The respondents agreed to a $12.8 million forfeiture of ill-gotten profits, plus a combined $250,000 penalty. The case marked a first from the SEC in the decentralized finance space.
The DAO Maker project (not to be confused with the well-known MakerDAO) is a launchpad that claims to be "building the future of venture capital". Its website boasts that users who stake their $DAO can "earn up to 70% APY". The project suffered an exploit on June 3 in which attackers stole 7,376,245 USDC, a US dollar-pegged stablecoin. Although the project had been audited by three different auditing companies, hackers were able to exploit an issue in the claim portal for some tokens. According to the DAO Maker team, 5,521 users were affected, and lost an average of $1,250 each. Attackers immediately moved some of the funds to the Tornado Cash cryptocurrency tumbler, while some remained dormant for months before being moved.
Hackers stole approximately $611 million from the decentralized finance platform Poly Network in the largest cryptocurrency theft against a single platform to date. In a bizarre twist, the hacker returned the majority of the funds, and Poly Network offered them a position as a chief security advisor (though it is not clear if they accepted).
The "Fame Lady Squad" NFT project touted itself as a woman-designed and -developed project that would give back to women in the space, drawing support from high-profile individuals like Gary Vaynerchuk, and ultimately around $1.5 million in investments. Problem is, the three women who were supposedly running the project were a group of Russian men, accused by one of the individuals who uncovered the lie of trying to profit off American social causes. The group had a history of creating NFT projects based on false stories. One of their other projects, "Cyber City Girls Club", was intended to campaign to stop hate against Asians, and also originally purported to be run only by women (it wasn't).
Poloniex, a cryptocurrency exchange, agreed to pay more than $10.3 million in a settlement with the SEC. The SEC had alleged that Poloniex had flouted securities laws by operating an unregistered trading platform. In the settlement, Poloniex neither admitted nor denied the charges. The agreement came shortly after the announcement that Circle would be acquiring Poloniex in a deal that valued the company at $4.5 billion.
The SEC charged two individuals with selling more than $30 million in unregistered securities in what they described as a defi project that bought "real world" assets like car loans to generate income for investments they promised investors would generate more than 6% interest. Although the company was not able to operate as they'd promised, due to crypto's price volatility, the company lied to investors that all was hunky-dory.
DeviantArt releases software to automatically scan the NFT platform OpenSea for NFTs that use stolen artwork from DeviantArt. While it's awesome that DeviantArt created this tool to help the artists on their platform, it underscores the hands-off, look-the-other-way approach OpenSea has taken to the rampant art theft on their platform. Even reports of blatant copies of artwork have been rejected with no action, and artists are forced to report each infringement of their work individually even if there are many.
The company Uulala, which aimed to provide underbanked individuals with opportunities to build credit, settled with the SEC over charges that they ran an unregistered ICO that raised $9 million. Although they claimed to be using a "proprietary micro-credit algorithm" and proprietary database technology, the SEC said their algorithm was still under development and that they were using database technology belonging to another company. As a part of the settlement, Uulala disabled all $UULA tokens and asked crypto exchanges to disallow trading.
Popsicle Finance, a DeFi platform, lost $25 million to a bug exploited with flash loans. The organization later reimbursed users who lost money to the exploit.
Finiko, a Russian operation that turned out to be a Ponzi scheme, collapsed in July 2021 after defrauding approximately $95 million from people. Investors, facing difficult economic conditions in Russia, were promised they could see returns of up to 30% a month.
An attacker giving out free UniH tokens was able to exploit a bug in a non-standard token contract and steal RUNE tokens from unsuspecting victims. By baiting people into selling their new UniH tokens, the attacker was able to execute malicious code that transferred any RUNE tokens also in their wallet. This was the fourth exploit pertaining to the Thorchain platform in the month of July.