$2.7 million disappears from funds meant to compensate Hector Network investors

January 16, 2024

$2.7 million disappears from funds meant to compensate Hector Network investors

In July 2023, angry investors in the Hector Network project opted to "rage quit" — an option reserved by some defi projects that allows investors to vote to liquidate a project's remaining treasury and distribute it to token holders. The successful rage-quit vote in Hector's case came after the protocol lost $8 million in the Multichain disaster, although investors say that was only the final straw in a series of poor management choices and inflated salaries that saw the project treasury dwindle from over $100 million to around $16 million.

Now, another $2.7 million is gone after an apparent thief was able to exploit a smart contract that was intended to distribute payouts to Hector's token holders. They then swapped the tokens from the USDC stablecoin to ETH.

Investors in the project are furious, especially because various parties had warned Hector Network about apparently insecure practices. Hector Network's team, meanwhile, have not acknowledged the theft, although a law firm involved in the project liquidation promised a statement would be forthcoming.

January 16, 2024

TrueUSD loses peg (again) as traders sell due to fears over its stability

(attribution)

TrueUSD, a stablecoin connected to Justin Sun, deviated from its intended $1 peg to around $0.983 as traders sold off more than $100 million of the token seeking safer options. The fears seemed to be sparked by the rapidfire and massive hacks of the Justin Sun-connected HTX (hacked for $115 million) and Poloniex (hacked for $120 million) in November.

Adding to those is the fact that TrueUSD recently paused its real-time reserves attestations, due to systems reporting liabilities that exceeded assets, though TrueUSD (obviously) claimed this was just an error.

"TrueUSD drops below $1 peg to $0.985 amid selloff", The Block [archive]
"TrueUSD attestations paused again, this time for improper 'balances'", Protos [archive]
"TrueUSD stablecoin depegs as holders dump $330M in TUSD", Cointelegraph [archive]

January 16, 2024

Socket service and its Bungee bridge suffer $3.3 million theft

(attribution)

The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed them to take assets from those who had granted approval to a portion of the system called SocketGateway.

A little over 700 victims were affected, and the highest loss from a single wallet was around $657,000. 121 wallets lost assets priced at more than $10,000.

On January 23, the protocol announced they had recovered 1,032 ETH (~$2.23 million) of the stolen funds.

"Socket, Bungee Restart Operations After Apparent $3.3M Exploit", CoinDesk [archive]
"Socket Tech security breach affects multiple dapps and wallets", Blockworks [archive]

January 15, 2024

Gamestop is shutting down its NFT marketplace

(attribution)

Just as the NFT marketplace was entering collapse in May 2022, GameStop decided it would be a great time to launch an NFT marketplace. The marketplace launched in July, and made headlines for a rather unfortunate reason.

Evidently the platform has still been running since then, though it rarely enjoys much mention alongside its many competitors.

Now, rolling out the classic "regulatory uncertainty" line, GameStop has announced it will be shutting down the marketplace. After shutting down a crypto wallet project in November, the company seems to have fully exited the crypto world.

"GameStop Is Closing Its Terrible NFT Marketplace", Kotaku [archive]

January 15, 2024

Harmony blockchain encounters "infinite mint" bug; accusations of wrongdoing fly

(attribution)

On December 7, the Harmony blockchain began encountering a bug that ultimately caused around 150 million of the project's $ONE token (priced at around $2.2 million) to be erroneously minted and distributed to 79 wallets. Most of the recipients, who were anonymous, quickly sold their unexpected windfall.

The bug was fixed about a week later. There has been a dispute since then between Harmony employees and a consultant who was involved in identifying the bug, and the consultant has been accused of delaying action to profit from the excess tokens. The consultant also balked at destroying some of the tokens he mistakenly received.

The consultant claims that he didn't profit from the bug, and objected to a Harmony employee coming after him to destroy the excess tokens when he'd done little towards others who profited from the error. He did, however, say later that he had destroyed the tokens.

According to the consultant, a Harmony employee claimed that he had filed reports to the FBI and IRS about the consultant's behavior, and had the consultant banned from the annual ETH Denver event.

"Inside the Harmony spat over a bug that created $2.2m in tokens", DL News [archive]

January 12, 2024

Genesis to settle with New York for $8 million

(attribution)

After the New York Department of Financial Services accused the Genesis cryptocurrency platform of cybersecurity failures that made it vulnerable to criminal activity and hacking threats, Genesis has reached an $8 million settlement with the agency.

The failures included poor anti-money laundering programs, deficiencies around filing suspicious activity reports, and poor cybersecurity.

The NYDFS action is only one of Genesis' many worries these days, as it undergoes bankruptcy proceedings and is facing various other legal woes.

"Genesis Global Trading to pay $8 million in settlement after New York's regulator found cybersecurity failings", The Block [archive]

January 10, 2024

Euler Finance cofounder loses private key and, with it, $3.8 million

As Euler Finance tried to recover from a massive hack in March 2023, and as founder co-founder Michael Bentley was dealing with matters in his personal life, he "made an error and it turns out that one of the private keys [to his personal crypto wallet] is no longer recoverable". The private key would have allowed him to recover assets from his hardware wallet, which had made his assets inaccessible after a malfunction.

With the malfunctioning hardware wallet and no recovery key, Bentley has lost access to assets including 1.2 million EUL tokens — over 4% of the total EUL token supply. These tokens are priced at about $3.8 million today, though at other times the tokens would have been worth up to about $15 million.

"I've now lost a substantial percentage of the crypto assets I held in cold storage, accumulated over more than seven years, including the majority of the EUL allocated to me for participating in Euler governance," said Bentley.

"Euler co-founder lost $3.8m worth of governance tokens after hardware failure", DL News [archive]

January 10, 2024

Trader loses $5.7 million to slippage in memecoin trade

A shiba inu dog wearing a chunky light pink knit hat with a brim

Dogwifhat's namesake (attribution)

A trader looking to buy $9 million of a recently popular Solana memecoin, dogwifhat (WIF), lost $5.7 million of their funds to slippage as they placed a massive order in a pool with relatively low liquidity. $5.7 million of their funds were lost to "slippage" — the discrepancy in price that can occur when a trade is so large or a market is so illiquid that the trade itself impacts the asset price.

Some have speculated that the trade might be an expensive marketing stunt to increase attention to WIF, which was losing some steam.

I'll give it to them: the token's namesake is pretty cute. But not $9 million cute.

"Trader Buys $9M of Solana Meme Coin Dogwifhat, But Loses Over 60% to Slippage", CoinDesk [archive]

January 10, 2024

So long, hexagon: Twitter removes NFT profile picture support

Just about two years after launching a feature in which NFT owners could show off their NFTs with special, hexagonal profile pictures, Twitter has apparently removed support for adding NFT avatars.

It's unclear if the move is spurred by the massively waning interest in NFTs, or if it's part of Twitter's broad slashing of functionality in the wake of Elon Musk's disastrous takeover and cost-cutting attempts.

Those who already had the hexagonal profile pictures now seem to have had them restored to their usual circular shape, and there's no longer any mention of the feature in Twitter's support documentation, and new NFT profile photos can't be uploaded. People can, of course, still right-click and save the images and upload them that way.

"X removes support for NFT profile pictures", TechCrunch [archive]

January 9, 2024

SEC Twitter account compromised, used to falsely announce approval of bitcoin spot ETFs

As the crypto industry collectively turns blue holding its breath for a decision on a raft of bitcoin spot ETFs currently in front of the SEC, the SEC Twitter account was hacked. The hacker posted an announcement stating that the Commission had approved bitcoin ETFs, even including a graphic with a fake quote from Chairman Gary Gensler.

Bitcoin briefly spiked by about $1,000 before dipping around $1,000 below its previous price, as traders excitedly reacted to the news, and then the news that the news was fake.

Tweet by the SEC [archive]

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.