The attack caused the LVL token to drop substantially in price, plunging from around $9.00 to as low as $4.20 before recovering to around $7 — a loss of 22%.
Level Finance exploited for ~$1.1 million
The Level Finance decentralized perpetual exchange was exploited after an attacker discovered a vulnerability in one of the project's smart contracts. They were able to drain 214,000 LVL tokens, which they swapped to 3,345 BNB ($1.1 million). The contract had been audited by Obelisk and Quantstamp, but neither firm apparently discovered the vulnerability.
Poloniex pays $7.6 million settlement for sanctions violations
A US entity that previously controlled the Poloniex crypto exchange has agreed to pay a $7.6 million fine to settle allegations that it violated US sanctions against Crimea, Cuba, Iran, Sudan, and Syria. The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) alleges that between January 2014 and November 2019, Poloniex allowed citizens in those jurisdictions to use the platform, despite knowing their locations thanks to KYC and IP address information. OFAC alleges that there were nearly 66,000 apparent sanctions violations, which amounted to more than $15 million in transactions.
Poloniex was a US-based crypto exchange founded in 2014, which in 2018 was purchased by Circle, who intended to get rid of the illegal activity for which it was known. However, when they discovered that the customers who used Poloniex no longer wanted to use it once they were subjected to scrutiny, they sold the platform to Justin Sun in late 2019, who relocated it to the Seychelles and shut down US operations. It appears that the OFAC fine will apply to the US entity most recently controlled by Circle, and not to Justin Sun's operation.
In August 2021, Poloniex also paid more than $10.3 million to settle allegations from the U.S. Securities and Exchange Commission that it had operated as an unlicensed exchange.
Individuals lose millions in "permit phishing" scams
Between March and April 2023, the Scam Sniffer organization has identified at least $7.7 million stolen by so-called "permit phishers". These attackers convince their victims to sign malicious crypto transactions that use the "permit" functionality, which allows the attackers to siphon funds from the crypto wallets. This type of attack has existed for over a year, but there have been some high-value instances of the attack lately.
On March 11, ScamSniffer tweeted that they had detected 162 instances of the scam, totaling almost $4 million stolen, over the prior two days. On March 24, an individual wallet lost $4 million. Similar attacks on April 19, April 21, and April 30 saw individual wallets lose $449,000, $1.04 million, and $2.28 million, respectively.
0VIX Protocol exploited for $2 million
The 0VIX defi protocol on the Polygon blockchain was exploited for around $2 million. This was a substantial portion of the project's roughly $6.4 million TVL around the time of the hack. The attack was perpetrated by an attacker who manipulated an oracle, which then allowed them to execute a flash loan attack on the project.
The protocol was paused following the attack. 0VIX later tweeted that they had been collaborating with security firms to investigate the hack, and had offered to let the attacker keep $125,000 if they returned the remaining funds in a bug bounty agreement that would also involve 0VIX not pursuing legal action.
Hacker steals Bitcoins from Russia, destroys them or donates them to Ukraine
A thief has identified nearly 1,000 Bitcoin addresses they believe to have been used in connection with Russian hacking activity. This is partly backed by analysis from the blockchain research group Chainalysis, which has linked some of the wallets to Russian Solarwinds attackers and those pushing election disinformation. The thief took control of some of the wallets, destroying $300,000 worth of Bitcoin as they left messages in the transactions to make their allegations.
The thief's activity began shortly before the Russian invasion of Ukraine. After the invasion, the thief stopped destroying the Bitcoin and instead began transferring it to addresses identified for Ukrainian aid.
CFTC imposes record $3.4 billion fine on Bitcoin scammer
After finding that the South African businessman Cornelius Johannes Steynberg had run Mirror Trading International as a multi-level marketing scheme, in which he accepted 29,421 Bitcoin from at least 23,000 Americans, the CFTC has imposed a record fine. Those 29,421 BTC were priced at $1.7 billion in March 2021 — around the end of Steynberg's multi-year scam. Today they're priced at around $863 million, but unfortunately for Steynberg, the CFTC isn't using today's prices to calculate their penalties.
Steynberg has been ordered to pay a total of $3.4 billion — $1.7 billion in restitution and another $1.7 billion penalty. Steynberg was arrested in Brazil in December 2021 on an INTERPOL arrest warrant, where he has remained since pending extradition.
- "Federal Court Orders South African CEO to Pay Over $3.4 Billion for Forex Fraud", U.S. Commodity Futures Trading Commission
FBI raids home of FTX exec Ryan Salame
The FBI raided the home of Ryan Salame, the former co-CEO of FTX Digital Markets (FTX's Bahamian subsidiary). Salame was close with Sam Bankman-Fried, although it came out in bankruptcy proceedings that Salame had contacted Bahamian securities regulators during the FTX collapse to tip them off to the improper transfer of FTX client funds to Alameda Research.
Salame was also a major donor to Republican candidates in the 2022 midterm elections, splashing out around $24 million in campaign contributions. However, court filings suggest that much of the money donated to political and other causes by FTX executives may truly have been misappropriated customer funds.
Salame is, at the moment at least, not facing charges in connection to the FTX collapse. In July 2023, the Wall Street Journal reported that the search was likely a part of an investigation into Salame and his girlfriend Michelle Bond over possible campaign finance violations pertaining to Bond's 2022 congressional campaign, and was not related to FTX.
- "F.B.I. Searches Home of Top FTX Executive", The New York Times
- "Former FTX Executive Linked to Campaign-Finance Probe of New York GOP Race", The Wall Street Journal
Belgian crypto lender Bit4You suspends activities
The only Belgian crypto platform, the Bit4You crypto lender, announced they would be suspending activities after the CoinLoan crypto exchange was ordered to suspend activities after being declared insolvent.
"To date we have no indication that the virtual currencies held on behalf of our customers with CoinLoan will not be recovered," they wrote in their announcement. Reassuring!
AT&T customers suffer crypto wallet compromises reportedly totaling $15–$20 million
TechCrunch reported that attackers were able to gain access to AT&T email accounts which they then used to gain access to customers' cryptocurrency accounts. Various customers reported their accounts at exchanges including Coinbase and Gemini had been drained. One individual victim lost $134,000 from their Coinbase account.
An anonymous source corresponding with TechCrunch claims that the total amount of cryptocurrency stolen is somewhere between $15 million and $20 million. The tipster also claimed that the hackers have the ability to gain access to any AT&T account via the AT&T employee portal; AT&T has denied this and instead claimed that "the bad actors used an API access."
"Rogue developers" make off with $1.82 million from Merlin
The brand new Merlin DEX had only just launched on the zkSync Ethereum layer-2, with a public token sale beginning on April 25. The following day, they suddenly asked users to revoke permissions to the project, saying they believed there was an exploit. They later wrote: "it is with deepest regret that we have to notify you of a major fault in the structural integrity and controls of the Merlin Platform. In the early hours of this morning the several members of the Back-End Team drained all of our Contracts."
The Merlin DEX had been audited by the CertiK security firm, which stated it was working with the remaining team members to try to trace the thieves. Meanwhile, they wrote that they would be working to compensate affected users.
Some didn't seem to buy the story that the theft was carried out by a few rogue developers, accusing the entire Merlin project team of rug-pulling.