C.R.E.A.M. Finance exploited again, this time for $25 to $30 million
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $20 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of the year.
xToken loses another $4.5 million in second hack of the year
A vulnerability in xToken's xSNX product allowed hackers to use flash loans to empty $4.5 million from xToken. This hack followed an even larger hack in May, where the platform was exploited for around $25 million.
Scammers posing as Bored Ape Yacht Club founders scam NFT collector Sohrob Farudi out of $800,000
The day after Nicholas lost almost $500,000 to NFT scammers, another collector was targeted for an even larger sum. "I've never felt more dumb, helpless, embarrassed or just plain sad in my entire life", Farudi wrote on Twitter. The scammers, who pretended to be the founders of the popular Bored Ape NFT collection, had tricked him into exposing his private key QR code to them in another Discord/OpenSea scam.
Scammers posing as OpenSea support staff steal $480,000 from NFT collector Jeff Nicholas
After asking for help in the OpenSea Discord channel, Nicholas was successfully scammed by individuals posing as customer support. After convincing the investor to share his screen, allowing scammers to view his private key, they transferred all of his NFTs, worth almost $500,000, from his wallet in transactions that can't be reversed. Earlier that year, Nicholas had appeared as a guest on a podcast episode titled "How NFTs Will Change Everything".
- "The NFT scammers are here", The Verge
Liquid Global cryptocurrency exchange hacked for $90 million
Japanese cryptocurrency exchange Liquid Global suffered a hack that saw $90 million in various assets stolen. The exchange stated that the attack had targeted the company's MPC wallet.
A week after the hack, FTX extended a $120 million loan to the platform. In April 2022, FTX formally acquired Liquid for an undisclosed amount.
DAO Maker project exploited for more than $7.3 million
The DAO Maker project (not to be confused with the well-known MakerDAO) is a launchpad that claims to be "building the future of venture capital". Its website boasts that users who stake their $DAO can "earn up to 70% APY". The project suffered an exploit on June 3 in which attackers stole 7,376,245 USDC, a US dollar-pegged stablecoin. Although the project had been audited by three different auditing companies, hackers were able to exploit an issue in the claim portal for some tokens. According to the DAO Maker team, 5,521 users were affected, and lost an average of $1,250 each. Attackers immediately moved some of the funds to the Tornado Cash cryptocurrency tumbler, while some remained dormant for months before being moved.
$611 million is stolen from Poly Network in one of the largest cryptocurrency heists to date
Hackers stole approximately $611 million from the decentralized finance platform Poly Network in the largest cryptocurrency theft against a single platform to date. In a bizarre twist, the hacker returned the majority of the funds, and Poly Network offered them a position as a chief security advisor (though it is not clear if they accepted).
"Women-led" NFT project, "Fame Lady Squad", turns out to be a bunch of dudes
The "Fame Lady Squad" NFT project touted itself as a woman-designed and -developed project that would give back to women in the space, drawing support from high-profile individuals like Gary Vaynerchuk, and ultimately around $1.5 million in investments. Problem is, the three women who were supposedly running the project were a group of Russian men, accused by one of the individuals who uncovered the lie of trying to profit off American social causes. The group had a history of creating NFT projects based on false stories. One of their other projects, "Cyber City Girls Club", was intended to campaign to stop hate against Asians, and also originally purported to be run only by women (it wasn't).
Poloniex settles with the SEC for more than $10.3 million
Poloniex, a cryptocurrency exchange, agreed to pay more than $10.3 million in a settlement with the SEC. The SEC had alleged that Poloniex had flouted securities laws by operating an unregistered trading platform. In the settlement, Poloniex neither admitted nor denied the charges. The agreement came shortly after the announcement that Circle would be acquiring Poloniex in a deal that valued the company at $4.5 billion.
Blockchain Credit Partners forfeits over $12.8 million in SEC agreement
The SEC charged two individuals with selling more than $30 million in unregistered securities in what they described as a defi project that bought "real world" assets like car loans to generate income for investments they promised investors would generate more than 6% interest. Although the company was not able to operate as they'd promised, due to crypto's price volatility, the company lied to investors that all was hunky-dory.
The respondents agreed to a $12.8 million forfeiture of ill-gotten profits, plus a combined $250,000 penalty. The case marked a first from the SEC in the decentralized finance space.