Curio RWA project suffers $16 million exploit

Curio, a crypto project that creates tokens based on "real-world assets" (RWAs) like cars, watches, wine, and other goods, has suffered an attack that saw around $16 million drained from the project's funds.

A bug in the project's Ethereum smart contract enabled an attacker to mint 1 billion of the project's CGT governance token. Although the tokens were notionally priced at around $40 million, the loss to the project was estimated at closer to $16 million.

Curio DAO announced that they intended to compensate users affected by the theft over a year-long period.

Solana memecoin frenzy sparks trend of incredibly racist meme tokens

A screenshot of many Solana tokens on DEXScreener, including:
JEWS "Jews did 911"
卐 "NAZI"
N*** TRUMP "N*** Trump"
N***OLAS "N***OLAS CAGE"
COVID "chinadidcovid"
N***Butt "N*** Butt Token"
APERAH "aperah wenfree"
BDN "Big Dick N***"
CHIGGA "Chinese N***"
HITLER "I was right"
BOJE "Book of J***ers"
WODNDOR "AuschwitzWoodenDoor"
LIBTARD "Go Woke Go Broke"
BULLJEW "BULL JEW"
wifcancer "kate wif cancer"
N*** TRUMP "N*** TRUMP 2024"
GayPedo "Gays Are Pedos"
J*** "J*** Buice"Racist Solana tokens on DEXScreener (attribution)
Solana memecoin trading has been booming lately, with people making money by speculating on tokens themed around various memes and jokes. Amid an explosion in trading innocuously-named meme tokens like dogwifhat has also been a rise in blatantly racist tokens, named after racial slurs, featuring racist caricatures, or named after antisemitic conspiracy theories.

The tokens became so popular that projects showing newly-released tokens, like DEXScreener, became full of such tokens. DEXScreener released a statement on Twitter to say that "We'll be reviewing our token profile moderation policy in the coming days. We won't be the gatekeepers of what happens on-chain, but we're definitely not here to spread hate." The replies to the tweet were, predictably, full of people accusing DEXScreener of "censorship" and "going woke".

Previously rug-pulled Lucky Star Currency project somehow rugs again

The astrology-based Lucky Star Currency project rug-pulled for $1.1 million in October 2023. You'd think that might be the end of it, but on March 22, 2024, ownership of the project was transferred to a malicious smart contract that then drained tokens priced at almost $300,000 from those who still held them.

You almost have to admire the tenacity.

TICKER project developer steals $900,000

Tweet by MIDA (@brgMIDA): "im not sorry for any of you, tbh
you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich, you were expecting to receive 10,100,1000x money for that donation or wtf, "they dont tell us it gonna 1000x when they are down the streets tho", cuz you would have otherwise mfer? go touch grass anon, and apply donating from hands to hands to people in needs in your closest physical community and turn the world a better place instead, i love you
social contracts do not have a place on the blockchain anons, i don't know why it is not much more evident for all of you"Tweet by TICKER thief (attribution)
A developer brought on to run a presale for the $TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.

After the thief was identified by blockchain sleuth zachxbt, they posted a long message on Twitter, writing, "im not sorry for any of you, tbh. you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich". The thief later spent some of the money on Milady NFTs and memecoins.

zachxbt stated that he had identified the developer, including his full name, location, and other details. He encouraged those who were scammed to contact him if they were interested in pursuing legal action.

Super Sushi Samurai exploited by whitehat for $4.6 million

Super Sushi Samurai, a new blockchain game on the Blast layer-2 blockchain was exploited for $4.6 million when an attacker discovered a vulnerability in its smart contract. A bug in the mint functionality caused users who transferred their $SSS balance to themselves to receive twice as many tokens. An attacker took advantage of this to drain $4.6 million from the project, causing the $SSS token to plummet by 99%.

The attacker contacted the project shortly after the theft, claiming to be a whitehat. They wrote, "Hi team, this is a whitehat rescue hack. Let's work on reimbursing the users." Super Sushi Samurai later confirmed that the funds had been returned, minus a 5% "bounty". The team also gave the whitehat an additional 2.5% in SSS tokens and land, and brought them on to the project team as a tech adviser.

AirDAO exploited via social engineering attack

An attacker used social engineering techniques to gain access to the AirDAO project's liquidity pool. They then were able to drain 126.5 ETH (~$551,540) and 41.6 million AMB (notionally priced at around $500,000, but not very liquid). The thief then transferred the stolen tokens through various exchanges.

AirDAO announced the theft the following day, and stated that they were working to track and freeze stolen funds. They also offered the attacker a 10% "bounty" if they chose to return the stolen assets.

Dolomite exchange exploited for $1.8 million

The Dolomite DEX suffered a $1.8 million theft as an exploiter was able to take advantage of a vulnerability in a smart contract that had been deployed in 2019. Although most contemporary users of the exchange use a version deployed on the Arbitrum layer-2 network, the old contracts were still usable on Ethereum.

An attacker apparently discovered a reentrancy bug allowing them to drain user funds from those who had approved the old contract. Altogether, around $1.8 million was taken before the team disabled the contract. The attacker quickly tumbled the stolen funds through Tornado Cash.

SEC launches investigation into Ethereum Foundation

Fortune reported that the U.S. Securities and Exchange Commission has targeted the Swiss-based Ethereum Foundation for investigation, apparently in an effort to classify its ETH token a security. The report came out shortly after CoinDesk reported that a warrant canary had been removed from the Ethereum Foundation's website.

Although the SEC has agreed that bitcoin is a commodity and not a security, it has been hesitant to make similar explicit statements about ETH. Designation as a security could be devastating to the Ethereum project and to ETH, which is the second most popular cryptocurrency to bitcoin.

Bitcoin flash crashes on BitMEX

A "very small number of accounts" were able to crash the bitcoin price on the BitMEX exchange from its roughly $66,000 price to as low as $8,900. BitMEX attributed the incident to "aggressive selling behavior" by that small group.

The incident underscores the thinness of the bitcoin markets on some cryptocurrency exchanges, and the ease with which a few whales can manipulate token prices.

BitMEX used to be among the largest cryptocurrency trading platforms, though its popularity diminished after its founders were hit with criminal charges in 2020 for violations of the Bank Secrecy Act.

Slerf memecoin meltdown only adds to mania

People have gotten really into memecoin trading on Solana recently. Like really into it. Someone decided they'd hop on the bandwagon with "Slerf", a sloth-themed memecoin they said would launch with a 50% presale.

Thanks to the aforementioned frenzy, the project managed to raise $10 million in the presale. However, things went sideways when the developer accidentally burned the $10 million by sending them to an address where they would be permanently inaccessible. "oh fuck", the developer wrote ominously on Twitter, before explaining their mistake.

Some speculated that the screwup may have been a marketing ploy, in which case it was very successful, because the token went on to post more than $2.7 billion in trading volume over a 24-hour period — more than the entire ETH trading volume in that period. The monumental error by the developers seemed to have no damper on the overall frenzy around memecoins, or even produced the opposite effect.

Surely this trend won't end badly.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.