All 22,000 customers of BlueBenx suddenly found them unable to withdraw funds from the platform. The platform also reportedly laid off the majority of its employees.
Brazilian crypto lender BlueBenx halts customer withdrawals and lays off employees after $32 million "hack"
Acala paused the protocol shortly after the attack, and disabled the transfer functionality of the stolen aUSD and of Acala-based tokens the attacker had swapped for some of the aUSD. It's important to note that the attacker could not earn a profit anywhere near $1.2 billion USD from the erroneous creation of new, unbacked tokens — they likely made off with around $1.6 million. Acala subsequently burned most of the new tokens, which helped the aUSD token return to between $0.90 and $0.94 — much closer to its intended peg.
On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.
Gabagool had become a somewhat prominent part of the crypto community, providing insights into various crypto happenings as someone who was adept at tracing blockchain transactions. In June, he was featured in a Vice documentary titled, "Is Everything in Crypto a Scam?". He spoke about, among other things, his October 2021 discovery that the crypto-focused venture capital firm Divergence Ventures was Sybil attacking airdrops to claim millions in rewards. That particular incident ended with Divergence returning the money they had gained from the strategy, and Ribbon awarding 5% of that amount — equivalent to about $545,000 at the time — to Gabagool as a "bounty".
- Tweet by Velodrome, August 13
- Tweet by Gabagool admitting to the theft, August 13 (alternate link)
- Tweet by Velodrome about the initial theft, August 4
- Tweet by Gabagool about the initial theft, August 4
- "Is Everything in Crypto a Scam?", Gabagool
- "Airdrop Ethics: VC Firm Draws Ire Following $2.5M Ribbon Finance Exploit", CoinDesk
- RGP-6: Divergence Whistleblower Bounty, Ribbon governance forum
Armstrong has claimed that the video cost him more than $75,000 in damages, and has caused him emotional distress including anxiety and depression.
Oddly, in the lawsuit, he writes that he is "in the business of providing advice and commentary on cryptocurrency investments" — a strange thing to do for someone who, like most crypto influencers, constantly tries to claim that his videos are not financial advice.
Armstrong has promoted crypto projects including Celsius. He has also posted and then deleted videos on cryptocurrency projects that later failed, such as Ethereum Yield, Cypherium, and MYX Network. According to a recent CNBC story, he claimed he "could easily make more than $100,000 per month in promotions alone", though it was not clear to which time period he was referring.
Armstrong announced on August 24 that he planned to drop the lawsuit against Mengshoel, stating that "I didn't understand that my name is now so big that if I file a lawsuit it would be found and be made public" — a strange thing to be blindsided by given he sued a YouTuber with 1 million followers who predictably told his audience about the suit. "We are going to drop the lawsuit, 100%. I'm sorry it became public."
However, some have pointed out that issues with Coinbase's API leaked information about which coins were about to be listed, which could have enabled people to obtain the information allowing them to make such trades without an insider connection.
According to India's ED, 23 entities deposited Rs 370 crore (~$46.5 million) into FlipVolt, which the ED says were the proceeds of criminal activity. FlipVolt had "very lax KYC norms, no EDD [enhanced due diligence] mechanism, no check on the source of funds of the depositors, no mechanism of raising STRs [suspicious transaction reports], etc" and reportedly enabled the entities to launder the proceeds of crimes via the exchange.
The value of $MSI, Martin Shkreli Inu (really), plummeted 90% from $0.000014 to a mere $0.0000014 when a wallet owned by Shkreli suddenly dumped its tokens. The MSI token originally was a fan-made token, but Shkreli adopted it as the token "powering" Druglike (despite zero information as to how it's actually used to power the project). The MSI were swapped for 239 ETH (~$459,000).
Shkreli claimed via his Twitter persona "Enrique Hernandez" that "I got hacked last night." (Shkreli was banned from Twitter after being creepy to a journalist, and so now uses the thinnest of veiled identities to somehow evade Twitter suspension). Shkreli claimed that when he had tried to torrent a file called, no joke,
[BigTitsRoundAsses] 17.12.14 - Jazmyn [1080p], he ended up with a remote access trojan. However, crypto research project Rug Pull Finder tweeted, "Bruh - why is the attackers wallet funded by you then".
It's not immediately clear from the statement whether the activities that led to the arrest involved more than just contributing to the Tornado Cash codebase, but it would be very concerning if not. There are complexities around the sanctioning of Tornado Cash — a fairly decentralized software project — that raise concerns about the criminalization of code. For many, it brings to mind the "Crypto Wars" (where "crypto" is referring to cryptography rather than cryptocurrency).
This came as a shock to some crypto enthusiasts, who were taken aback that such a large number of blocks in a "decentralized" and "censorship-resistant" project would reject Tornado Cash transactions. Others worried that more miners would do the same, which could eventually prevent Tornado Cash transactions from being validated at all.