A user asked what would happen to remaining seed money, if any, in a Twitter reply. Garfield answered that they "still have a meaningful portion of our seed funding" but that he hadn't decided what to do with it.
Clockwork project to shut down due to "limited commercial upside"
A year after raising $4 million in a seed round joined by Multicoin Capital, Solana Ventures, and Asymmetric, Clockwork co-founder Nick Garfield announced that the Solana-based automation platform would be shutting down. He wrote, "Ultimately the reason we are stepping away now is simple opportunity cost. We admittedly see limited commercial upside in continuing to develop the protocol, and have a growing personal interest to explore new opportunities."
Balancer drained of over $2 million following vulnerability warning
After warning users several days prior that a critical vulnerability had been discovered in their protocol, the Balancer defi project has been drained of around more than $2.1 million in a series of exploits apparently taking advantage of the bug.
Balancer acknowledged the hack, writing on Twitter that "Balancer is aware of an exploit related to the vulnerability [disclosed on August 22]. Mitigation procedures have drastically reduced risks, but [we] are unable to pause affected pools." They reiterated that users needed to withdraw funds from affected liquidity pools to prevent further thefts.
The blockchain researcher known on Twitter as MevRefund questioned why Balancer didn't execute a whitehat attack on their own protocol to try to safeguard the vulnerable funds.
NFT collector SOL Big Brain loses around $1.5 million to phishing scam
The NFT collector SOL Big Brain lost around $1.5 million in ETH, stablecoins, and the Gearbox token after being targeted in a phishing scam. The attacker apparently compromised a Telegram account belonging to a founder of a portfolio company, then used it to message SOL Big Brain to ask him to claim his vested tokens. SOL Big Brain double checked that the sender was indeed the founder of the company, and did as he was instructed.
However, the attacker had set up a contract which used permit phishing to drain SOL Big Brain's wallet. He lost $740,000 in stablecoins, $550,000 in ETH, and another $200,000 in the GEAR token.
"Today is a bad day," wrote SOL Big Brain on Twitter.
Magnate Finance rug pulls for over $5.2 million
Magnate Finance, a lending protocol built on the new Base layer-2 blockchain, rug pulled within hours of a warning from crypto sleuth zachxbt. Zachxbt had discovered that a wallet address used by Magnate Finance was directly linked to Solfire Finance, a project that rug pulled for almost $5 million in January 2022. He warned his followers in a tweet that the project "will likely exit scam in the near future."
Sure enough, within an hour of zachxbt's tweet, the project drained $5.2 million from the protocol and deleted its website and Telegram group.
According to zachxbt, the project also shared on-chain links to the March 2023 Kokomo Finance rug pull, which saw its perpetrators profit around $4.5 million.
Members of $PEPE team allegedly dump $16.9 million worth of tokens
Holders of the $PEPE memecoin sold en masse after the PEPE multisig wallet transferred more than 16 trillion $PEPE (~$16.9 million) to crypto exchanges. Although the multisig previously required five of eight signatories to approve transactions, just before the massive transfer, the multisig was changed to require only two of eight signatures — a much lower level of security.
The transfers and change to the multisig sparked fears that the project was rug pulling, or had been hacked. This led to a massive $PEPE sell-off, with the token plunging around 17%.
A day after the transfers, a PEPE team member posted on the project's Twitter account, alleging that the transfers were indeed theft by three of the project's other team members.
U.S. Drug Enforcement Administration sends over $50,000 to a scammer
After seizing a little more than $500,000 in the Tether stablecoin from two accounts it believed were involved in illegal narcotics sales, the DEA mistakenly sent $50,000 of the seized funds to an enterprising scammer.
Someone observed the DEA wallet send a small test transaction before transferring the remaining seized funds, and quickly used a crypto wallet address with identical characters at the beginning and end to send an airdrop to the DEA source wallet. When the DEA agent went to send the remaining funds, they copied-and-pasted the address, believing it was the same one they'd sent the test transaction to. This is a common scam in the crypto world known as "address poisoning", and is successful primarily because crypto wallet addresses are very long strings of characters that people usually copy-and-paste, and only identify by the characters at the start and end.
Upon discovering that they'd been duped, the DEA contacted Tether to ask them to freeze the funds. However, by that time, the scammer had already converted the money into ETH, which couldn't be frozen. The DEA is now working with the FBI to try to trace the theft.
Former New Jersey prison guard charged by SEC over crypto pump-and-dump scheme targeted at cops
John DeSalvo, a former New Jersey corrections officer, was charged by the SEC over a pump-and-dump scheme associated with his "Blazar" token, a project he targeted at fellow law enforcement. With promises that the Blazar token would "guaranteed minimum 100X your money", DeSalvo convinced around 222 investors to pour in at least $623,888. He also made other false statements, including that the token was registered with the SEC, and that he had devised a way for people to take payroll deductions that would automatically be used to purchase the token.
Rather than "100x-ing", the token immediately plummeted when DeSalvo sold his ~41 billion Blazar tokens. DeSalvo is accused of using his profits from the scheme to speculate on other crypto tokens, pay for personal expenses, and reimburse one investor who threatened legal action.
DeSalvo is also being charged over a separate investment scheme he operated, where he solicited investments on Facebook, promising to use his claimed trading expertise to earn massive returns. The SEC alleges he lost most of the money in bad investments, and stole the rest for himself, blaming the losses on market movements.
DOJ charges two founders of Tornado Cash, arrests one
A year after the Department of Treasury added Tornado Cash to the OFAC sanctions list, the DOJ has come in to charge the service's two founders with conspiracy charges involving money laundering, sanctions violations, and operating an unlicensed money transmitter. The Feds arrested Roman Storm, a U.S. national; Russian co-founder Roman Semenov is "at large".
The Feds claim that the two founders knew Tornado Cash was widely being used to launder hundreds of millions of dollars by North Korea, but "turned a blind eye" and claimed to be complaint with sanctions laws. They also state that they refused to implement anti-money laundering and KYC programs, as is required of money transmitting services.
These charges are likely to be controversial — as has been the sanctioning of Tornado Cash — among crypto advocates and others, as they run up against thorny First Amendment questions and conflicting ideas about who, if anyone, is liable for running decentralized services.
Users pull $150 million in funds from Balancer protocol within hours after reports of a critical vulnerability
Balancer, a popular Ethereum-based defi protocol, has warned users that they should withdraw funds from vulnerable pools on the project after receiving a report of a critical vulnerability. No funds have been lost thus far, and the project has pools that could be impacted, though not all pools can be paused. Because of the nature of crypto projects, Balancer can't simply patch the vulnerability, and is now having to urge users to withdraw their liquidity as soon as possible.
Balancer had around $850 million TVL prior to the announcement. Since revealing the issue, users have removed more than $150 million in assets from the project. Balancer has stated that "only 1.4% of the total TVL is at risk", though 1.4% of $850 million would still be a sizeable $12 million windfall for any potential exploiter.
Victim loses $900,000 to Google Ad phishing
Google Ad phishing is the practice of taking out a Google advertisement to promote a malicious website impersonating a legitimate project. By taking out the ad, the result is pushed to the top of the search results page, tricking unsuspecting victims into believing it's a legitimate search result.
On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.
Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".