Brazilian crypto lender BlueBenx halts customer withdrawals and lays off employees after $32 million "hack"

The Brazilian crypto lending platform BlueBenx suddenly shut its doors after announcing they had suffered an "extremely aggressive" hack of 160 million BRL (US$32 million). However, they shared very little in the way of details, leading investors to question the veracity of their story.

All 22,000 customers of BlueBenx suddenly found them unable to withdraw funds from the platform. The platform also reportedly laid off the majority of its employees.

Misconfiguration in the Acala stablecoin project allows attacker to steal 1.2 billion aUSD

A misconfiguration in a newly-deployed liquidity pool allowed an attacker to mint 1.2 billion aUSD, a stablecoin built on the Polkadot network. The exploit caused aUSD to lose its USD peg, initially dropping as low as $0.60 and hovering around $0.90.

Acala paused the protocol shortly after the attack, and disabled the transfer functionality of the stolen aUSD and of Acala-based tokens the attacker had swapped for some of the aUSD. It's important to note that the attacker could not earn a profit anywhere near $1.2 billion USD from the erroneous creation of new, unbacked tokens—they likely made off with around $1.6 million. Acala subsequently burned most of the new tokens, which helped the aUSD token return to between $0.90 and $0.94—much closer to its intended peg.

Scammer trades fake ApeCoins for Bored Ape NFT

An ape with fur colored like television static wears a rainbow-colored hat with a propeller. Its eyes are closed, it's biting its lower lip, and it's wearing a black shirt with a skeleton printed on it.Bored Ape #8373 (attribution)
A scammer created a fake ApeCoin contract on the NFT Trader service, with tokens that appeared identical to the true ApeCoins but were actually worthless. After "chatt[ing] for a long time about location, jobs, the space", the owner of Bored Ape #8373 was convinced to trade it for 26,500 "ApeCoin", which would be valued at $163,770 if they were real. "I didn't bother double checking the contract as I figured [NFT Trader] only allows [OpenSea] verified collections and contracts anyway," the victim wrote on Twitter. The scammer flipped the NFT several minutes later for 78 ETH ($154,774).

Team member admits to taking more than $400,000 from Velodrome to try to recoup personal losses

On August 4, the team behind the Velodrome exchange and liquidity marketplace noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost.

On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.

Gabagool had become a somewhat prominent part of the crypto community, providing insights into various crypto happenings as someone who was adept at tracing blockchain transactions. In June, he was featured in a Vice documentary titled, "Is Everything in Crypto a Scam?". He spoke about, among other things, his October 2021 discovery that the crypto-focused venture capital firm Divergence Ventures was Sybil attacking airdrops to claim millions in rewards. That particular incident ended with Divergence returning the money they had gained from the strategy, and Ribbon awarding 5% of that amount—equivalent to about $545,000 at the time—to Gabagool as a "bounty".

Crypto YouTuber sues someone for calling him a "dirtbag influencer"

Ben Armstrong ("Bitboy Crypto") pictured sitting in a car, midsentence. Overlaid is the text "Use crypto risk free", the Bitcoin logo, and a wallet with coinsThumbnail of a Bitboy YouTube video (attribution)
"BitBoy Crypto" (Ben Armstrong) has sued "Atozy" (Erling Mengshoel Jr.) over a video in which Mengshoel accuses Armstrong of "lacking integrity as a cryptocurrency commentator" and repeatedly calls him a "dirtbag". He also states that Armstrong "cannot be trusted with financial advice because you don't know whether he’s trying to enrich you or himself."

Armstrong has claimed that the video cost him more than $75,000 in damages, and has caused him emotional distress including anxiety and depression.

Oddly, in the lawsuit, he writes that he is "in the business of providing advice and commentary on cryptocurrency investments"—a strange thing to do for someone who, like most crypto influencers, constantly tries to claim that his videos are not financial advice.

Armstrong has promoted crypto projects including Celsius. He has also posted and then deleted videos on cryptocurrency projects that later failed, such as Ethereum Yield, Cypherium, and MYX Network. According to a recent CNBC story, he claimed he "could easily make more than $100,000 per month in promotions alone", though it was not clear to which time period he was referring.

Armstrong announced on August 24 that he planned to drop the lawsuit against Mengshoel, stating that "I didn't understand that my name is now so big that if I file a lawsuit it would be found and be made public"—a strange thing to be blindsided by given he sued a YouTuber with 1 million followers who predictably told his audience about the suit. "We are going to drop the lawsuit, 100%. I'm sorry it became public."

Researchers estimate that an insider trader profited from 10–25% of new crypto listings at Coinbase

It's no secret that insider trading has happened at Coinbase, with the U.S. Attorney's Office of the Southern District of New York filing charges in July against three individuals, including a former Coinbase product manager, for their involvement in a scheme to trade on non-public information. However, researchers at the University of Technology Sydney have published a study showing that a group of four connected wallets appeared to trade based on the knowledge of tokens that were about to be listed by Coinbase. The trader(s) took positions in the coins ahead of the announcements, then sold the tokens soon after the listing announcement when they increased in value based on the news. The wallets involved in the trading scheme made a total profit of around 1,003 ETH ($1.88 million), which the researchers note is a conservative estimate of insider profits at Coinbase.

However, some have pointed out that issues with Coinbase's API leaked information about which coins were about to be listed, which could have enabled people to obtain the information allowing them to make such trades without an insider connection.

India freezes assets of FlipVolt, Vauld's Indian exchange

India's Enforcement Directorate froze $46.5 million of assets belonging to FlipVolt, the Indian branch of the Vauld cryptocurrency exchange. Vauld had previously filed for protection from creditors—a process in Singapore that is similar to Chapter 11 bankruptcy in the U.S.—on July 8, only four days after suspending withdrawals. Vauld subsequently announced a shortfall of around $70 million due to the Terra collapse and other factors, and reportedly owes creditors $363 million.

According to India's ED, 23 entities deposited Rs 370 crore (~$46.5 million) into FlipVolt, which the ED says were the proceeds of criminal activity. FlipVolt had "very lax KYC norms, no EDD [enhanced due diligence] mechanism, no check on the source of funds of the depositors, no mechanism of raising STRs [suspicious transaction reports], etc" and reportedly enabled the entities to launder the proceeds of crimes via the exchange.

Martin Shkreli dumps his project's token in "hack"

Martin Shkreli sits at a table, arms crossed and smirkingMartin Shkreli (attribution)
I've almost got to give it to him. When I wrote up Druglike, Martin "Pharma Bro" Shkreli's new "web3" project for drug discovery, and asked him some questions in the project Discord, I expected him to run into issues with the fact that he's trying to build a pharmaceutical software platform after being banned from the pharma business. But he seems to have exceeded my high expectations for this grift, pulling off a scam even before anything got off the ground.

The value of $MSI, Martin Shkreli Inu (really), plummeted 90% from $0.000014 to a mere $0.0000014 when a wallet owned by Shkreli suddenly dumped its tokens. The MSI token originally was a fan-made token, but Shkreli adopted it as the token "powering" Druglike (despite zero information as to how it's actually used to power the project). The MSI were swapped for 239 ETH (~$459,000).

Shkreli claimed via his Twitter persona "Enrique Hernandez" that "I got hacked last night." (Shkreli was banned from Twitter after being creepy to a journalist, and so now uses the thinnest of veiled identities to somehow evade Twitter suspension). Shkreli claimed that when he had tried to torrent a file called, no joke, [BigTitsRoundAsses] 17.12.14 - Jazmyn [1080p], he ended up with a remote access trojan. However, crypto research project Rug Pull Finder tweeted, "Bruh - why is the attackers wallet funded by you then".

Suspected Tornado Cash developer arrested in the Netherlands

A suspected developer of the Tornado Cash cryptocurrency tumbler was arrested in the Netherlands, according to the country's Fiscal Information and Investigation Service (FIOD). They said that he was "suspected of involvement in concealing criminal financial flows and facilitating money laundering". Wallet addresses used by Tornado Cash were sanctioned by the United States several days prior due to their use in laundering the proceeds of criminal activities.

It's not immediately clear from the statement whether the activities that led to the arrest involved more than just contributing to the Tornado Cash codebase, but it would be very concerning if not. There are complexities around the sanctioning of Tornado Cash—a fairly decentralized software project—that raise concerns about the criminalization of code. For many, it brings to mind the "Crypto Wars" (where "crypto" is referring to cryptography rather than cryptocurrency).

The largest Ethereum miner starts blocking Tornado transactions

The Ethermine mining pool is responsible for over a quarter of all Ethereum mining, making them the largest miner for that blockchain. On August 11, three days after OFAC added the project to its sanctions list, Ethermine stopped including Tornado Cash transactions in their blocks.

This came as a shock to some crypto enthusiasts, who were taken aback that such a large number of blocks in a "decentralized" and "censorship-resistant" project would reject Tornado Cash transactions. Others worried that more miners would do the same, which could eventually prevent Tornado Cash transactions from being validated at all.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.