DAO Maker project exploited for more than $7.3 million
The DAO Maker project (not to be confused with the well-known MakerDAO) is a launchpad that claims to be "building the future of venture capital". Its website boasts that users who stake their $DAO can "earn up to 70% APY". The project suffered an exploit on June 3 in which attackers stole 7,376,245 USDC, a US dollar-pegged stablecoin. Although the project had been audited by three different auditing companies, hackers were able to exploit an issue in the claim portal for some tokens. According to the DAO Maker team, 5,521 users were affected, and lost an average of $1,250 each. Attackers immediately moved some of the funds to the Tornado Cash cryptocurrency tumbler, while some remained dormant for months before being moved.
$611 million is stolen from Poly Network in one of the largest cryptocurrency heists to date
Hackers stole approximately $611 million from the decentralized finance platform Poly Network in the largest cryptocurrency theft against a single platform to date. In a bizarre twist, the hacker returned the funds, and Poly Network offered them a position as a chief security advisor (though it is not clear if they accepted).
"Women-led" NFT project, "Fame Lady Squad", turns out to be a bunch of dudes
The "Fame Lady Squad" NFT project touted itself as a woman-designed and -developed project that would give back to women in the space, drawing support from high-profile individuals like Gary Vaynerchuk, and ultimately around $1.5 million in investments. Problem is, the three women who were supposedly running the project were a group of Russian men, accused by one of the individuals who uncovered the lie of trying to profit off American social causes. The group had a history of creating NFT projects based on false stories. One of their other projects, "Cyber City Girls Club", was intended to campaign to stop hate against Asians, and also originally purported to be run only by women (it wasn't).
Poloniex settles with the SEC for more than $10.3 million
Poloniex, a cryptocurrency exchange, agreed to pay more than $10.3 million in a settlement with the SEC. The SEC had alleged that Poloniex had flouted securities laws from 2017 thorugh 2019 by operating an unregistered trading platform. In the settlement, Poloniex neither admitted nor denied the charges.
The US-based Poloniex was acquired in 2018 by Circle, then in late 2019 by an investment group that included Justin Sun. Sun moved Poloniex to the Seychelles and closed U.S. operations upon acquiring the platform.
Blockchain Credit Partners forfeits over $12.8 million in SEC agreement
The SEC charged two individuals with selling more than $30 million in unregistered securities in what they described as a defi project that bought "real world" assets like car loans to generate income for investments they promised investors would generate more than 6% interest. Although the company was not able to operate as they'd promised, due to crypto's price volatility, the company lied to investors that all was hunky-dory.
The respondents agreed to a $12.8 million forfeiture of ill-gotten profits, plus a combined $250,000 penalty. The case marked a first from the SEC in the decentralized finance space.
DeviantArt releases software to detect infringement of artwork on NFT marketplaces... because the NFT marketplaces won't
DeviantArt releases software to automatically scan the NFT platform OpenSea for NFTs that use stolen artwork from DeviantArt. While it's awesome that DeviantArt created this tool to help the artists on their platform, it underscores the hands-off, look-the-other-way approach OpenSea has taken to the rampant art theft on their platform. Even reports of blatant copies of artwork have been rejected with no action, and artists are forced to report each infringement of their work individually even if there are many.
Uulala and related individuals settle with SEC for a total of $543,000 in fines
The company Uulala, which aimed to provide underbanked individuals with opportunities to build credit, settled with the SEC over charges that they ran an unregistered ICO that raised $9 million. Although they claimed to be using a "proprietary micro-credit algorithm" and proprietary database technology, the SEC said their algorithm was still under development and that they were using database technology belonging to another company. As a part of the settlement, Uulala disabled all $UULA tokens and asked crypto exchanges to disallow trading.
Flash loan exploit empties $25 million from Popsicle Finance
Popsicle Finance, a DeFi platform, lost $25 million to a bug exploited with flash loans. The organization later reimbursed users who lost money to the exploit.
Russian Ponzi scheme collapses after defrauding investors of around $95 million
Finiko, a Russian operation that turned out to be a Ponzi scheme, collapsed in July 2021 after defrauding approximately $95 million from people. Investors, facing difficult economic conditions in Russia, were promised they could see returns of up to 30% a month.
An attacker steals coins by giving out coins of their own
An attacker giving out free UniH tokens was able to exploit a bug in a non-standard token contract and steal RUNE tokens from unsuspecting victims. By baiting people into selling their new UniH tokens, the attacker was able to execute malicious code that transferred any RUNE tokens also in their wallet. This was the fourth exploit pertaining to the Thorchain platform in the month of July.