They announced that the exchange will stop trading on August 22, and customers have a month to withdraw their funds.
Eqonex closes its crypto exchange
The Nasdaq-listed firm Eqonex has announced they will close their "underperforming" crypto exchange, hoping to change their money allocation to "reflect the current market conditions and the opportunities that we are best placed to capture". They cited " extreme market volatility and declining trading volumes" as making it challenging to keep the exchange afloat.
Collector loses four Bored Apes valued at over $500,000 to phishing attack
An NFT collector who goes by ASEC_APE lost four Bored Ape Yacht Club NFTs to a phishing attack. The attacker quickly flipped three of the four NFTs for a total of around 200 ETH (~$387,000). The fourth is listed for sale on the NFT platform X2Y2 for 84.59 ETH (~$159,000) — a total profit of $546,000 for the scammer if they find a buyer at that price.
ASEC_APE had just purchased the four NFTs between July 15 and August 13 for a combined total of 326 ETH (~$532,000 based on ETH prices at the time of each purchase; ~$631,000 at the price on the day of the theft).
One of the stolen NFTs, Bored Ape 9012, had just been stolen a week before from Cameo CEO Steven Galanis when his wallet was compromised, as were a handful of other pricey NFTs. ASEC_APE had purchased it from the person who purchased it from the hacker shortly after the August 6 theft.
Brazilian crypto lender BlueBenx halts customer withdrawals and lays off employees after $32 million "hack"
The Brazilian crypto lending platform BlueBenx suddenly shut its doors after announcing they had suffered an "extremely aggressive" hack of 160 million BRL (US$32 million). However, they shared very little in the way of details, leading investors to question the veracity of their story.
All 22,000 customers of BlueBenx suddenly found them unable to withdraw funds from the platform. The platform also reportedly laid off the majority of its employees.
Misconfiguration in the Acala stablecoin project allows attacker to steal 1.2 billion aUSD
A misconfiguration in a newly-deployed liquidity pool allowed an attacker to mint 1.2 billion aUSD, a stablecoin built on the Polkadot network. The exploit caused aUSD to lose its USD peg, initially dropping as low as $0.60 and hovering around $0.90.
Acala paused the protocol shortly after the attack, and disabled the transfer functionality of the stolen aUSD and of Acala-based tokens the attacker had swapped for some of the aUSD. It's important to note that the attacker could not earn a profit anywhere near $1.2 billion USD from the erroneous creation of new, unbacked tokens — they likely made off with around $1.6 million. Acala subsequently burned most of the new tokens, which helped the aUSD token return to between $0.90 and $0.94 — much closer to its intended peg.
- Tweet thread by AcalaNetwork
- Acala Dollar on CoinMarketCap
Scammer trades fake ApeCoins for Bored Ape NFT
A scammer created a fake ApeCoin contract on the NFT Trader service, with tokens that appeared identical to the true ApeCoins but were actually worthless. After "chatt[ing] for a long time about location, jobs, the space", the owner of Bored Ape #8373 was convinced to trade it for 26,500 "ApeCoin", which would be valued at $163,770 if they were real. "I didn't bother double checking the contract as I figured [NFT Trader] only allows [OpenSea] verified collections and contracts anyway," the victim wrote on Twitter. The scammer flipped the NFT several minutes later for 78 ETH ($154,774).
Team member admits to taking more than $400,000 from Velodrome to try to recoup personal losses
On August 4, the team behind the Velodrome exchange and liquidity marketplace noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost.
On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.
Gabagool had become a somewhat prominent part of the crypto community, providing insights into various crypto happenings as someone who was adept at tracing blockchain transactions. In June, he was featured in a Vice documentary titled, "Is Everything in Crypto a Scam?". He spoke about, among other things, his October 2021 discovery that the crypto-focused venture capital firm Divergence Ventures was Sybil attacking airdrops to claim millions in rewards. That particular incident ended with Divergence returning the money they had gained from the strategy, and Ribbon awarding 5% of that amount — equivalent to about $545,000 at the time — to Gabagool as a "bounty".
- Tweet by Velodrome, August 13
- Tweet by Gabagool admitting to the theft, August 13 (alternate link)
- Tweet by Velodrome about the initial theft, August 4
- Tweet by Gabagool about the initial theft, August 4
- "Is Everything in Crypto a Scam?", Gabagool
- "Airdrop Ethics: VC Firm Draws Ire Following $2.5M Ribbon Finance Exploit", CoinDesk
- RGP-6: Divergence Whistleblower Bounty, Ribbon governance forum
Crypto YouTuber sues someone for calling him a "dirtbag influencer"
"BitBoy Crypto" (Ben Armstrong) has sued "Atozy" (Erling Mengshoel Jr.) over a video in which Mengshoel accuses Armstrong of "lacking integrity as a cryptocurrency commentator" and repeatedly calls him a "dirtbag". He also states that Armstrong "cannot be trusted with financial advice because you don't know whether he's trying to enrich you or himself."
Armstrong has claimed that the video cost him more than $75,000 in damages, and has caused him emotional distress including anxiety and depression.
Oddly, in the lawsuit, he writes that he is "in the business of providing advice and commentary on cryptocurrency investments" — a strange thing to do for someone who, like most crypto influencers, constantly tries to claim that his videos are not financial advice.
Armstrong has promoted crypto projects including Celsius. He has also posted and then deleted videos on cryptocurrency projects that later failed, such as Ethereum Yield, Cypherium, and MYX Network. According to a recent CNBC story, he claimed he "could easily make more than $100,000 per month in promotions alone", though it was not clear to which time period he was referring.
Armstrong announced on August 24 that he planned to drop the lawsuit against Mengshoel, stating that "I didn't understand that my name is now so big that if I file a lawsuit it would be found and be made public" — a strange thing to be blindsided by given he sued a YouTuber with 1 million followers who predictably told his audience about the suit. "We are going to drop the lawsuit, 100%. I'm sorry it became public."
Researchers estimate that an insider trader profited from 10–25% of new crypto listings at Coinbase
It's no secret that insider trading has happened at Coinbase, with the U.S. Attorney's Office of the Southern District of New York filing charges in July against three individuals, including a former Coinbase product manager, for their involvement in a scheme to trade on non-public information. However, researchers at the University of Technology Sydney have published a study showing that a group of four connected wallets appeared to trade based on the knowledge of tokens that were about to be listed by Coinbase. The trader(s) took positions in the coins ahead of the announcements, then sold the tokens soon after the listing announcement when they increased in value based on the news. The wallets involved in the trading scheme made a total profit of around 1,003 ETH ($1.88 million), which the researchers note is a conservative estimate of insider profits at Coinbase.
However, some have pointed out that issues with Coinbase's API leaked information about which coins were about to be listed, which could have enabled people to obtain the information allowing them to make such trades without an insider connection.
India freezes assets of FlipVolt, Vauld's Indian exchange
India's Enforcement Directorate froze $46.5 million of assets belonging to FlipVolt, the Indian branch of the Vauld cryptocurrency exchange. Vauld had previously filed for protection from creditors — a process in Singapore that is similar to Chapter 11 bankruptcy in the U.S. — on July 8, only four days after suspending withdrawals. Vauld subsequently announced a shortfall of around $70 million due to the Terra collapse and other factors, and reportedly owes creditors $363 million.
According to India's ED, 23 entities deposited Rs 370 crore (~$46.5 million) into FlipVolt, which the ED says were the proceeds of criminal activity. FlipVolt had "very lax KYC norms, no EDD [enhanced due diligence] mechanism, no check on the source of funds of the depositors, no mechanism of raising STRs [suspicious transaction reports], etc" and reportedly enabled the entities to launder the proceeds of crimes via the exchange.
Martin Shkreli dumps his project's token in "hack"
I've almost got to give it to him. When I wrote up Druglike, Martin "Pharma Bro" Shkreli's new "web3" project for drug discovery, and asked him some questions in the project Discord, I expected him to run into issues with the fact that he's trying to build a pharmaceutical software platform after being banned from the pharma business. But he seems to have exceeded my high expectations for this grift, pulling off a scam even before anything got off the ground.
The value of $MSI, Martin Shkreli Inu (really), plummeted 90% from $0.000014 to a mere $0.0000014 when a wallet owned by Shkreli suddenly dumped its tokens. The MSI token originally was a fan-made token, but Shkreli adopted it as the token "powering" Druglike (despite zero information as to how it's actually used to power the project). The MSI were swapped for 239 ETH (~$459,000).
Shkreli claimed via his Twitter persona "Enrique Hernandez" that "I got hacked last night." (Shkreli was banned from Twitter after being creepy to a journalist, and so now uses the thinnest of veiled identities to somehow evade Twitter suspension). Shkreli claimed that when he had tried to torrent a file called, no joke, [BigTitsRoundAsses] 17.12.14 - Jazmyn [1080p], he ended up with a remote access trojan. However, crypto research project Rug Pull Finder tweeted, "Bruh - why is the attackers wallet funded by you then".