Victim loses $900,000 to Google Ad phishing

Google Ad phishing is the practice of taking out a Google advertisement to promote a malicious website impersonating a legitimate project. By taking out the ad, the result is pushed to the top of the search results page, tricking unsuspecting victims into believing it's a legitimate search result.

On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.

Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".

SEC cracks down on Titan crypto investment manager for advertising 2,700% returns

Titan Global Capital Management, an investment advisory firm, has been charged by the SEC for violations of securities laws, including misrepresenting potential investment performance, making misleading disclosures pertaining to crypto custody, failing to impose limits on employees' crypto trades, and more.

Titan advertised "annualized" performance results of up to 2,700% on its Titan Crypto trading strategy, which the SEC says was misleading because it failed to include material information about how the performance was calculated. Titan had based the calculation on three weeks of performance, assuming it would continue for a full year.

Titan has agreed to a cease-and-desist order, censure, and over a million in disgorgement and penalties.

Harbor Protocol exploited

The "interchain stablecoin protocol" Harbor announced on August 19 that they had experienced an exploit that drained some of the funds in the project pools. They wrote on Twitter that they were "working hard to estimate the total losses incurred as well as investigate the exploiter(s) and trace the funds."

According to data on DefiLlama, TVL on the project dropped from around $370,000 to only $81,000. The TVL was already significantly down from the project's peak of almost $1.5 million.

Crypto founder loses over $250,000 to crypto scam

Bryan Lawrence, the leader of a crypto project called Glow Token, recently shared that he'd fallen victim to scammers impersonating employees of the Crypto.com exchange. Lawrence said that scammers promised to list Glow Token's FLARE token in exchange for more than $250,000 in "security deposits". Crypto.com later contacted Lawrence, asking him to stop falsely claiming that his token would be listed on Crypto.com, and alerting him to the apparent scam.

Lawrence is now suing Crypto.com, although this may be challenging given they apparently weren't behind the scam. Lawrence has also said that he has sold his house to pay for legal costs.

Recur NFT platform shuts down after $50 million Series A

In September 2021, the Recur NFT platform announced it had raised $50 million in a Series A funding round that saw the startup valued at $333 million.

In December 2021, the company offered $300 "Recur Passes", which promised holders early access to NFT drops and other perks. One of them resold for $88,888 in February 2022.

Now, Recur has announced they will be closing up shop, and warned users to migrate their assets away from the platform in advance of a November shutdown. The company cited "unforeseen challenges and shifts in the business landscape".

As for the Recur Passes, they're currently selling for somewhere between $7 and $11.

Terra website hijacked by phisher

Despite the catastrophic Terra/Luna collapse in May 2022, the Terra blockchain is still up and running. On August 19, the official Twitter account for the Terra project tweeted that the project's website had been hijacked, and was being used by a phisher to try to obtain access to users' wallets. When the website is opened, it prompts visitors to connect their wallets, which then allows the phishers to drain funds.

Despite a tweet on August 19 that "sites are coming back online", and a developer stating that they were "mostly back in control", the website apparently remained compromised for several days. The project reiterated via tweet on August 20 that the website was still not safe to use.

It's unclear how much was stolen as a result of the hijacking.

Exactly Protocol hacked for at least $12 million

The Exactly Protocol, an attempt to "decentralize the credit market" built on the Optimism layer-2 network, was exploited. The protocol announced a pause to investigate a security issue, after they were alerted to suspicious transactions.

An attacker has siphoned more than 7,160 ETH (~$12 million) from the project, which they've bridged back to the Ethereum main chain. The Exactly Protocol's TVL plunged from $37 million to under $12 million following the attack.

Exactly writes on their website that they had been audited by four different firms: Chainsafe, Coinspect, ABDK, and Cryptecon.

Fed issues cease and desist to FTX-connected Farmington State Bank

A small building with "BANK" written over the doorFarmington State Bank (attribution)
Farmington State Bank, also known as Moonstone Bank, is a tiny Washington state bank that drew scrutiny after the FTX collapse for receiving an outsized investment from the firm. The investment appeared to be an attempt by FTX to gain control of a US bank, and raised questions over how the purchase was approved by federal regulators.

Now, the Federal Reserve Board has issued a cease and desist to Farmington State/Moonstone, claiming they have violated the commitments they made while going through the approval process. Despite promises not to do so, the bank engaged in digital asset activity, reportedly working with stablecoin issuers.

Blockchain Capital co-founder loses $6.3 million in SIM swap hack

Blockchain Capital co-founder Bart Stephens has filed a lawsuit against as-yet-unknown individuals who he says stole $6.3 million in cryptocurrency from him. The attackers used a SIM swap attack to gain access to his crypto wallet, which they then drained of various tokens.

The attackers also tried to steal around 80 BTC and 6,500 ETH (currently worth over $12.6 million) from a cold wallet belonging to Stephens, but were thwarted by an email alert sent to Blockchain Capital employee.

$1.7 million rendered inaccessible for weeks in broken bridge to new Shibarium network

People were very excited when the Shiba Inu-focused "Shibarium" layer-2 Ethereum blockchain went live on August 16. The dog-themed network is part of a push to make Shiba Inu a "serious blockchain project" — though the network will use $BONE, $TREAT, $SHIB, and $LEASH tokens, and is still fundamentally based around a dog meme.

A bridge between Ethereum and the Shibarium network was released as the network went live, and eager users quickly transferred a combined 954 ETH (~$1.7 million) to the bridge contract so they could access it on the new chain. However, users started reporting that transactions were stalled, and they weren't able to access their tokens on the Shibarium side.

The team quickly shut down conversation on Discord as more issues were raised, and claimed in a blog post that the issues were caused by nothing more than the network being overwhelmed with traffic. The team denied the authenticity of screenshots of a Telegram chat appearing to show the lead developer writing that the funds were unrecoverable, insisting they were safe.

Finally, weeks after the botched launch, Shibarium re-enabled the bridge and told users they could once again access their funds. Though there have been some delays in transactions, the "stuck" funds appear to be retrievable.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.