The thief's activity began shortly before the Russian invasion of Ukraine. After the invasion, the thief stopped destroying the Bitcoin and instead began transferring it to addresses identified for Ukrainian aid.
Hacker steals Bitcoins from Russia, destroys them or donates them to Ukraine
CFTC imposes record $3.4 billion fine on Bitcoin scammer
Steynberg has been ordered to pay a total of $3.4 billion — $1.7 billion in restitution and another $1.7 billion penalty. Steynberg was arrested in Brazil in December 2021 on an INTERPOL arrest warrant, where he has remained since pending extradition.
- "Federal Court Orders South African CEO to Pay Over $3.4 Billion for Forex Fraud", U.S. Commodity Futures Trading Commission
FBI raids home of FTX exec Ryan Salame
Salame was also a major donor to Republican candidates in the 2022 midterm elections, splashing out around $24 million in campaign contributions. However, court filings suggest that much of the money donated to political and other causes by FTX executives may truly have been misappropriated customer funds.
Salame is, at the moment at least, not facing charges in connection to the FTX collapse.
- "F.B.I. Searches Home of Top FTX Executive", The New York Times
Belgian crypto lender Bit4You suspends activities
"To date we have no indication that the virtual currencies held on behalf of our customers with CoinLoan will not be recovered," they wrote in their announcement. Reassuring!
AT&T customers suffer crypto wallet compromises reportedly totaling $15–$20 million
An anonymous source corresponding with TechCrunch claims that the total amount of cryptocurrency stolen is somewhere between $15 million and $20 million. The tipster also claimed that the hackers have the ability to gain access to any AT&T account via the AT&T employee portal; AT&T has denied this and instead claimed that "the bad actors used an API access."
"Rogue developers" make off with $1.82 million from Merlin
The Merlin DEX had been audited by the CertiK security firm, which stated it was working with the remaining team members to try to trace the thieves. Meanwhile, they wrote that they would be working to compensate affected users.
Some didn't seem to buy the story that the theft was carried out by a few rogue developers, accusing the entire Merlin project team of rug-pulling.
CoinLoan suspends withdrawals
Protos speculated that the suspension could be related to Vauld, an exchange that collapsed last July. Vauld is rumored to have tens of millions of assets on CoinLoan.
The same day as Vauld's collapse, CoinLoan implemented a withdrawal limit of $5,000/day.
- Notice of restraint on disposition , Ametlikud Teadaanded
- "Did Vauld drive CoinLoan into court-ordered liquidation?", Protos
- "CoinLoan halts all withdrawals, user services", CryptoSlate
Binance cancels Voyager acquisition
Binance cited "hostile and uncertain regulatory climate" as its reason for calling off the acquisition. A recent lawsuit from the CFTC against Binance and its CEO Changpeng "CZ" Zhao likely contributed to the cancellation, as it seems clear that Binance is being increasingly scrutinized by US regulatory and law enforcement bodies.
The acquisition had been supported by a massive majority of Voyager creditors, who were looking forward to recovering 73% of their assets trapped on the platform. Now that number is uncertain, but likely to be a good deal lower. Attorneys for Voyager estimated the recovery now would likely be between 40 and 65%.
Ordinals Finance rug pulls for at least $1 million
On April 24, the project developer withdrew 256 million OFI tokens and swapped them to ETH worth around $1 million. They then laundered the funds through the Tornado Cash crypto mixer. The project creator deleted the project's Twitter account and took down its website.
"First BRC-20 wallet" UniSat launches, is immediately exploited
Not everything has gone smoothly, though. As developers rushed to release wallets to support these new tokens, the UniSat wallet claimed to be the first. However, shortly after it launched, the developers made the Chrome extension inaccessible. They later revealed that the code had contained a vulnerability that exposed it to double-spend attacks. "Currently, we have preliminary investigation results, and out of all 383 transactions, 70 transactions have been identified as affected," they wrote.
It's not yet clear how much was stolen, but the UniSat team promised to compensate affected users. They later tweeted that they had determined the identity of the thief, though the funds have not yet been returned.