CFTC subpoenas former company of Ben "BitBoy" Armstrong over crypto promotion
The CFTC has sent a subpoena to Hit Network, the crypto media company that was previously headed up by Ben "BitBoy" Armstrong until his rather public meltdown. According to The Block, the subpoena requested information about fifteen tokens, including the BitBoy-themed $BEN token, and the videos in which figures including BitBoy talked up their potential for price appreciation. The CFTC noted that the investigation was into a person who had engaged in crypto fraud.
Kujira token tanks as team's leveraged bets melt down
The team behind the Kujira project wound up with around $2 million in bad debt after taking some of their operational funds and using it to make leveraged bets on their own platform. They blamed "a series of events over the last few months, including exploits, socially engineered attacks and fallouts within the ecosystem" for causing the positions to be liquidated. The $KUJI token price crashed by more than 60% as a result of the team's poor risk management.
The Kujira team apologized for the fiasco, and announced a plan to create a DAO to take over the project treasury.
ConvergenceFi hacked for $210,000
An attacker took advantage of a flaw in the code for the yield farming project ConvergenceFi, draining it of all the tokens that had been allocated for staking emissions. Because a function call in the smart contract did not do proper validation, an attacker was able to provide their own smart contract that set the amount of tokens to return to anything they wanted. Naturally, the attacker set it to return all 58.7 million tokens available to them, which they quickly swapped to around $210,000 and laundered through Tornado Cash.
Although ConvergenceFi described itself as audited, they admitted they had made changes to that portion of the code after the audits.
They assured their users that all user funds were safe, but recommended that users remove their staked funds from the platform.
- "Post-mortem | 08/01/2024", ConvergenceFi Medium [archive]
ZKX decentralized exchange shuts down in what some VCs are describing as a rug pull
The Starknet-based decentralized exchange ZKX abruptly shuttered operations on July 30, with an announcement from founder Eduard Tur explaining that they had "been unable to find an economically viable path for the protocol."
ZKX had raised $4.5 million in seed funding from investors including the now-bankrupt Alameda Research, Starkware, HTX, Amber Group, ArkStream Capital, and HashKey Capital. The project had announced a second, $7.6 million raise only a few weeks before its shutdown.
People at Amber Group, ArkStream, and HashKey publicly criticized the lack of transparency from ZKX around its financial situation. Ye Su, a founding partner at ArkStream, explained that he felt they had been "rug pulled".
Blockchain sleuth zachxbt joined the VCs in characterizing the project as a rug, and further elaborated that he felt the retail investors who had purchased the project's token only weeks earlier had been tricked into buying a token by the project team, who "misled the community/retail ... by giving the appearance the project was healthy and strong when in reality they were in a bad position and about to shut down."
BitClout founder arrested on wire fraud charges
Nader Al-Naji, also known as "Diamondhands", was arrested on wire fraud charges relating to his BitCloud crypto social media platform. He was simultaneously charged by the SEC with selling unregistered securities.
According to the criminal charges, Al-Naji misled investors, including by taking $3 million from an investor and using it for his own personal expenses and gifts to family. Al-Naji had told investors that the sales of the platform's token would not go to him or to other employees.
The SEC complaint separately alleged that Al-Naji had tried to falsely present the BitClout project as decentralized, including by soliciting a letter of opinion from a law firm that his tokens were not likely to be deemed securities, which was based on mischaracterizations.
BitClout raised money from various prominent firms, including Andreessen Horowitz, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.
- "Founder Of 'BitClout' Digital Asset Charged With Fraud In Connection With Sale Of 'BitClout' Tokens", U.S. Attorney's Office, Southern District of New York [archive]
- "SEC Charges Nader Al-Naji with Fraud and Unregistered Offering of Crypto Asset Securities", U.S. Securities and Exchange Commission [archive]
- "SEC charges BitClout founder Nader Al-Naji with fraud; says proceeds paid for L.A. mansion, gifts", TechCrunch [archive]
DraftKings abruptly shutters its Reignmakers NFT project and marketplace due to "recent legal developments"
American sports gambling behemoth DraftKings announced the shutdown of its Reignmakers NFT game and NFT marketplace, effective immediately. Reignmakers was a fantasy sports game that allowed players to purchase digital trading cards used for digital fantasy leagues.
In an announcement in the project Discord and on their website, DraftKings wrote that the shutdown was "due to recent developments". They offered holders the ability to cash out their Reignmakers cards "based on factors that include, but are not limited to, the relative size and quality of your digital game piece collection". Holders were also invited to transfer their NFTs to their own cryptocurrency wallets, although the DraftKings-run "contests" in which people used their NFTs to try to earn rewards and win prizes will no longer exist. It's also unclear whether some NFTs, built to not be transferrable off-marketplace, will be able to be retained by their holders.
Members of the DraftKings Discord reacted with chagrin to the news, and doubt that the vague promises of cash payments would amount to much. "What kind of compensation u think we get coming to us? Pennies?" wrote one. "Yeah I'm out like $20k," said another. Some blamed the shutdown on a recent lawsuit from a holder of the Reignmakers NFTs who lost $14,000 — a lawsuit which recently survived the motion to dismiss stage.
Compound DAO passes $24 million proposal in alleged governance attack
A controversial proposal in front of the Compound Finance DAO has narrowly passed, granting 499,000 COMP (~$24 million, and amounting to 5% of the project's treasury) to an outside group. A Compound Finance whale, "Humpy", proposed the vote to allocate the tokens to a protocol created by a group called the "Golden Boys", which Humpy also leads. The vote was the third attempt to allocate tokens to the Golden Boys' group, after two unsuccessful votes in May and earlier in July.
Humpy has previously been accused of governance attacks on other protocols, including Balancer and SushiSwap.
Prior to the proposal's passage, some Compound Finance DAO members raised objections. "In my personal opinion, the actions of Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates," stated Compound Finance security adviser Michael Lewellen, who also described the proposal as "a malicious attempt to steal funds from the protocol".
Afterwards, Lewellen wrote that "OpenZeppelin is working with all active delegates and Compound contributors to assess our options for protecting the protocol. We see serious risks to the future decentralization of the DAO as a result of Proposal 289 passing and so we are exploring options to mitigate or reverse this outcome."
- "Compound DAO asleep at the wheel as $25M governance 'attack' passes", Protos
- "$24 million Compound Finance proposal passed by whale over DAO objections", The Block
- "Trust Setup for DAO investment into GoldCOMP", Compound Finance discussion
- "Governance Security Notice: goldCOMP Proposal 247", Compound Finance discussion
MonoSwap hacked for at least $1.3 million
The MonoSwap DEX announced on July 24 that it had been compromised, and urged its users to withdraw their funds to avoid losses. According to the project team, one of their developers had been lured into a call with someone pretending to be a venture capitalist, who convinced them to download what they claimed was video call software, but which instead was malware. MonoSwap claimed this gave the hackers "access to all MonoSwap-related wallets and contracts".
The malicious video chat software attack vector has been widely used in the crypto world, with a victim losing cryptocurrency to an attacker using the same technique and impersonating an Andreessen Horowitz partner last month.
So far, the MonoSwap attacker has laundered $1.3 million via the Tornado Cash cryptocurrency mixer.
dYdX v3 exchange website compromised amid sale announcement
Crypto exchange dYdX has announced that the website for their v3 exchange was compromised, and is urging people not to use it. This announcement came almost simultaneously with a report from Bloomberg that the company behind the exchange was looking to sell the software behind the v3 exchange, after they’d upgraded to what they call v4.
The affected domain was hosted on Squarespace, which could connect this compromise to similar events earlier in the month affecting domains registered there.
ETHTrustFund rug pulls for $2.2 million
The operators of a project called ETHTrustFund on Coinbase's Base layer-2 Ethereum blockchain have apparently rug-pulled the project. The ETHTrustFund project was a fork of the Olympus DAO project on Base, but there was months of inactivity on the project following its March launch. Then, on July 20, the developer deleted his Telegram and Twitter accounts and the project's website, and suddenly moved the project treasury to a new wallet. The funds were then laundered through Railgun and Tornado Cash.
- ETHTrustFund, Rekt [archive]