The attacker was able to swap their tokens for 931 ETH ($1.57 million), which they then laundered through Tornado Cash.
"There's no excuse for an exploit, but these things happen," the project wrote on Twitter.
Dexible hacked for around $1.6 million
Decentralized exchange aggregator Dexible disclosed that they had suffered an exploit of one of their smart contracts, which allowed an attacker to steal funds from customer wallets. The exploit impacted 17 traders, most notably the investment firm BlockTower Capital. BlockTower suffered the largest loss, with the attacker stealing 18 million TrueFi tokens, notionally worth around $1.5 million.
NBA star Paul Pierce to pay $1.4 million fine for shilling EthereumMax
In the second big-name slapdown from the SEC relating to the EthereumMax token, former Celtics player Paul Pierce has agreed to pay a $1.4 million fine to settle charges that he violated anti-touting provisions of federal securities laws.
Pierce had made posts on Twitter, including writing shortly after he was fired from ESPN that "ESPN I don't need you. I got EthereumMax. I made more money with this crypto in the past month than I did with y'all in a year. TRUTH shall set u Free". The SEC pointed out that although he had been given EMAX tokens prior to the post, they were priced at around $46,000, not nearly the more than $1 million he'd made at ESPN over the previous year. Pierce later made a post claiming that he held more than $2.5 million of EMAX tokens, but the SEC alleged in the lawsuit that "his own personal holdings were in fact far lower" and that Pierce had been provided the screenshot of another person's holdings.
In October 2022, Kim Kardashian paid $1.26 million to settle charges over touting the same cryptocurrency, a fairly unknown token that nevertheless splashed out heavily for influencer and celebrity promotion in what appears to be a pump-and-dump scheme.
- "SEC Charges NBA Hall of Famer Paul Pierce for Unlawfully Touting and Making Misleading Statements about Crypto Security", U.S. Securities and Exchange Commission
Zachxbt reports phishing scammer "Loyalist" has stolen more than $4 million since early 2022
Crypto sleuth zachxbt has released research indicating that a cryptocurrency and NFT phishing scammer who goes by Loyalist/Lukas/Shibango has stolen more than $4 million of various assets from at least 416 victims from early 2022 until October 2022. zachxbt identified a slew of phishing websites and other phishing scams that stole both NFTs and cryptocurrency from a large number of victims throughout 2022, which he connected to the Eastern European scammer known as Loyalist. The stolen NFTs included more than 25 Yuga Labs Otherdeeds, more than 15 Meebits, and various others.
Although Loyalist had been largely inactive since October, shortly after zachxbt published his research in February 2023, Loyalist moved nearly $1 million in the DAI stablecoin out of one of the wallets identified by zachxbt.
SEC files fraud charges against fugitive Terra/Luna CEO, Do Kwon
The U.S. Securities and Exchange Commission filed charges against Terraform Labs and its CEO, Do Kwon, relating to the May 2022 collapse of the Terra/Luna projects. The complaint accuses Terraform and Kwon of offering unregistered securities and of fraud, and the SEC wrote in a press release that Kwon and the company "orchestrat[ed] a multi-billion dollar crypto asset securities fraud".
According to the SEC, Kwon "repeatedly misled and deceived investors" about the characteristics and stability of Terra and Luna, and tricked investors into believing that a popular Korean mobile payments platform used the Terra blockchain.
Kwon has been on the run from the law since Korean authorities filed a warrant for his arrest in September 2022. An Interpol red notice followed soon after. He is reportedly hiding out in Serbia, and Korean authorities reportedly traveled there in early February to hunt for him.
- "SEC Charges Terraform and CEO Do Kwon with Defrauding Investors in Crypto Schemes", United States Securities and Exchange Commission
Platypus Finance stablecoin exploited for $8.5 million ten days after launch
Platypus USD, a stablecoin issued by the Platypus Finance defi protocol, was exploited only ten days after it first launched. The loss was estimated to be around $8.5 million, although crypto researcher zachxbt observed that Tether had blacklisted the attacker contract shortly after the theft.
The exploit was a flash loan attack that allowed them to drain some protocol pools, also causing the stablecoin to lose its dollar peg and drop to around $0.48. A team member reported on the project's Discord that "all operations are paused until we get more clarity".
The following day, the project reported they had recovered $2.4 million of the stolen funds, and were working with crypto sleuth zachxbt, who had leads as to the hacker's identity. Later that month, Platypus announced that French police had arrested two suspects, who had tried to withdraw stolen funds through Binance — to whom they had submitted identification documents for KYC purposes.
Fart noise reportedly sells for $280,000 in Bitcoin's own NFT mania
You thought NFTs were dead? Think again. Perhaps longing for the halcyon days when you could mint an NFT on Ethereum and smile in satisfaction at the carbon emissions you just blasted into the atmosphere, some Bitcoiners came up with Ordinals: the latest iteration of NFTs on Bitcoin, and certainly the most popular. If nothing else, I do have to give them credit for pushing some Bitcoin maxis into paroxysms of fury.
Anyway, Bitcoin seems to be having its own little resurgence of NFT mania. On February 9, an "Ordinals Punk" — the Ordinals version of CryptoPunks — sold for 9.5 BTC (~$218,000). That record has now been broken by Inscription 2042, which is not an image but rather a 1-second-long audio recording of a fart sound. The NFT reportedly sold for 12.3 BTC (~$280,000), though it's tough to verify given the lack of any sort of Ordinals marketplace.
FDIC demands CEX.io stop claiming it's FDIC-insured
The FDIC is continuing its recent crackdown on exchanges claiming they're protected by FDIC insurance, issuing a cease-and-desist to CEX.io. CEX.io, like several other crypto companies including Voyager, FTX US, and Gemini, made claims referring to FDIC insurance that suggested that customer funds might be protected from issues at the company in a similar way that banking customers are protected from bank failures.
Many of these companies have taken the (true) statement that the company's insured depository accounts at various banking institutions are FDIC insured and presented it to customers in a misleading way, and the FDIC wants them to cut it out. The FDIC also demanded websites who published statements like "Is CEX.io Safe? Yes, Cex.io is a safe crypto exchange. Actually, one of the safest on the market since they are FDIC insured..." take them down.
CEX.io is a London-based cryptocurrency exchange with comparatively low trading volume compared to its larger competitors like Binance or Coinbase.
- "FDIC Demands Four Entities Cease Making False or Misleading Representations about Deposit Insurance", Federal Deposit Insurance Corporation
South Korean authorities issue arrest warrant to CEO of Tmon e-commerce platform for shilling Terra
South Korean authorities have issued an arrest warrant for the former CEO of Tmon, a major Korean e-commerce platform. The allege that he was bribed with Luna tokens, which he exchanged for billions of won (worth around US$105 million), to promote Terra: the stablecoin in the Terra/Luna ecosystem.
Terra and Luna dramatically collapsed in May 2022, and South Korean authorities are still hunting for Terra leader Do Kwon, who is reportedly hiding in Serbia. Earlier this month, Korean authorities reportedly traveled to Serbia to try to locate him, but were unsuccessful.
dForce Network exploited for $3.65 million, funds returned
An attacker using flash loans to exploit a common re-entrancy vulnerability siphoned $3.65 million from the dForce defi project on both Arbitrum and Optimism, which are Ethereum layer-2 networks. The exploit, which involves manipulating the oracle price in Curve liquidity pools, is a common one that was first reported to Curve in April 2022 and disclosed in October 2022. It has been used to attack various other projects, including QiDAO.
dForce contacted the hacker via blockchain transaction, offering to negotiate a bounty. Several days later, the project tweeted that the attacker had "c[o]me forward as a whitehat", and that the funds had been fully returned. "We have agreed to offer a bounty and will drop all on-going investigation and law enforcement actions," they announced.
Paxos ordered to stop minting Binance USD stablecoin, SEC sends Wells notice
New York-based crypto company Paxos was ordered by the New York Department of Financial Services to stop minting the Binance USD (BUSD) stablecoin over "several unresolved issues related to Paxos' oversight of its relationship with Binance in regard to Paxos-issued BUSD".
Nearly simultaneously, the SEC sent a Wells notice to Paxos, informing them of imminent enforcement action. According to the Wall Street Journal, the SEC told Paxos they intended to sue the company for violating investor protection laws, and that the SEC believed Binance USD was an unregistered security.
Paxos agreed to stop minting new BUSD tokens (but will continue to honor redemptions), and said in a statement that they would be ending their stablecoin-minting relationship with Binance. As for the SEC, Paxos has promised to "vigorously litigate if necessary", arguing that BUSD is not a security.
- "Crypto firm Paxos to face SEC charges, ordered to stop minting Binance stablecoin", CNBC
- "Crypto Firm Paxos Faces SEC Lawsuit Over Binance USD Token", Wall Street Journal
- "Regulator Orders Crypto Firm Paxos to Stop Issuing Binance Stablecoin", Wall Street Journal
- Statement by the New York Department of Financial Services
- Statement by Paxos