CZ admits Binance held Luna and UST in bizarre tweet threads

On May 15, Binance CEO Changpeng Zhao (widely known as CZ) created a tweet thread in which he attempted to speak nonchalantly about questions that had "just occurred to [him]" about whether Binance held any UST. In the thread he attempted to distance himself from decisions or knowledge around such holdings, speaking cavalierly about how "we probably do have some". Former FBI agent James Harris wrote an interesting analysis of the thread, concluding, "If people weren't worried before, they will be now. If investigators weren't suspicious before, they should be now."

The following day, CZ tweeted, "Binance received 15,000,000 LUNA (at peak worth $1.6 billion USD, now not much) as part of the original ($3m) invest. 560x return at peak." In this tweet, "not much" glossed over the fact that these LUNA, obtained in return for a $3 million investment and at one point nominally worth $1.6 billion, are now worth $2,900.

He also wrote that Binance had 12,000,000 UST — worth $12 million when UST was properly pegged, and now worth $1.16 million (assuming liquidity exists to sell it at all).

Luna Foundation Guard reports what it did with its Bitcoin reserves, raising more questions

Many were eagerly awaiting a report from Luna Foundation Guard (LFG) on what happened to the several billion dollars' worth of Bitcoin reserves they once held, which they transferred during the UST collapse. The organization tweeted an explanation of the actions they took with those funds on May 16, describing how they began to convert Bitcoin to UST. They referred to transferring BTC and other reserves to "a counterparty", who traded them UST in exchange. They didn't name who these counterparties were.

More than a few people were unsatisfied with this reporting, asking more transparency around who these "counterparties" were. Ultimately, this action benefited the "counterparties", providing liquidity to these whales who were able to exit their now risky UST positions for a good price, and did not help most of the individuals holding UST.

"Stable"coin DEI loses peg

Another stablecoin lost its peg as dominoes continued to fall in the declining crypto market. DEI, an algorithmic stablecoin created by Deus Finance on the Fantom network, de-pegged on May 15. Intended to be pegged to the US dollar, the token dipped to a low of around $0.50, and continued to hover well below its intended price through the next day. DEI had a nominal market cap of more than $88 million before losing its peg.

This is another bump in the road for Deus Finance, which lost a total of $16.4 million in two separate flash loan attacks in March and April 2022.

Flash loan attacks on "Feed Every Gorilla" token take $1.9 million

A flash loan attack on the "Feed Every Gorilla" (FEG) token swap contracts pulled $1.3 million from the project, also tanking the token price by 80%. The project operates on both the Ethereum and BSC chains, and the attacker was able to use the exploit against the contracts on both networks. Shortly after the first attack, FEG was hit with a second flash loan attack that drained another $590,000 from the project.

Prior to these attacks, FEG had earned some notoriety from a May 2021 Vanity Fair article outlining an alleged pump-and-dump scheme, titled "Inside the Rise and Fall (and Rise and Fall) of Shit Coins". Despite the bad press, much of the FEG community maintained that the article was a smear and nothing more than an attempt by the author to create FUD. "You could literally take every token and this would apply to everyone..." wrote a moderator of the official FEG subreddit.

People continue to wait for a public accounting of what happened to Terra's $3.5 billion in Bitcoin reserves

Now that the dust is settling somewhat from the dramatic collapse of Terra, people are beginning to wonder when they'll hear more about what exactly happened to the 80,394 Bitcoin (priced at $3.5 billion at time of purchase; priced closer to $2.5 billion at the time of writing this entry) that previously belonged to Luna Foundation Guard (LFG). The project had previously purchased the assets to hold as reserves, and as UST began to lose its peg, LFG announced they would use those reserves to buy UST to help maintain the peg. Over the next few days, the reserves were emptied, but after they were moved to the Gemini exchange they became impossible to trace further. Although transactions are usually quite traceable on the blockchain, when funds are moved to services like the Gemini exchange, they become impossible to trace using public data because of how exchanges pool funds and transactions internally.

Terraform Labs CEO Do Kwon tweeted on May 13 that "We are currently working on documenting the use of the LFG BTC reserves during the depegging event. Please be patient with us as our teams are juggling multiple tasks at the same time." It's not clear when this documentation will be released. Binance CEO Changpeng Zhao joined the group of people asking about the BTC reserves, tweeting, "I would like to see more transparency from them. Much more! Including specific on-chain transactions (txids) of all the funds. Relying on 3rd party analysis is not sufficient or accurate."

Blockchain insurance company InsurAce shortens their claims window for Terra holders to just a week

InsurAce is a defi insurance provider (oh yes, they exist) that allows people to buy insurance against events including smart contract vulnerabilities and stablecoin depegs. Following the Terra collapse, InsurAce suddenly announced that its customers who held Terra had only a week to file claims, and that "Late submission [sic] will be rejected without further appeal".

Altogether, InsurAce says they paid out about $11 million to around 173 claimants as a result of the depeg. Evidently there were 61 others who did not submit their claims within the deadline.

SpiritSwap is the latest victim of a domain hijacking attack

In what is beginning to become a pattern, SpiritSwap was the latest project where attackers gained control of their domain and were able to modify the frontend to divert funds to a wallet under their own control. SpiritSwap tweeted that the "the hacker has managed to exploit Godaddy" (unlikely — it was more likely a case of stolen credentials) and swap out the recipient address.

The hacker only managed to exfiltrate around $18,000 before being discovered, and SpiritSwap shut down their swapping through their router to prevent the attack from continuing.

MM.Finance suffered a similar attack earlier in the month, losing $2 million after an attacker gained control of the domain and swapped in their own address to siphon funds.

Phishing attack targets users of sites including Etherscan and CoinGecko

Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse were showing users a pop-up prompting them to connect their MetaMask wallets. CoinGecko founder Bobby Ong stated that he believed the culprit was a malicious advertising script from a crypto ad network called Coinzilla. The advertisement appeared to be from a site mimicking the popular Bored Apes Yacht Club NFT project, which was taken down after the scam was discovered. It's as yet unclear how many users accepted the prompt, or what malicious actions (if any) were taken.

Crypto.com reverses some Luna trades, offers $10 consolation prize

One of the features of crypto that its proponents sometimes highlight is that transactions can't be reversed. This, of course, is not true when making trades on exchanges like Crypto.com, who can largely do whatever they want with the wallets they maintain and the coins they keep track of on users' behalf.

On May 13, the company announced it would be reversing transactions made during an hour-long period on May 12 when "users who traded LUNA were quoted an incorrect price". Some users were able to profit off the discrepancy, but later were told that their transactions were being reversed. Crypto.com offered $10 in CRO, their cryptocurrency token, "for the inconvenience caused". Crypto.com halted Luna trading after discovering the issue, and it remains halted as of May 13.

The issue sounds quite similar to issues that affected various defi projects around the same time. Several projects who failed to account for unexpected Luna price data coming from blockchain oracles including Chainlink suffered major attacks.

Unexpected oracle data in the wake of Terra blockchain halt enables multiple attacks on other platforms

Earlier today, Terra halted their blockchain after a devastating few days. Subsequently, Chainlink's oracle paused the price feed, causing it to fall out of sync with the apparent market price of the token. This enabled multiple attacks on various platforms.

$13.5 million was fraudulently borrowed from the Venus protocol on BSC. Blizz Finance on Avalanche reported their protocol had been entirely drained, amounting to around $8.3 million. Blizz subsequently announced in a post-mortem that "Blizz has no treasury or development fund and a significant portion of the stolen assets belonged to our team. As such we regret to announce the protocol has been paused and we do not intend to resume operations."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.