Bittrex settles with SEC for $24 million

The Bittrex crypto exchange was charged in April by the SEC for operating an unregistered exchange, broker, and clearing agency. In May, Bittrex filed for bankruptcy. Now, Bittrex has agreed to a $24 million fine to settle the charges from the SEC. If approved, Bittrex will have sixty days after filing a liquidation plan to pay the amount to the SEC — $18.4 million of which is disgorgement, plus a $5.6 million fine.

SpiritSwap to shut down after Multichain collapse

SpiritSwap announced on its Discord that the project will be shutting down on September 1 unless they can find a new team to take over the project by that time. SpiritSwap lost their entire project treasury in the collapse of Multichain, and announced that they have "run out of funds to cover the necessary operational costs." The project plans to remain operational until September 1 to remove their liquidity.

SpiritSwap was previously one of the most popular DEXes on Fantom, boasting an all-time-high of $374 million in January. It now has less than $3 million TVL, thanks in part to the Multichain collapse and to the broader cryptocurrency bear market.

SpiritSwap is only the most recent project to announce its closure as a result of the Multichain fiasco. In July, Geist Finance and Hector Network also announced they would be shutting down due to Multichain contagion.

Multiple wallets compromised due to irresponsible encryption in Libbitcoin project

A team of researchers led by the Distrust security research firm have disclosed a vulnerability they've called "Milksad". The popular Libbitcoin project was used by multiple cryptocurrency wallets to generate private keys, but it turns out it was irresponsibly implemented, producing flawed output. The team used a pseudo-random number generator seeded with only 32 bits of system time to produce private keys, meaning that private keys could be brute-forced in "a few days of computation on the average gaming PC, at most".

Nevertheless, when Distrust disclosed this to Libbitcoin, the team replied first that they were too busy, then twice that "they do not feel this is a bug".

The research team has not yet disclosed which wallets were affected by the vulnerability, but they have estimated that around $900,000 were stolen as a result.

Hundred Finance shuts down after hacks

Hundred Finance is a lending protocol that was exploited in April 2023 for around $7 million, and in March for over $6 million. Since then, they've worked with law enforcement and security contractors to recover the funds, but "imminent return of the stolen assets does not appear to be forthcoming."

The project undertook a vote to shut down the lending service, and use remaining funds in the project treasury to try to compensate those who lost funds in the attack. The project also aims to distribute to victims of the hack claims on any funds that might be returned or otherwise recovered in the future.

The vote passed with 99% of votes in support, effectively sunsetting the project.

Disney exits the metaverse

Disney has shut off the last light in its metaverse division, parting ways with "metaverse chief" Michael White. In February 2022, Disney's then-CEO described the metaverse as "the next great storytelling frontier". That sentiment appears to have been short-lived, because in March 2023, Disney cut its 50-person metaverse team, leaving only White.

Scammers target victims via web3 job search boards

Job listing website called cryptojobs.com, with a highlighted "Premium Job" reading "Beta Testers Needed for... Eco Land"Scam job listing (attribution)
Scammers are constantly coming up with creative new ways to pull off their scams, and the latest seems to be targeting web3-interested individuals via dedicated web3 jobs portals. One Twitter user described an experience in which he applied for a beta testing job for a play-to-earn crypto game, only to have his wallet drained when he downloaded what was supposed to be the game file, but was actually malware. He lost 875 ARB ($1,032), 60 OP ($140), and various other tokens.

"Jobless and a bit poorer, thanks guys!" he wrote. "You're passionate about its technology, you wanna be part of it. You DCA. You hodl. You do everything you can to do things right... you're passionate, love the space, the tech. The people. Your willingness to get a job in Web3 is enormous! I stand for on-chain values, and I wanna be a part of the wave!" he wrote in frustration, trying to explain how he'd gotten scammed. "The apparent legitimacy of these [web3 job listing] sites made me remove the 'watch out filter', and boom."

Bitsonic CEO arrested for allegedly stealing $7.5 million

Jinwook Shin, CEO of the Bitsonic crypto exchange, was arrested in South Korea for allegedly stealing funds from users of his exchange. According to the prosecutors, he allegedly manipulated prices and trading volumes on the exchange in order to profit around ₩10 billion (~$7.5 million) the beginning of 2019 and mid-2021.

Bitsonic halted its services in August 2021, claiming "internal and external issues". However, even after halting withdrawals, Shin continued to offer cryptocurrency to new clients.

Cypher protocol exploited for around $1 million

An NFT message, contained in an orange frame with "New Message" at the top. Text: "give it back you shitlord"NFT message to the attacker (attribution)
The Solana-based Cypher protocol, a decentralized futures exchange, froze its smart contract after an attacker stole a little more than $1 million in Solana tokens and the USDC stablecoin.

The project attempted to contact the hacker to negotiate the return of some of the funds. Meanwhile, various community members sent NFTs to the attacker wallet, requesting the return of the funds. One of them tried to convince the hacker, writing that they believed the attacker's identity could be discovered because they used centralized exchanges with KYC to try to withdraw funds. Another simply said "give it back you shitlord".

Steadefi exploited for over $1 million

"NOTICE: Steadefi has been exploited and all funds are currently at risk," wrote Steadefi on Twitter after an attacker was able to change the contract owner to their own address — likely indicating a private key leak. So far, 624 ETH (~$1.14 million) have been siphoned from the project.

Rumors swirl that Huobi executives have been arrested, exchange is insolvent

Hong Kong crypto news outlet Techub cited two insiders when reporting on August 5 that "at least three executives" at Huobi had been detained by Chinese police for investigation. The report sparked panic, and the exchange has seen net outflows of more than $73 million in the past week. Huobi's stablecoin balances are down 33% over the same period. Investor and crypto analyst Adam Cochran tweeted of "likely Huobi insolvency", citing Binance's bulk Tether sales, paused "audit" reports, and "weird balance shifts" at the exchange.

Huobi and related people have been busy refuting the rumors, with Huobi's social media head dismissing them as "baseless malicious attacks". Huobi "advisor" Justin Sun tweeted "4".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.