Georgian Coinbase customers take advantage of 100x price bug

Some Coinbase customers in Georgia (the country, not the state) took advantage of an hours-long price bug where a misplaced decimal point altered the exchange rate of the Georgian Lari (GEL) to 100x its actual value. Users were able to sell their cryptocurrencies for GEL to receive, in some cases, thousands of dollars more than the trades were worth. According to Blockworks, some users exchanged $150 worth of crypto for $15,000, more than three times the national average salary in the country.

Some users who took advantage of the bug and withdrew funds to their bank accounts found their accounts frozen shortly after, when Coinbase noticed the error and began working to claw back the funds. According to Coinbase, about 1,000 users took advantage of the error.

Attacker exploits bug in ShadowFi to empty $300,000 liquidity pool

An attacker discovered that anyone could call the burn function on the liquidity pool contract for the ShadowFi project. They were able to exploit this vulnerability by calling the burn function and then taking advantage of the price difference (based on the new circulating supply) to remove all 1078 BNB (~$298,000) in the project's liquidity pool.

The project had only just launched that same day, after running a presale of their SDF tokens. The project promised to allow people to "Take your spending away from the floodlights of surveillance capitalism" and apparently involves sending people prepaid Visa cards to help them cash out their cryptocurrency without connecting a bank account or providing KYC information.

Holding company for Mercado cuts 15% of employees

2TM, the holding company for the Brazilian crypto exchange Mercado, announced they would be laying off 15% of their workforce—about 100 people. The company had previously laid off more than 80 employees in June. Mercado raised a $200 million Series B funding round in July 2021, which valued the company at $2.1 billion—the highest-valued crypto exchange in Brazil.

Describing the layoffs, a spokesperson for 2TM said that Mercado was suffering for playing by the rules. "The competitive environment remains deteriorated and unfair, lacking the approval of the legal framework for crypto-activities, as players following the law are penalized by companies that ignore local rules."

dYdX infuriates users by requesting "liveness checks" via webcam, cancels campaign due to "overwhelming demand"

The decentralized crypto exchange dYdX announced on August 31 that they would give users $25 if they completed a "liveness check", which is accomplished by taking webcam facial scans that can then be compared with scans from other accounts on the exchange in an attempt to combat Sybil attacks.

This infuriated many crypto users, who were horrified that dYdX would try to collect this kind of biometric data. "DYDX just nuked itself. I would never use this platform," wrote a prominent trader.

On September 1, dYdX tweeted that "Due to extremely overwhelming demand of the $25 deposit bonus promotion, we are ending the campaign, effective immediately. Thank you to the many thousands of new users that onboarded to dYdX today. We truly underestimated the amount of interest the campaign garnered." They made no mention of the backlash against the liveness checks, but quietly removed the mentions of the system from their website.

Bill Murray's NFT charity auction nets $185,000, which is then immediately stolen

Black and white photorealistic painting of Bill Murray. The only colors are the lenses in a pair of cardboard 3D glasses that Murray is wearing, and a green bowtie.Token #0 from Bill Murray's NFT collection (attribution)
Bill Murray auctioned off an NFT representing the right to drink a beer with him, during which a painter will paint a picture of the scene that the buyer can keep. The auction benefits Chive Charities, which is a veteran- and first responder-focused non-profit. The NFT sold for 119.2 ETH (~$185,000).

However, hours after the auction, a hacker gained access to Murray's crypto wallet and snagged the ETH for themselves. They also attempted to steal 800 NFTs from the remaining collection by Bill Murray, though a wallet security team was able to safeguard those NFTs in time.

Murray's team confirmed the theft, and said they are working with the police and Chainalysis to identify the hacker.

Attackers steal around $265,000 of user funds from KyberSwap exchange

An attacker was able to insert malicious code into the frontend of the decentralized exchange KyberSwap and steal $265,000 of user funds. The project used Google Tag Manager to allow code to be injected into the project frontend (often for analytics, ads, or marketing purposes), which was used by the attacker to insert malicious code into the project UI that specifically targeted whale accounts—that is, those with large balances.

Kyber identified and remedied the issue after two hours of investigating it, and only two wallets were affected. Kyber promised to compensate the users who lost funds, and also tried to tempt the hacker into returning funds by allowing them to keep 15% of the stolen money as a "bounty" (~$40,000).

Snapchat abandons its web3 plans

Snap Program Manager Jake Sheinman tweeted that "As a result of the company restructure, decisions were made to sunset our web3 team. The same team that I co-founded last year with other pirates who believed in digital ownership and the role that AR can play to support that." Snap, the company behind Snapchat, had been working on a feature that would enable users to import their NFTs and use them as augmented reality filters.

This news came amidst the announcement that Snap would be laying off 20% of its staff, a whopping 1,300 people.

Unable to recover from the April Rari exploit, Babylon Finance shuts down

In April, an attacker exploited vulnerabilities in the defi lending project Rari Capital to steal $80 million. The asset management project Babylon Finance was a major lending pool on Rari, and lost $3.4 million in the hack. After the incident, users withdrew more than 3/4 of the assets on the project.

Since April, Babylon tried to recover from the hack. However, they described it as "the domino that kickstarted a series of unfortunate events". Rari canceled their planned reimbursement, users withdrew their funds from Babylon Finance, the Fuse pool on Rari was abandoned, and the token price decreased from around $20 to around $5.

On August 31, Babylon Finance's founder Ramon Recuero published a blog post announcing that Babylon would be shutting down. They promised to distribute the remaining project treasury among holders. Users were told to withdraw their funds by November 15.

Lawyer Kyle Roche withdraws from several crypto class-action lawsuits after allegations that he was involved in "gangster-style" schemes to hurt competitor projects

Kyle Roche sitting in a dim restaurant setting, speaking and gesturing. A caption on the video reads "I'm just a crazy motherfucker".Roche in one of the secretly recorded videos (attribution)
Kyle Roche, a founding partner and namesake of the Roche Freedman law firm, has withdrawn from class-action lawsuits filed by the company against projects including Tether and Bitfinex, the Tron Foundation, and BitMEX. This change came less than a week after a whistleblower website alleged he had been paid to attack competitors of the Avalanche blockchain with lawsuits intended to harm them and reveal corporate secrets.

Although Roche has denied the claims by the site, and stated that someone deliberately got him drunk and then took clips of videos out of context, it probably doesn't look so good for a lawyer to be referring to jurors as "10 idiots", or plaintiffs in class-action lawsuits as "100,000 idiots".

Helium ditches its blockchain

Helium is a network of wireless hotspots that decided to bolt on a cryptocurrency layer a few years after it was created. Through this, they hoped to convince people to spend hundreds of dollars on Helium hotspots, which earn an average of 0.07 HNT ($0.37) a day (2.1 HNT/$11.24 a month) for supplying connectivity to internet of things devices.

Now, Helium is ditching its custom Helium chain in favor of a Solana-based token, and scrapping the blockchain entirely for the portions of its service that actually used the blockchain for anything beyond handling rewards.

Helium seems to have realized, finally, that blockchains tend to be slow as hell. In a blog post about the change, they wrote that "specific transactions, including Proof-of-Coverage and Data Transfer Accounting, are processed on-chain unnecessarily. This data bottleneck can cause efficiency issues such as device join delays and problems with data packet communications, which bloats the Network and causes slow processing times." They outline their plans to move these portions of the project to a "more traditional large data pipeline"—that is, infrastructure that's actually well-suited to that kind of processing.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.