreams NFT project earns $34 million that its team will never be able to withdraw

A 3D rendering of a person with an astronaut helmet that has planets orbiting it, wearing a white suit with a heart on the front and a red cape, holding up a small globe in their handAkuDreams NFT (attribution)
Micah Johnson, an artist and former professional baseball player, launched an astronaut-themed NFT project called AkuDreams. The auction was based around a Dutch auction, with the added twist that the lowest bid would set the final price for the NFT and all who bidded higher would be refunded.

The contract suffered from several flaws, however. The first allowed an exploiter to stop all refunds and withdrawals from the contract. Luckily for the team, the exploiter was well-intentioned and only intended to highlight the issue; they removed the block shortly after, leaving a message urging the team to have their contracts audited before release.

AkuDreams were not so lucky with the second issue. A bug in the code failed to account for users minting multiple NFTs in a single transaction, which made it so that the claimProjectFunds function that would allow the team to withdraw their earnings can never successfully execute. This means that the team can never withdraw the 11,539 ETH ($34 million) earned from the NFT sales—it is stuck there forever.

Hacker pulls $1 million from defi project, then destroys contract without withdrawing the funds

An attacker targeted the ZEED defi projects, successfully using a flash loan attack to pull just over $1 million from the project. With the funds transferred to the attack contract, the hacker then called the contract's self-destruct function, making it impossible for the funds to ever be withdrawn. It's unclear if this was intentional and done as a sort of statement, or if the attacker intended to take the profit for themselves but forgot to do so before destroying the contract.

Scammers phish $4.3 million from Terra users in ten days using Google Ads

A screenshot of Google results for the search "astorport" showing an advertisement resembling the proper Google result, with an arrow reading "SCAM"Phishing results in Google ads (attribution)
Scammers ran Google ads for popular search queries relating to the Terra ecosystem. When users searched for things like "Anchor protocol" or "Astroport", the first result was actually a Google ad purchased by scammers impersonating the real protocols. The scammers were even able to make the domains resemble the correct domains, though these changed once the users clicked the advertisement. Users were then prompted to enter their seed phrases to connect their wallets, after which point the scammers were able to empty the wallets.

52 different people fell for the scam, losing a total of around $4.3 million in assets. The scammers appeared to be targeting high-value wallets, with only two accounts transferring less than $1,000. 24 individual wallets were scammed for more than $10,000 each, 7 wallets lost more than $100,000, and one user lost almost $1.4 million.

Rogue Society team resurfaces after being called out for rug pulling $5.5 million

A blue robot with an open mouth and shoulder-length blonde hair with a pink bow, on a pink backgroundRogue Society Bot #5639 (attribution)
The Rogue Society NFT project launched in September, with an ambitious roadmap that included a theme song, comic book series, 3D figurines, an augmented reality app, and an animated series. The project sold out its 15,777 NFTs, which minted at 0.09 ETH each ($355), for a total profit of around $5.5 million. The team stuck around for a while, but by December had gone completely silent. No tasks on the roadmap had been completed. The founder has withdrawn $3.4 million of the funds.

Following a thread by zachxbt outlining the team's rug pull, the project founder made the first post in the project Discord since December, announcing a theme song competition with no acknowledgement of the team's absence and lack of progress.

This event once again shows how it is people like zachxbt who are left to try to hold project creators accountable in the absence of reasonable regulation or enforcement.

Binance adds a branded hashtag to Twitter that closely resembles a swastika

Screenshot of the "#Binance" hashtag, showing an emoji next to it consisting of the diamond-shaped Binance logo on a yellow square, with four lines emerging from the sides in a way that resemble a swastikaTwitter's Binance branded hashtag (attribution)
Binance, the world's largest crypto exchange, used Twitter's branded hashtag feature to add a custom emoji to Twitter when people use the hashtags #Binance or #BNB. The hashtag closely resembled the Hindu swastika, though it's not clear if this was an intentional choice by Binance or a coincidence. The Hindu swastika is distinguished by the four dots within the arms of the symbol, and represents good luck and prosperity. Though Binance may have hoped the dots would distinguish it from the symbol used by the Nazi party, perhaps they (somehow) didn't realize that this distinction is not well-known to many particularly in the West, or that the single-pixel-wide dots are not particularly prominent at emoji size. In Germany the symbol is banned except when used in explicitly religious contexts; several German users confirmed they could see the hashtag.

More than a few people expressed shock at seeing what they believed to be a hate symbol on their Twitter feeds from a large brand. The date of release only made things worse—April 20 is celebrated among fascists because it is Hitler's birthday. Tweets from Binance's official Twitter account and the Twitter account of founder and CEO Changpeng Zhao (known as "CZ") were quickly deleted, though the emojis remained. Several hours later, Binance changed the emoji to a globe with the Binance logo.

Twitter doesn't publicly list how much it costs to obtain a branded hashtag, though most articles I could find listed the price at around $1 million. I'm not sure if this is per hashtag or per emoji—the new emoji appears on several related hashtags.

Rich Bulls Club team resurfaces after being called out for rug pulling $3.7 million

An illustration of a brown bull, with a pile of poo on its head, on a toilet-paper-esque background. The text "BANNED!" is stamped above it."Banned" Rich Bull NFT (attribution)
Crypto sleuth zachxbt researched the Rich Bulls Club, an NFT project that launched in December with NFTs priced at 0.3 ETH (~$1,350) a pop. The project included a clause where "selling under our minimum selling price agreement is forbidden"—anyone who sold a Rich Bulls NFT for less than 3 ETH ($13,500) would find the NFT image modified to a bull with a poo emoji on its head, with the text "BANNED!" stamped across it in red. The project roadmap promised networking and business opportunities enabled by its community members, exclusive events, opportunities to win supercars or hundreds of thousands of dollars, and a "real-life Squid Game event" where one person would win $1 million. Needless to say, none of this transpired, and the project quietly deleted its website and Instagram accounts as the founder cashed out over $3 million.

Two hours after zachxbt published his research, the team made their first post in three months, with multiple excuses for the issues zachxbt highlighted.

NFT influencer 0x_fxnction suffers $240,000 wallet compromise

NFT influencer 0x_fxnction reported that his wallet had been compromised, and 2349 SOL (~$240,000) had been stolen. The money had primarily been profit from the DeGods project, he said, and was unwisely stored in one hot wallet because it was "meant to help buy a house and was being withdrawn in the next weeks".

He said he hadn't used the wallet to mint any NFTs since October, and said he had revoked all access to minting websites since then. He wrote that he was unsure how the compromise had happened: "My best guess: an old minting site from October still had access to my wallet, even after 'revoking' happened in Phantom.... But honestly, it's just a guess."

Developers drain over $1.1 million from $CHEDDA

The price of the $CHEDDA token suddenly plummeted 50% when a developer removed $1.17 million from the project. The withdrawal was accomplished with a function only available to privileged wallets—that is, those belonging to the project team or its developers.

Members of the Chedda team claimed on Discord that they were not behind it, and that it had been done by an outsourced development team who was working on the projects farming and staking. "They technically should've been within contract, but they robbed us," wrote Discord moderator Ali Michelle (referring to legal contracts rather than smart contracts). "They were in contract so it would be illegal and full on theft, i believe". Despite the devastating loss, Michelle urged remaining members of the community to "hodl and help us bring this back to life!"

The project had been audited by CertiK, who were quick to note that the contract containing the function used to drain funds was "not in CertiK’s audit scope".

Atari cuts ties with their "Atari Token" partner

A press release from Atari announced that the company would be cutting ties with ICICB Group. In addition to Atari granting ICICB hotel and casino licenses, the original deal had also resulted in the creation of the "Atari Chain" and "Atari Token" ($ATRI).

Atari Token was described as "decentralized cryptocurrency that was created to become the token of reference for the interactive entertainment industry". It launched in November 2020, tanking in price immediately on release. Despite a brief boom around March 2021, the token has mostly traded below its launch price.

In the press release, Atari wrote, "Atari disclaims any interest in the [...] Joint Venture, currently promoted as Atari Tokens, and related websites, whitepapers and social media channels are unlicensed, unsanctioned and are outside the control of Atari." They also wrote that they would be replacing existing $ATRI tokens with new tokens in the future. Atari wrote that the termination of the hotel and casino agreements resulted in an €11 million ($11.8 million) write-off, but that financial impact of the token changes wouldn't be disclosed until the FY22 report.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.