German government's blockchain-based ID wallet removed from app stores shortly after launch due to major issues

Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".

Vee Finance platform emptied of $35 million a week after its launch

The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.

pNetwork loses $12 million to a bug

A hacker stole $12 million from the DeFi platform pNetwork after exploiting a bug in the codebase. The network offered a $1.5 million bounty to the attacker to return the funds.

Supply chain attack drains $3 million from SushiSwap

A retro-looking website titled "JAY PEGS AUTO MART". There are buttons for "MINT' DONA" and "BIG OCEAN", and gifs of wacky inflatable tubes at the bottom.Jay Pegs Auto Mart website (attribution)
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.

Head of Product for major NFT platform, OpenSea, is asked to resign following allegations of NFT insider trading

A Twitter sleuth discovers that OpenSea's Head of Product, Nate Chastain, had apparently been engaging in a form of insider trading by buying NFTs that he knew would later be featured on the front page of OpenSea, then selling them once their value increased from the spotlight. The Twitter user identified a chain of transactions show Chastain laundering the transactions through several anonymous accounts. OpenSea posted a statement confirming the shady trades had taken place, and that they had requested and received the employee's resignation, though they didn't specifically name Chastain as the culprit. Chastain's Twitter profile was updated shortly after, identifying him as a former OpenSea employee. OpenSea announced the next day that they had implemented policies preventing employees from trading on confidential information, which I guess they just hadn't bothered to think about previously.

GTV Media Group, a media company operated by Steve Bannon and Guo Wengui, pay $539 million settlement over ICO

The SEC filed charges against GTV Media Group and related entities, alleging they engaged in an unregistered ICO when they offered investors the opportunity to buy "G-Coins" (also called "G-Dollars"). GTV immediately settled with the SEC, agreeing to pay over $539 million.

GTV Media Group is a media company co-founded by Steve Bannon and Guo Wengui, both figures in the American far right who have close ties to Donald Trump.

Fake press release dupes media outlets into reporting that Walmart will begin accepting Litecoin

A graph of the value of Litecoin, showing a brief but large spike in its valueSpike in Litecoin value attributed to the fake press release (attribution)
A press release distributed via GlobeNewswire claimed Walmart was announcing a partnership with Litecoin to begin accepting the cryptocurrency as a payment method. The value of Litecoin spiked before tumbling after Walmart said the announcement was fake.

SEC charges Rivetz Corp. and related entities for $18 million ICO

The SEC charged Rivetz Corp. and related entities with running an illegal ICO when they launched their "RvT tokens". They raised $18 million through the ICO, which they never registered with the SEC, to raise funds for the Rivetz blockchain security company. The funds, which were raised in ETH, were used to give the company's founder a $1 million bonus, plus a $2.5 million loan which he used to "purchase a house in the Cayman Islands that he then leased back to Rivetz Int'l."

C.R.E.A.M. Finance exploited again, this time for $25 to $30 million

A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $20 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of the year.

xToken loses another $4.5 million in second hack of the year

A vulnerability in xToken's xSNX product allowed hackers to use flash loans to empty $4.5 million from xToken. This hack followed an even larger hack in May, where the platform was exploited for around $25 million.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.