German government's blockchain-based ID wallet removed from app stores shortly after launch due to major issues
Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".
- "ID Wallet: The German government had long known about IT security vulnerabilities", Market Research Telecast
- "Konzeptionell kaputt und ein riesiger Rückschritt", Netzpolitik.org
Vee Finance platform emptied of $35 million a week after its launch
The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.
pNetwork loses $12 million to a bug
A hacker stole $12 million from the DeFi platform pNetwork after exploiting a bug in the codebase. The network offered a $1.5 million bounty to the attacker to return the funds.
Supply chain attack drains $3 million from SushiSwap
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.
Head of Product for major NFT platform, OpenSea, is asked to resign following allegations of NFT insider trading
A Twitter sleuth discovers that OpenSea's Head of Product, Nate Chastain, had apparently been engaging in a form of insider trading by buying NFTs that he knew would later be featured on the front page of OpenSea, then selling them once their value increased from the spotlight. The Twitter user identified a chain of transactions show Chastain laundering the transactions through several anonymous accounts. OpenSea posted a statement confirming the shady trades had taken place, and that they had requested and received the employee's resignation, though they didn't specifically name Chastain as the culprit. Chastain's Twitter profile was updated shortly after, identifying him as a former OpenSea employee. OpenSea announced the next day that they had implemented policies preventing employees from trading on confidential information, which I guess they just hadn't bothered to think about previously.
GTV Media Group, a media company operated by Steve Bannon and Guo Wengui, pay $539 million settlement over ICO
The SEC filed charges against GTV Media Group and related entities, alleging they engaged in an unregistered ICO when they offered investors the opportunity to buy "G-Coins" (also called "G-Dollars"). GTV immediately settled with the SEC, agreeing to pay over $539 million.
GTV Media Group is a media company co-founded by Steve Bannon and Guo Wengui, both figures in the American far right who have close ties to Donald Trump.
- "SEC Charges Three Media Companies with Illegal Offerings of Stock and Digital Assets", U.S. Securities and Exchange Commission
Fake press release dupes media outlets into reporting that Walmart will begin accepting Litecoin
A press release distributed via GlobeNewswire claimed Walmart was announcing a partnership with Litecoin to begin accepting the cryptocurrency as a payment method. The value of Litecoin spiked before tumbling after Walmart said the announcement was fake.
SEC charges Rivetz Corp. and related entities for $18 million ICO
The SEC charged Rivetz Corp. and related entities with running an illegal ICO when they launched their "RvT tokens". They raised $18 million through the ICO, which they never registered with the SEC, to raise funds for the Rivetz blockchain security company. The funds, which were raised in ETH, were used to give the company's founder a $1 million bonus, plus a $2.5 million loan which he used to "purchase a house in the Cayman Islands that he then leased back to Rivetz Int'l."
- "SEC Charges Issuers and CEO for $18 Million Illegal Securities Offering", U.S. Securities and Exchange Commission
El Salvador adopts Bitcoin as legal tender
Nayib Bukele unexpectedly announced that El Salvador would be adopting Bitcoin as legal tender, and the policy went into effect on September 7, 2021. With the benefit of hindsight, we can see that the decision came near the very top of the Bitcoin prices. Those who put money into Bitcoin at Bukele's urging have lost quite a lot of money.
So has El Salvador itself, assuming Bukele is telling the truth about his many claimed Bitcoin purchases. As of December 2022, Nayib Bukele has lost more than $67 million on those investments.
C.R.E.A.M. Finance exploited again, this time for $25 to $30 million
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $20 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of the year.