Hackers steal $3.2 million from GMX whale

A chart of the GMX price over a one day period on January 3, 2023. Around 3pm there is a sudden drop from around $41.50 to just above $38, which then rebounds to around $40 fairly quickly before drifting back up towards $41.50.GMX/USD on January 3 (attribution)
An apparent wallet compromise netted hackers 82,519 GMX tokens from a wallet belonging to a GMX whale. The hackers exchanged these tokens for 2,627 ETH ($3.18 million), then swapped the assets cross-chain.

The sudden sale of such a large number GMX tokens (which are comparatively illiquid compared to much larger cryptocurrencies like Ethereum) caused the price to suddenly drop from ~$41.50 to ~$38 per token, though the token price recovered fairly quickly. GMX is the native token for the defi exchange of the same name.

Users of several NFT marketplaces see porn, Big Bang Theory stills appearing instead of their NFT images

A grid of Goonie NFTs from the RetroGoons project. Most are illustrations of monkey figures, but one has been replaced with a photograph of a nude woman.A collection on Magic Eden during the compromise (attribution)
Users of NFT marketplaces and explorer applications including Magic Eden, NFT Explorer, and Rand Gallery were briefly shown pornographic images and still frames from the Big Bang Theory television show instead of the expected NFT images after someone compromised a third-party image caching service. The affected NFTs used images stored on the decentralized storage system IPFS, and the NFTs themselves were not impacted. However, a third-party caching service used by the NFT platforms caused in some cases very unexpected images to display instead.

"What the fuck is happening, why my 5 years old kid watching porn JPEGs on [Magic Eden's] website" tweeted one shocked user.

The issue was resolved fairly quickly, although some visitors continued to see the unsavory images for a while longer due to browser caching.

Streamer and crypto founder DNP3 admits to gambling with investor funds

DNP3 is a streamer known for giving away large sums of money to other streamers. He is also a crypto founder behind projects including CluCoin, the Xenia play-to-earn game, the Gridcraft play-to-earn game platform, and the Goobers NFT project.

On January 3, he released a statement on Twitter explaining that he had become addicted to gambling over the past year — specifically mentioning his use of the Stake cryptocurrency casino. He wrote, "Every dollar I could find I would put into Stake in hopes of winning big. Even when the big wins did happen it wasn’t enough. Eventually I lost everything. In addition to my own life savings, I also irresponsibly used investor funds to try and 'get my money back' from the casino which was wrong for so many reasons."

The impact on the projects he created — and those who put money into them — is not yet fully clear.

Hacker drains the wallet of the RTFKT crypto project's COO

A silver robot wearing a pink octopus as a hat, and with light pink wings and rainbow-colored pointy teethCloneX #17088, which the hacker flipped for almost $14,000 (attribution)
An attacker drained the wallet of Nikhil Gopalani, the COO of the Nike-owned crypto organization RTFKT. Most of the stolen NFTs were RTFKT NFTs, and the priciest were the nineteen CloneX NFTs that the thief flipped for between $5,850 and $13,960 each, for a total of 112.3 ETH ($136,000). Gopalani's wallet was also relieved of nineteen RTFKT Animus Eggs (priced at a cumulative ~$20,000 based on floor price) and eleven RTFKT x Nike Dunk Genesis CRYPTOKICKS NFTs (priced at a cumulative $3,300).

Gopalani tweeted that "I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts... Obviously pretty upset and hurt by this and I havent really been able to move all day." He didn't provide further details, but a tweet by RTFKT CTO Samuel Cardillo suggested that Gopalani may have provided passwords or private keys to a phisher.

Gemini founder writes open letter to Barry Silbert begging for the return of $900 million

Tyler and Cameron Winklevoss, both wearing Gemini t-shirtsTyler and Cameron Winklevoss, Gemini founders (attribution)
On November 16, Genesis halted withdrawals from its lending service shortly after the FTX collapse. Gemini, who partners with Genesis lending to power their Earn program, halted withdrawals hours later. On December 3, the FT revealed that Genesis owes Gemini's customers $900 million.

On January 2, Cameron Winklevoss — one of the twin brothers who operates Gemini — published an open letter on Twitter to Barry Silbert, the founder and CEO of DCG, which is the parent company of Genesis. DCG also has a substantial amount of money that they have borrowed from Genesis.

"More than 340,000 Earn users ... are looking for answers. These users aren't just numbers on a spreadsheet, they are real people. A single mom who lent her son's education money to you. A father who lent his son's bar mitzvah money to you. A husband and wife who lent their life savings to you. A school teacher who lent his children's college funds to you. A policeman, and so many more. All together, these people entrusted more than $900 million of their assets to you," wrote Winklevoss, without any apparent self-reflection on the fact that these words could just as easily have been (and should also be) addressed to him by those same customers of his service.

Bitcoin core developer claims his wallets were compromised, more than 216 BTC (~$3.6 million) stolen

One of the original Bitcoin core developers, Luke Dashjr, claimed on Twitter that attackers had managed to compromise multiple wallets — which he described as both hot and cold wallets — to steal all of his Bitcoins. Dashjr originally blamed the attack on a PGP key compromise, but later said the PGP compromise was only a part of a much broader hack where attackers also bypassed two-factor authentication and got access to what he had believed to be a cold wallet.

Dashjr complained on Twitter about having trouble getting in contact with the FBI about the theft. Some joked about the irony of a Bitcoin maximalist running to the FBI when his coins were stolen.

There are some questions about the veracity of Dashjr's claims, given his supposed security practices, the extent of the breach, and some of his odd comments on Twitter.

Swiss crypto broker Covario goes bust

Just before the holidays, employees of the Covario crypto broker based in Zug, Switzerland learned that their employer was no longer solvent. Attempts to secure a buyout had been unsuccessful, and the company is entering bankruptcy.

The firm had attempted to keep up appearances that all was well, spending lavishly and even opening new offices several weeks before entering bankruptcy. However, it turns out that employee pension contributions had not been being paid since early summer. Employee salaries had not been paid since October.

Tax loss harvesting service emerges to help collectors unload their worthless NFTs

If you bought an NFT for $1,000 and it's now worthless, you still have to find someone willing to buy it before you can claim it as a loss on your taxes. A project called "Unsellable" has emerged to fill that need—buying worthless NFTs for $0.01 (for a small fee) so that people can claim the losses.

"This tool really helped me unload those embarrassing early NFT Hype investments. Should shave about $1000 off my tax bill", a supposed user writes in a testimonial blurb on the site (although the testimonials appear to be faked).

Perhaps someone has finally found a viable crypto business model after all.

Wallets linked to Sam Bankman-Fried's Alameda Research unexpectedly begin selling off $1.7 million in tokens

Wallets known to be controlled by Alameda Research, the crypto trading firm founded by Sam Bankman-Fried and currently in bankruptcy with the other FTX companies, suddenly began selling off large quantities of mostly small altcoins on December 28. Whoever controls the wallets swapped the tokens for Tether stablecoins or Ethereum, then tumbled the funds through cryptocurrency mixers — a strong sign that this was probably not just the FTX liquidators consolidating wallets.

Altogether, an estimated $1.7 million was moved through various services to obfuscate the flow of funds.

3Commas finally owns up to API key leak

In October, several people reported losing more than a million dollars each from accounts that were connected to the 3Commas trading platform. 3Commas vociferously denied that there was any security breach of their crypto trading service, instead claiming that some of their users were at fault for being phished and having assets stolen. Now that someone has published the API key database that was exfiltrated from 3Commas, however, the company has finally owned up to the breach. They confirmed the data in the files was legitimate on Twitter, and wrote that they had contacted Binance, Kucoin, and other exchanges with whom they integrate to ask them to revoke all API keys connected to 3Commas.

3Commas did not come off looking very good after this incident, after they spent weeks denying any breach and accusing those who were concerned 3Commas had been compromised of spreading misinformation and "FUD".

Researcher zachxbt wrote that he had verified 44 victims who had lost a combined $14.8 million due to the leak, although he acknowledged that this was only the number of people he could verify and that the total number of people affected was likely much higher.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.