According to Hong Kong police, they have received more than 2,600 complaints about JPEX, involving HK$1.6 billion (~US$204 million) in assets.
Hong Kong police arrest 72 people, freeze $29 million in connection to JPEX
Police in Hong Kong have arrested 72 people and frozen HK$228 million (~US$29 million) in connection to the collapse of the JPEX cryptocurrency exchange in September 2023. The South China Morning Post has described the collapse as the largest alleged fraud of its kind in Hong Kong.
- "Hong Kong JPEX cryptocurrency scandal: 72 arrested, HK$228 million in assets frozen so far", South China Morning Post [archive]
Avi Eisenberg convicted of $110 million Mango Markets heist
A jury found Avi Eisenberg guilty of fraud and market manipulation after he stole $110 million from the Mango Markets defi protocol in October 2022. Although he tried to argue that "code is law", and that his actions were legal as they were allowed by the project's smart contracts, jurors ultimately agreed with prosecutors that his manipulation of token prices constituted fraud.
Shortly after he was identified as the person behind the attack, Eisenberg tweeted that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions". Sadly for him, jurors didn't share this belief.
Eisenberg faces up to 20 years in prison.
Roger Stone endorses $TRUMP memecoin with misleading posts
Amid tweets alleging corruption among jurors in his 2019 criminal case, far-right activist and Trumpworld figure Roger Stone has posted several tweets endorsing "MAGA Memecoin", one of the many memecoins with the $TRUMP ticker. In several posts, he's suggested the token enjoys support from Trump himself, mentioning that the token is "the largest holding in Donald Trump's crypto wallet". "Donald Trump has at least $2M in @MAGAMemecoin in his crypto wallet - get yours- this cryptocurrency is going UP!", he wrote in another.
What he failed to mention is that the tokens in Trump's wallet were airdropped to him, likely without Trump even realizing it. Several of Trump's crypto wallets are publicly known, and people send coins and NFTs to them all the time. Trump has no more endorsed Stone's "MAGA Memecoin" than he has the "HarryPotterTrumpHomerSimpson777Inu" tokens that also sit in his crypto wallet.
Elsewhere, Stone disclosed, "My promotion of MAGAMemecoin is, of course, sponsored." I haven't been able to find where he has disclosed the amount he was paid for these promotions, as he is required to do.
$2 million emptied from Grand Base real world asset platform
Grand Base, a real world assets platform built on the Base layer-2 blockchain, has seen $2 million exit the platform in a hack or rug pull.
The team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project.
Grand Base is a platform where users can trade "gAssets", which are crypto tokens that represent stocks in tech companies including Amazon, Apple, Google, Meta, and Microsoft.
tea.xyz causes open source software spam problems, again
The tea.xyz protocol first earned an entry on Web3 is Going Just Great in late February, when their plan to reward open source software contributors resulted in crypto enthusiasts with no intention of participating in OSS opening endless pull requests to claim ownership of prominent OSS projects. This spam was disruptive to said projects, whose (usually volunteer) maintainers had to figure out what was going on and then try to stop the spammy PRs.
Max Howell, the creator of tea.xyz (and creator of homebrew, though he's no longer involved), seemed apologetic, and promised to make changes to the protocol to stop this spammy behavior.
Now, deprived of that avenue, people are just creating massive waves of empty software packages, with nothing other than a "teafile" with their crypto wallet address for rewards, and submitting them to package managers like NPM and RubyGems.
This spam prompted a blog post from RubyGems, who wrote that they had to devote time to strengthening limits on package publishing and "ensuring [accounts] didn't disrupt the community further."
Security researchers at Phylum also wrote up the protocol's impact on the JavaScript world, which has seen as many as 7x as many packages published on NPM as previous daily averages. "Automated sustained spamming of this volume for months on end is rare and does nothing but cause heavy strain on the ecosystem itself, degrading the performance of the ecosystem for genuine users and straining open source security researchers," they wrote.
$26 million liquidated in surprise Pac Finance smart contract change
Pac Finance, a fork of the Aave lending protocol deployed on the Blast blockchain, surprised some of its users as an unannounced and unexpected code change lowered the liquidation threshold. Pac Finance said that they had asked an engineer to make changes to the smart contract, and that that person had unexpectedly decreased the threshold at which positions could be forcibly liquidated. This change resulted in $26 million being liquidated across the project.
Pac Finance has said they are "actively developing a plan with [impacted users] to mitigate the issue."
Australian NGS Crypto mining fund collapses
NGS Crypto, which sold "crypto mining packages" to interested investors, has been put into receivership. The Australian firm encouraged customers to set up a self-managed super fund — a type of retirement fund — to achieve returns they said were powered by crypto mining. The firms advertised returns of up to 16% annually, and promised that investors would receive 100% of their initial investment back at the term's completion — even "in the unlikely event that crypto mining becomes unprofitable".
NGS and its associated business is believed to have pulled in around AU$62 million (US$42 million) from around 450 Australians.
Australian DCA Fund collapses with up to $65 million owed to creditors
Liquidators have been appointed for three cryptocurrency companies owned by Ash Balanian. DCA Capital, Digital Commodity Assets, and the Digital Commodity Assets Fund have all entered liquidation after investors raised red flags about the fund's management and licensure.
So far, losses are estimated to affect around 100 investors, who have up to AU$100 million (US$65 million) in claims.
Balanian had boasted of his career experience as a former NASA mission planner, and targeted his fund to wealthy investors with a minimum initial deposit of AU$50,000 (~US$33,000).
Crema Finance and Nirvana Finance hacker sentenced to three years imprisonment
Shakeeb Ahmed, the hacker who stole a combined $12 million from Crema Finance and Nirvana Finance in July 2022, has been sentenced to three years in prison. Ahmed had previously worked for Amazon, where he led a bug bounty program focused on paying whitehat hackers to discover flaws in Amazon's software.
US Attorney Damian Williams described this as the first ever conviction for a smart contract hack.
Ahmed forfeited around $12.3 million in stolen funds, and will pay more than $5 million in restitution.
- "Former Security Engineer Sentenced To Three Years In Prison For Hacking Two Decentralized Cryptocurrency Exchanges", press release from the U.S. Attorney's Office, Southern District of New York [archive]
MarginFi suffers huge outflows amid CEO ragequit
The MarginFi decentralized lending project on Solana has been at the epicenter of some major drama recently, amid concerns around oracle problems, withdrawal failures, and accusations that the project has not been paying out its promised rewards. Much of this came from a Solana staking pool, SolBlaze; MarginFi responded by describing their allegations as a "hit piece" and "misinformation".
On April 10, CEO Edgar Pavlovsky tweeted that he had resigned from MarginFi, publicly calling that he "d[idn't] agree with the way things have been done internally or externally". Pavlovsky had been criticized for his response to the controversy around MarginFi, in which he had been argumentative and insulting, tweeting things like "take your money out, go fuck yourself" to those who accused him and MarginFi of malfeasance.
Amid the chaos, more than $210 million in TVL has exited the protocol.