Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

Gala Games tokens drained by project claiming to help them; Huobi claims the project profited

There was some brief panic on November 3 as someone minted a huge number of $GALA tokens in what appeared to be an exploit. $GALA is the native token of Gala Games, a platform for distributing blockchain-based games. It turned out that the pNetwork project had discovered a vulnerability in the pNetwork bridge, which could have allowed someone to drain the entire pool. pNetwork decided to undertake their own "white hat" attack, draining the funds before a malicious exploiter could do so.

However, the Huobi crypto exchange has claimed that pNetwork's actions were not white hat, and that they profited $4.5 million from their actions. pNetwork rebutted that they had not made any money from the operation, and threatened to sue Huobi over the accusations.

Some traders who attempted to "buy the dip" and profit from the plunge in value of the GALA tokens were also upset with Huobi, when they found that the exchange had replaced their tokens with new, worthless $pGALA tokens.

Theme tags: Hmm, Shady business
Blockchain tags: Blockchain: BNB Chain, Ethereum
Tech tags: DeFi, blockchain gaming

Skyward Finance treasury drained of $3.2 million

Skyward Finance is a project based on the NEAR blockchain, aiming to help users with initial token distribution. The project's treasury was drained of 1.1 million NEAR (~$3.2 million) after a hacker discovered a vulnerability in the project's smart contract. Crypto exploit research group Rekt wrote, "The fact that it took over a year for anyone to find this relatively simple exploit is remarkable." and questioned, "Was this incident an honest, albeit simple, mistake? Or a planned ejector seat?"

The project was unusually frank in their announcement, writing on Twitter that the hack had "render[ed] the Treasury and the $SKYWARD token effectively worthless... We recommend users to withdraw their funds safely where they can and for the community to no longer interact with Skyward."

Theme tags: Hack or scam

Iris Energy Bitcoin mining firm close to defaulting on loans of $103 million

Iris Energy, an Australian "sustainable Bitcoin mining company", has announced that they are close to defaulting on loans used to purchase $103 million of Bitcoin mining rigs. These machines depreciate in value quickly, and are currently estimated by the company to be worth $65–$70 million. At the moment, they produce $2 million in gross profit from mining Bitcoin, which is not sufficient for the company to meet the $7 million of loan payments each month.
Theme tags: Collapse
Blockchain tags: Blockchain: Bitcoin

Oracle attack on Solend costs the project $1.26 million

Solend announced that an exploiter had manipulated the oracle price of an asset on their platform, allowing them to take out a loan that left the platform with $1.26 million in bad debt. They reported that they had paused affected pools, and did not anticipate other pools on the platform were at risk.
Theme tags: Hack or scam
Blockchain tags: Blockchain: Solana
Tech tags: DeFi

Rubic exchange private key compromised, token plummets

An attacker was able to compromise the private key of an admin wallet for the Rubic crypto exchange, transferring around 34 million Rubic tokens. The attacker then sold the tokens on decentralized exchanges Uniswap and PancakeSwap.

The enormous sale caused the token price to plummet from $0.082 to $0.016, an 80% decrease. The stolen tokens were nominally worth almost $2.8 million (priced at the value before the theft), but it's not likely the attackers were able to exchange them for that much given the lack of liquidity to absorb such a huge sale.

Theme tags: Hack or scam
Blockchain tags: Blockchain: BNB Chain, Ethereum
Tech tags: DeFi

Crypto exchange Deribit hacked for $28 million

Major crypto exchange Deribit suffered a hot wallet compromise that resulted in a $28 million theft. The exchange halted withdrawals to perform security checks, but urged that customer funds were safe and that the loss was covered by company reserves.

Deribit is also among the primary creditors of failed crypto hedge fund Three Arrows Capital, which defaulted on an $80 million loan from the exchange.

Theme tags: Hack or scam

Founders of Hodlnaut attempt to hide financial records from court

Hodlnaut, a crypto lending platform that halted withdrawals on August 8, has been undergoing court proceedings while it's determined if the insolvent company has a path to stabilization or if they will need to be liquidated. A Singaporean court document shows that the company founders tried to hide financial documents from the court, and that the records that do exist "have not been properly maintained". According to the Interim Judicial Managers, the founders and some other employees were uncooperative, obstructed the advisors' work, and tried to stop them from "taking into possession various key books and records of the Company".

Sounds like everything's above board over there! It was also exposed in August that the company had lied to its users about their exposure to the Terra collapse.

Theme tags: Shady business
Tech tags: lending

French fry-themed DAO loses $2.3 million due to Profanity exploit

friesDAO describes itself as a "a decentralized social experiment where a crypto community builds and governs a fast food franchise empire via wisdom of the crowd". Welcome to the future.

Anyway, friesDAO seems to have fallen victim to the same Profanity vulnerability that has affected projects who used the tool to generate vanity wallet addresses. friesDAO wanted a wallet address beginning with 51D35 ("SIDES"), and as a result they opened themselves up to a major loss.

The project had previously announced that they had raised $5.4 million in funding, suggesting this attack drained almost half of the project's funds.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Core Scientific Bitcoin mining operator warns of missed payments, possible bankruptcy

One of the largest public crypto mining firms in the United States, Core Scientific, filed a notice with the SEC that they would miss upcoming debt payments due in October and November. They also wrote that the company "potentially could seek relief under the applicable bankruptcy or insolvency laws. In the event of a bankruptcy proceeding or insolvency, or restructuring of our capital structure, holders of the Company's common stock could suffer a total loss of their investment."

Core Scientific blamed their precarious financial situation on "the prolonged decrease in the price of bitcoin, the increase in electricity costs, the increase in the global bitcoin network hash rate and the litigation with Celsius Networks LLC and its affiliates". Bankrupt crypto platform Celsius owes Core Scientific around $5.4 million.

Core Scientific's stock plummeted from around $1 a share to around $0.20 on the news, an 80% decrease. The stock started the year at $10.43 a share, and has decreased in value by 98% year-to-date.

Theme tags: Collapse
Blockchain tags: Blockchain: Bitcoin

$14.5 million stolen from Team Finance

Team Finance is a project that helps projects lock their tokens to be released after a certain period or on a schedule. A hacker exploited a vulnerability in a smart contract that enabled users of Team Finance to migrate from version two to version three of their project, despite that contract being audited. The attacker made off with $14.5 million thanks to the vulnerability.
Theme tags: Bug, Hack or scam
Tech tags: DeFi

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.