Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

"Hawk tuah" memecoin immediately crashes

Haliey WelchHaliey Welch (attribution)
Who could have guessed that buying up a token based around the long-past-its-expiration-date hawk tuah meme might turn out to be an unwise investment? Haliey Welch, the originator of the raunchy catchphrase, launched a memecoin that she insisted was not a cash grab but a "good way to interact with her fans". (The "interaction" in question here was limited to " fans give money", because she had no other specific plans for the token).

The token followed the typical pattern of quickly pumping, then crashing spectacularly, losing around 90% of its "value". This is often an indicator of a pump-and-dump scheme by insiders, but Welch vehemently denied such wrongdoing, blaming the crash on "snipers".

"I really lost $43k apeing in 'hawk tuah' coin," wrote one buyer on Twitter. Other Twitter users marveled at a wallet that swapped $1.4 million worth of MOODENG (a memecoin based on the tiny hippo of the same name) only to lose it all on the $HAWK token.

Theme tags: Bad idea
Blockchain tags: Blockchain: Solana

Official Solana JavaScript library compromised in supply chain attack, at least $184,000 taken

An attacker was able to compromise an account that had publish access for the official Solana web3.js library, which is widely used by dApps to read and write from the Solana blockchain. The library gets over 350,000 downloads per week from the popular JavaScript package manager npm.

Malicious versions of the library allowed exploiters to steal private keys and drain funds from dApps like various Solana bots.

Around $184,000 was stolen as a result of the compromise. Although it was caught fairly quickly, and the malicious code was removed from package managers, developers will need to update projects that used the malicious version of the library, and refresh any potentially exposed secrets.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Solana
Tech tags: dApps

Clipper DEX suffers $450,000 hack

The Clipper decentralized exchange suffered a $450,000 exploit across two Ethereum layer-2 chains. Although some speculated that the issue may have been a private key leak, Clipper denied this, and instead said that an attacker had exploited a feature allowing people to make withdrawals denominated in a single token by performing swaps along with the withdrawal.

Although the $450,000 theft is relatively small compared to some other crypto hacks, it represented around 6% of the total value locked on Clipper. Clipper stated they were working to trace and attempt to recover funds, and asked the hacker to contact them to potentially negotiate a return of some funds.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Crypto exchange XT.com suffers $1.7 million hack

On November 28, cryptocurrency exchange XT.com abruptly suspended withdrawals, citing a "wallet upgrade and maintenance". However, after a blockchain security firm identified $1.7 million in suspicious transfers, XT.com acknowledged that they had "detected an abnormal transfer from our platform wallet". According to an announcement, the stolen funds were company assets, rather than cryptocurrencies belonging to users.
Theme tags: Hack or scam

13-year-old rug pulls crypto token, then faces retaliation

A 13-year-old known as the "Gen Z Quant kid," created a token called QUANT and executed a rug pull, making $30,000. In retaliation, various people in the cryptocurrency world executed a "revenge pump" — pumping up the price of the token after the kid cashed out, causing him to miss out on potential gains. Worse, they then found the child's identity, and published his address and the school he attended. They also identified his mother, and began leaving hateful comments on her Instagram account. Rumors also emerged that a member of the cryptocurrency community dognapped the child's dog, then launched a memecoin based on the animal.
Theme tags: Rug pull, Yikes
Blockchain tags: Blockchain: Solana

Around $21 million in losses reported by users of DEXX

DEXX, a platform that advertises itself as the "first memecoins trading terminal application", disclosed that it had been hacked when it posted a message on social media addressed to "Mr./Ms. Hacker", asking they return stolen funds in exchange for "destroy[ing] all information we currently have on the hack" and not pursuing further legal action.

DEXX did not disclose how much was taken in the breach, but hundreds of victims have reported around $21 million in combined losses so far.

Theme tags: Hack or scam
Tech tags: DeFi

Polter Finance exploited for $12 million

The Fantom-based Polter Finance defi project was exploited for $7 million when an attacker was able to perform an oracle manipulation attack. By artificially increasing the price of the $BOO token, which is a governance token used by the SpookySwap project, they were then able to use that token to drain Polter's liquidity pools using a flash loan. The attacker successfully drained the entire $12 million worth of tokens on the platform.

The creator of the platform stated that they had filed a police report with Singaporean authorities. They also attempted to contact the hacker via on-chain message to negotiate the return of funds, but have not received a response.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Fantom
Tech tags: DeFi

Thala Labs loses, then recovers, $25.5 million

The Thala Labs Aptos-based defi project suffered a $25.5 million theft when an attacker exploited a vulnerability in one of their smart contracts. They paused related smart contracts and froze tokens where they were able, ultimately freezing around $11.5 million in assets. After working with law enforcement and several blockchain security teams, they successfully negotiated the return of the assets, leaving the attacker with a "bounty" of $300,000.
Theme tags: Hack or scam
Tech tags: DeFi

DeltaPrime loses $4.8 million in second hack

The DeltaPrime defi protocol was hacked for the second time in two months, losing $4.8 million in Arbitrum and Avalanche tokens. The attacker appeared to have exploited a flaw in one of the platform's smart contracts that enabled them to borrow more than they put up in collateral.

DeltaPrime paused the protocol on both Arbitrum and Avalanche, stopping the attacker from being able to steal more funds than they already had.

DeltaPrime was hacked previously on September 16, losing $6 million after a leaked private key enabled an attacker to mint a huge number of the platform's stablecoin deposit receipts.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Avalanche, Ethereum
Tech tags: DeFi

Trader reveals he lost $28 million to bad copy-paste

After apparently exhausting all his other options, a trader has put out a call to "all skilled hackers and white hats out there" to help him recover 7,912 Renzo staked ETH (ezETH) he inadvertently sent to an inaccessible address back in June. The tokens were priced at a little over $28 million at the time, and are currently priced at a little less than $26 million. According to the trader, he copied the wrong address to his clipboard before making the trade, which rendered his funds permanently inaccessible.

Short of finding a vulnerability in Renzo, the trader's only real choice is to plead with Renzo to change their smart contract in such a way as to release the funds. While this is technically possible, Renzo has told the trader they could not grant his request due to "regulatory limitations".

Theme tags: Bummer
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.