Bitrue didn't release details on how the attack had been achieved, but explained that one of their hot wallets had been impacted. They announced that they would be pausing withdrawals for several days as they investigated the incident, and that they would be compensating affected users.
Bitrue crypto exchange hacked for $23 million
The Singapore-based Bitrue crypto exchange suffered a hack on April 14 in which attackers siphoned tokens including Ethereum, Shiba Inu, and MATIC (the token for the Polygon network). Altogether the stolen funds were estimated at around $23 million.
- Post by Bitrue
NFT collector Franklin claims to have been scammed for 2,000 ETH ($4.2 million)
Franklin, aka franklinisbored, has come to be known as one of the most prolific collectors of Bored Apes. At times, he's held more than fifty of the NFTs, and he can often be spotted snapping up cheap apes. However, on April 13 he sold quite a few of his collection.
Franklin disclosed on Twitter that "Due to an unfortunate IRL issue, I have had to sell off a lot of BAYC apes to pay off BendDAO loans while the liquidity was available". He had recently sold 27 of the Bored Apes. He later wrote, "I got rug pulled on an investment I put almost 2000 ETH into, thinking it was credible due to who else invested (not naming anyone for privacy reasons). Someone used our $$ as a casino gambling Ponzi and flushed it down the drain. Please learn any lessons possible from this." 2,000 ETH is worth around $4.23 million at today's ETH prices.
People immediately began to speculate about what project he could be referring to. Some wondered if perhaps he was trying to cover up losses on the Rollbit crypto casino, which he was known to use, and where he could be observed on-chain depositing more than 6,000 ETH (~$12.7 million) since the beginning of the year alone. Later in the day, he wrote another tweet: "For partial transparency: My personal PnL [profit and loss] of my Rollbit gambles is about -650 ETH total. So yes I lost a lot of money myself on Rollbit, but that didn’t require me to sell off today." At today's prices, 650 ETH is around $1.375 million.
Franklinisbored expressed that he would be taking a break from NFT trading and social media following the incident: "I won't get involved in NFT trading/twitter for a while, and will just focus on my private life for the time being with my remaining apes."
Yearn Finance exploited for more than $11 million
A bug in a token issued by the Yearn Finance defi protocol resulted in a loss that has been estimated at around $11.6 million. An attacker was able to use a 10,000 USDT deposit to mint more than 1.2 quadrillion yUSDT, a wrapped version of the Tether (USDT) stablecoin. Losses were limited somewhat by the fact that only older versions of the Yearn protocol were vulnerable to the bug, and the version had been "frozen" since December 2022.
The attacker began swapping tokens out for other stablecoins shortly after the exploit, moving them into lending projects like Aave and laundering them through the Tornado Cash cryptocurrency mixer. There were early concerns that Aave itself was impacted by an exploit, but it was later clarified that Aave had simply been used to swap tokens involved in the Yearn exploit, and did not appear to itself be vulnerable.
This is not the first exploit involving Yearn Finance, which was hacked for $11 million in 2021, and which lost around $1.4 million in connection to the massive Euler Finance attack in March 2023.
Nicole Behnam pumps and dumps: "There were mistakes made in a wallet that I controlled"
New passive voice Hall of Fame contender just dropped: "There were mistakes made in a wallet that I controlled." You would think someone who got their start as a writer might know better.
Writer, journalist, and now web3 influencer Nicole Behnam helped pump Dogecoin founder Billy Marcus' new free-to-mint "Blocky Doge 3" NFT project, writing on Twitter, "No roadmap or utility? I'm in 👀" and talking it up on large Twitter spaces. A wallet belonging to her then received 250 NFTs from Marcus early on, then dumped around 220 of the NFTs on the market all at once, tanking the secondary market price while earning her around 20 ETH (~$38,000). At the moment, the NFTs are selling for an average of 0.031 ETH apiece (~$59).
After being found out, she wrote on Twitter that "There were mistakes made in a wallet that I controlled," but claimed that she had tried to make it up by returning the profits and buying up low-priced NFTs. "How the last 24 hours went down was not cool and I’m doing my best to rectify the situation," she wrote. "Listening, learning, moving forward." Shortly afterwards, she was removed from a "NFT100" list that had published only days prior by NFT Now, for what they described as violations of their ethics policy.
Ren Protocol transfers all assets to FTX bankruptcy team
In February 2021, the Ren project announced that it had been acquired by Alameda Research so that Alameda could "[help] accelerate the decentralisation" of the project.
Now, the Ren team has announced that they have transferred all assets on the Ren Protocol "to the FTX Debtors' cold storage wallets for safeguarding".
The announcement mentioned "possible shutdowns of infrastructure and systems," possibly referring to Ren's plans — announced shortly after the FTX collapse — to "move on from Alameda" by launching "Ren 2.0" and sunsetting the 1.0 version. However, there has been little public evidence that Ren 2.0 has been progressing.
Goblintown NFT images all changed to an illustrated middle finger in protest about royalties
There has been an ongoing controversy in the NFT world over creator royalties. Although NFTs are often talked up as being good for artists because they enable royalties to be paid even after the initial sale, these payments are rarely enforced by the smart contract and are instead up to marketplaces to enforce. In the last six months or so, NFT marketplaces have emerged that follow a "royalty optional" model, sparking a race to the bottom where OpenSea and other incumbents have also cut royalty protections to remain competitive.
Although NFTs are often thought to be immutable, permanent links to their associated artwork, that's often not the case in practice. Many NFTs store metadata off-chain, or otherwise enable after-the-fact changes.
Goblintown is a collection of NFTs that launched in May 2022, quickly going viral and sparking a phenomenon of Twitter spaces where members spent hours making goblin noises into their microphones. Originally free to mint, the NFTs began selling for thousands of dollars on the secondary market. Now they trade for around 0.38 ETH (~$800) apiece.
In an apparent protest against the willingness of traders and marketplaces to stop honoring royalties, Truth Labs (the group behind Goblintown) changed the artwork for Goblintown and all of their NFT collections to an illustration of a dancing middle finger, with smaller middle fingers emerging from where its arms and genitals would be. The new image reads, "Fuck royalties. Fuck supporting building and creatives. Flipping is the heart of what makes Web3 special. Honor the flipper, fuck the community. Long live the slow rug." At the bottom, the image states: "Goblintown, Illuminati, The187, and Grumpls will be migrating to new contracts before Monday the 17th of April. All holders will be airdropped identical replacement NFTs." The new NFTs will enforce royalties on-chain, preventing marketplaces from allowing users to circumvent them.
Some embraced the new NFTs, while others accused Truth Labs of "rugging". Some people were horrified by the fact that NFTs that they owned could be changed after the fact without their consent, a fact they were not previously aware of. One owner wrote, "So your telling me I spent $1,000s of dollars and have 10 goblintowns for them all to now be dudes shaking their weiners?"
Niantic shutters its web3 project after less than six months
Niantic, the creator of the popular Ingress and Pokémon Go augmented reality games, announced it will be shutting down its "Trading Post" product for NFT trading cards that it had launched only months before. "Trading Post was an experimentation effort to explore the world of digital collectibles, and while we believe that web3 has the potential to create meaningful experiences in the future, we plan to shift focus to other priorities," they wrote. Owners of the NFTs were told they have sixty days to "download" their cards, and that trading would be disabled in 30 days.
The announcement seemed to come as a relief to many in the Ingress community, with commenters remarking on the "scammy" nature of NFTs. Some wrote that they liked the idea, but that the web3 factor felt like it was "shoehorned" in. "I'll miss the Trading Post, please never bring NFTs or in fact any blockchain into future projects, or if you do at the very very least make it actually matter to the thing it's being put into, but still preferably just don't," said one.
- Trading Post shutdown announcement on Ingress discussion forums
GDAC exchange hacked for assets notionally worth more than $14 million
Hackers made off with 61 BTC, 350.5 ETH, 10 million WEMIX, and 220,000 USDT from a hot wallet belonging to the South Korean cryptocurrency exchange GDAC. Altogether, the assets are notionally worth around $13 million. The stolen assets represented 23% of funds custodied on the GDAC exchange.
GDAC halted deposits and withdrawals shortly after the attack, and stated that they had reported the exploit to South Korean law enforcement to investigate.
Terraport Finance hacked for $2 million less than two weeks after launch
Terraport Finance is a defi project built on, believe it or not, the Terra blockchain. Yes, the same Terra blockchain on which the Terra/Luna projects were built. Despite the massive collapse of the flagship project in May 2022, there are still a number of Terra projects operating, and even some new projects being developed.
Terraport Finance launched on March 31, apparently having gone live without any sort of audit. On April 10, Terraport disclosed that an attacker had apparently managed to drain all project liquidity pools, making off with assets priced at around $2 million.
Trader loses 14,377 $APE (~$61,000) when they sell their Bored Ape
The former owner of Bored Ape #7810 presumably intended to agree to sell the ape to another buyer for 70 ETH (~$130,900). However, it's unlikely they intended for that buyer to also be able to access the staked $APE they had accrued. With this particular staking mechanism, the Bored Ape effectively serves as the "key" to the staked ApeCoin, and so it transferred to the NFT's new owner right along with the NFT.