Hundred Finance and Agave Finance are both exploited for a collective $12 million

An attacker using a flash loan attack targeted two projects on the Gnosis blockchain: Hundred Finance and Agave Finance. Each project paused their smart contracts, but not before the attacker made off with a considerable sum of money. That day, the attacker put the funds through a cryptocurrency tumbler, making it much more difficult to trace the collective 4,479 ETH that was stolen in roughly equal amounts from each protocol.

Hundred and Agave were the second and third defi protocols targeted by flash loan attacks that same day, with Deus Finance losing more than $3 million to hackers using the same class of exploit.

Binance pauses withdrawals and deposits via Polygon

After an extended Polygon outage on March 10, Binance temporarily paused deposits and withdrawals via Polygon on March 15. Although Binance reported it was "due to the network wide issues of the Polygon network", Polygon stated that "Polygon PoS network is stable, and working fine. All funds are safe. Binance is upgrading its nodes, and currently syncing the block data, hence they have paused the deposit and withdrawal." It was unclear why this would happen days after the original outage.

Hackers make off with over $3 million from Deus Finance

Hackers were able to use a flash loan attack to manipulate a price oracle, pulling 200,000 DAI and 1101.8 ETH (totaling almost $3.1 million) out of the Deus Finance defi platform. PeckShield, the analysis firm that identified the vulnerability, wrote that the $3 million number represented the amount the hackers were actually able to withdraw and put through a cryptocurrency tumbler, but that the loss to the project may have been larger. The CEO of Deus Finance subsequently wrote on Twitter that users whose positions were liquidated as a result of the exploit would be repaid.

Sneaky malware replaces Bitcoin addresses in clipboard to reroute transactions

Bitcoin wallet addresses look something like bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq, and so it's not always obvious at a glance if one string of random characters might have been replaced with another. Malware taking advantage of this fact has been spotted in the wild, replacing copied Bitcoin addresses with the address of a scammer, so that if a person pastes in an address to send Bitcoin to, it goes to the scammer instead. One trader learned this the hard way when the 0.255 BTC (about $10,000) they'd tried to send to an exchange never arrived. After looking into it, they saw that the funds had gone to a completely different address than they'd intended, and were able to sniff out that malware was to blame.

Invictus DAO whales quickly vote to shutter the project in its first ever community vote, leaving most others with huge losses

Invictus price history since November 12, 2021, showing a brief spike in late November and then a precipitous drop and slow decreaseInvictus token price in USD (attribution)
The Sol Invictus project was an Olympus DAO-like project on the Solana blockchain, much like the Wonderland project that went up in flames recently. Promising absolutely massive returns, with numbers like 60,000% APY being tossed around, people bought in hoping to see their money skyrocket. The project also partnered with major names in the Solana ecosystem, earning legitimacy.

However, although the project enjoyed a spike in price in November, the token has bled value since then. On March 9, the project leaders began a conversation about team salaries, where they also floated the idea of redeeming the treasury and closing the project. On March 11 they began a vote, which lasted only three days, and allowed members of the DAO to vote on whether the project should close and distribute treasury funds to participants. Much like the Wonderland vote in late January, a relatively small number of whales with a large share of the votes (who bought in early and still stood to make money on the project) were able to pass the vote to close the project, despite a majority of voters selecting to keep the project going. Furthermore, because the Invictus tokens used for voting also themselves hold the value, some people were unable to vote in the poll because their tokens were locked up in lending platforms where they had used them as collateral. Many participants in the project who haven't been actively watching the governance page likely don't even know the vote happened.

Some members of the project wrote on Discord that they felt rugged, with one even speculating that the project had been so eager to implement voting so they could pass a "community" vote to close the project and make off with a profit without damaging their reputations or potentially facing lawsuits. Various members of the project Discord shared how much they had lost: one person said they were down $20,000, another was down $75,000, and a third person reported losing $400,000. One person asked "who else is in the 6 figure loss club" and received three agreement emoji reactions; another person said they'd lost a year's salary. Some people already opted to try to sell their tokens early, worrying that the project leaders might make off with the treasury and not allow people to redeem their $IN; others waited in hopes of the redemption price being higher than the current token price; and some even suggested buying more $IN in hopes that they could make a profit if the redemption price is higher than the current price.

Discord compromise targets fans of the Wizard Pass project in a two-for-one scam that both accepted payments for fake NFTs and stole the NFTs that victims already owned

Wizard Pass is an NFT trading community and package of various software tools that can be joined for a price: a collection of 3,000 NFTs gates access to the community. The NFTs had a successful mint on March 7, and since then have been trading for around 0.3 ETH ($800) on the secondary market. Although the project stated that they would never mint more passes, members of the Discord were excited when the project's founder announced they would be doing a public sale for an additional 1,000 NFTs, at 0.1 ETH ($250) apiece. Unfortunately, there was no such mint, and it turned out the founder's Discord account had been hacked. As of midday on March 14, the hacker had received 66.4 ETH ($169,000) from 290 wallets.

A Twitter thread by SerpentAU suggested that the malicious minting website had not only accepted ETH from victims and provided nothing in return, but had also prompted users to grant full access to their NFT wallet, allowing valuable NFTs to be stolen. It's not yet clear how many NFTs were stolen as a result.

Collector sues artist after spending over $500,000 on an image of Pepe the Frog that others got for free

A trading card style image with an illustration of Pepe the Frog leaning on the edge of a pond, with his buttocks partially exposed. The text area of the card contains Matt Furie's signature.FEELSGOODMAN Series 20, Card 50 (attribution)
Matt Furie is the original creator of the Pepe the Frog cartoon that was later co-opted as an alt-right hate symbol, and which has also been popular among crypto enthusiasts and other online communities. Furie, his company Chain/Saw, and his DAO PegzDAO held an auction on October 8, 2021, and seemed to promise that the NFT would be one-of-a-kind: "500 cards issued, 400 burned, 99 will remain in the PegzDAO, and ONE is being auctioned here". Halston Thayer ended up winning the auction by bidding 150 ETH, then worth $537,084. However, on October 24, 46 of the 99 NFTs that were held by PegzDAO were distributed for free. According to a lawsuit filed by Thayer on March 12, 2022, releasing the 46 additional NFTs "significantly devalu[ed] Plaintiff's Pepe NFT to less than $30,000". The lawsuit seeks reimbursement of Thayer's original purchase, as well as punitive damages. Best of luck to the lawyers trying to describe "Rare Pepes" to a judge, or keep a straight face when saying that yes, the plaintiff did pay more than half a million for a drawing of a rather callipygian cartoon frog.

A trader reportedly makes half a million from a flash crash, then the LATOKEN exchange takes their coins

A trader set very low limit order on Ripple's XRP token, and was delighted to see it executed with XRP very briefly plummeted in value in what's known as a flash crash. The price recovered quickly, and the trader found themselves $458,000 wealthier. However, when they tried to withdraw some of their money from the exchange they were using, LAToken, the withdrawal was declined and their account was restricted for 24 hours for an unspecified terms of use violation. When the trader regained access to their account, the XRP they bought was nowhere to be found.

Report alleges Socios withheld payments owed to advisors and staff to maintain the value of its cryptocurrency

Off the Pitch reported on March 11 that Socios, the sports fan platform, had withheld payments owed to staff, advisors, and others who had signed agreements to endorse the platform's cryptocurrency, chiliZ. Internal messages showed that Socios founder Alexandre Dreyfus repeatedly referred to the payments owed to advisors as "the free money we give them". The reasoning for withholding the payments he'd agreed to? According to internal messages from Dreyfus, "When you give free tokens, people can sell at any price... It doesn’t matter for them; so it makes the price going down... and the REAL investors who bought are losing money because of that." Staff members also were not paid the amounts they were owed. Some of them had moved to Malta, where Socios is headquartered, and were stuck there waiting to be paid.

$4 billion hedge fund Fir Tree Capital Management shorts Tether

The large hedge fund Fir Tree Capital Management has decided that the doubts around the stablecoin Tether are serious enough to take out a substantial short position against the project. Tether has faced questions from regulators, many of which center around whether or not the stablecoin is actually backed by the reserves it claims to have. Some of the assets Tether holds are high-yield commercial paper, which Fir Tree evidently believes is substantially tied to Chinese real estate firms. If that is the case, the real estate crisis in China (primarily revolving around Evergrande Group) could cause the value of Tether's reserves to plummet. According to Fir Tree, they've been shorting Tether since July, and expect their bet could pay off within a year. Other commenters and analysts have speculated that if Tether collapses, and that it very well might, there could be enormous ramifications for the rest of the cryptocurrency space.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.