Once victims visit the fake site, they're prompted to connect their MetaMask wallets to access various services, which would allow the scammers to steal any assets in the wallets.
MetaMask phishing scammers hijack government websites
Phishing scammers hoping to lure victims into visiting fake websites resembling that of the popular MetaMask crypto wallet have adopted a new approach: compromising government websites. CoinTelegraph identified websites on domains belonging to the governments of countries including India, Nigeria, Egypt, Colombia, Brazil, Vietnam that had been compromised and modified to redirect to these scam sites. Some of them included the websites of the Nigerian postal service and, ironically, of Egypt's Consumer Protection Agency.
Genesis to close U.S. spot trading business
Although Genesis Global Capital filed for bankruptcy in January 2023, portions of the larger business were not included in bankruptcy proceedings and continued to operate. One such portion was Genesis's U.S.-focused spot trading platform, at least until an email to clients announcing that their accounts would be closed at the end of the month.
"The decision was made voluntarily and for business reasons," the email claimed.
Genesis is a subsidiary of the Digital Currency Group (DCG) conglomerate, which has since the beginning of the year seen its Genesis platform enter bankruptcy, shuttered its TradeBlock subsidiary, and is reportedly approaching a deal to sell its CoinDesk crypto media outlet.
Nima Capital accused of rug pull
"Even VCs are rugging now", remarked someone on Twitter as Nima Capital was observed selling 9 million $SYN (priced at ~$3.7 million before the sudden sale caused the token price to drop) and removing all stablecoin liquidity from the Synapse decentralized blockchain bridge. In April 2023, Nima had entered into a deal with Synapse to lock $40 million of liquidity in the project in exchange for the $SYN tokens, with an agreement to not sell the tokens for twelve months. However, it appears they've just dumped their tokens seven months early. Not only that, Nima Capital took their website offline and made their Twitter account private in typical rug-pull fashion.
Synapse posted on Twitter that they were "investigating unusual activity" on the wallets of one of their liquidity providers, and were "working to get in touch with them".
The $SYN token plummeted almost 25% after the sell-off, later recovering somewhat.
Crypto casino Stake hacked for over $40 million
Attackers managed to make transactions from hot wallets operated by the Stake betting platform, stealing approximately $15.7 million from their Ethereum wallet and around $25.6 million from BSC and Polygon. Blockchain analysis project Cyvers attributed the theft to a private key leak, though Stake co-founder Edward Craven later denied that. Craven claimed that the attack was achieved through a "sophisticated breach" targeting a service the company uses to approve transactions.
Stake acknowledged the attack on their Twitter account, writing that "We are investigating and will get the wallets up as soon as they're completely re-secured."
Stake is an Australia-based cryptocurrency casino and sports betting platform that has enjoyed endorsements from various celebrities, and which shelled out $100 million in 2022 for an endorsement deal with Drake.
On September 6, the FBI announced that they believed the Lazarus Group was behind the theft. Lazarus is a group of North Korean state-sponsored hackers allegedly responsible for crypto hacks totaling hundreds of millions of dollars.
Gala Games co-founders sue each other over claimed hundreds of millions in losses
The two co-founders of blockchain gaming company Gala Games are suing each other. One lawsuit, filed by Gala Games CEO Eric Schiermeyer, alleges that Gala's director Wright Thurston stole $130 million in $GALA, directing it through his company and then into a "complex web of obfuscatory transactions" between September 2022 and May 2023. According to the lawsuit, at one point, Thurston explained that he was selling some of the $GALA tokens in order to purchase ammunition for firearms. The lawsuit also outlines how Gala issued the GALA v2 token in May 2023 in order to hide the alleged theft from Gala's token holders.
In a competing lawsuit, Wright Thurston alleges that Schiermeyer unilaterally misused over $600 million in company funds in wasteful actions that were "often for his own personal benefit", including to buy a private jet and hire architects and designers for personal real estate projects.
The $GALA token dropped 5% on the news of the lawsuits.
Starknet upgrade leaves $550,000 inaccessible
"The wallets that did not upgrade in time will lose their assets," a StarkWare customer support representative said on Discord to an individual inquiring why they could no longer access their cryptocurrency. The company had been urging users to upgrade their wallet software for months, but not everyone expected they might lose access to funds if they weren't carefully monitoring their wallet software's social media channels.
After user backlash over a cumulative $550,000 in funds that were inaccessible to people who hadn't heard about the breaking change, Starkware re-enabled the ability for people to upgrade their wallets – leading some to question why it was ever disabled in the first place if it could be trivially re-enabled to prevent the loss of half a million in assets.
Blockchain gaming streamer loses life savings after exposing private key on stream
Brazilian blockchain gaming streamer Fraternidade Crypto says he lost his life savings after accidentally exposing his crypto wallet seed phrase during a livestream pertaining to Bitcoin and blockchain games. Presumably not realizing it was on the same screen he was streaming, he opened a text file containing a password for a gaming account so he could log into it. However, the file also contained his MetaMask private key, which was displayed to the roughly 70 viewers of the stream.
Apparently realizing his mistake, Fraternidade Crypto ended the stream, and says he tried to relocate the crypto to a new wallet. It was too late, however, and someone watching had already taken the around 86,000 MATIC (~$50,000) and various NFTs in the wallet.
Fraternidade Crypto posted an emotional video after the fact, explaining that the stolen funds were his life savings. He said he planned to file a police report, and also offered a reward for the return of the funds.
Fortunately, he was able to recover the stolen MATIC, though he says he has not been able to recover the NFTs, which have "incalculable value as they are NFTs, estimated value of approximately 15k dollars still lost".
Impact Theory to pay $6.1 million for unregistered NFT offering in an SEC first
Entertainment company Impact Theory has agreed to a $6.1 million payment to settle charges from the SEC that its sales of its "Founder's Keys" NFTs constituted an unregistered crypto asset securities offering. This is the first time the SEC has taken action against issuers of NFTs as unregistered securities offerings.
As a part of the agreement, Impact will destroy all remaining Founder's Keys NFTs, forgo royalties from future secondary sales, and publish a notice of the order on its websites and social media.
Founder's Keys in the rarest tier have recently sold for $1,500 apiece, and promised to give their holders access to Impact Theory's self-help content, which supposedly taught viewers how to "unlock their potential and pursue greatness". According to the SEC, the company encouraged holders to view the tokens as an investment into the business.
Clockwork project to shut down due to "limited commercial upside"
A year after raising $4 million in a seed round joined by Multicoin Capital, Solana Ventures, and Asymmetric, Clockwork co-founder Nick Garfield announced that the Solana-based automation platform would be shutting down. He wrote, "Ultimately the reason we are stepping away now is simple opportunity cost. We admittedly see limited commercial upside in continuing to develop the protocol, and have a growing personal interest to explore new opportunities."
A user asked what would happen to remaining seed money, if any, in a Twitter reply. Garfield answered that they "still have a meaningful portion of our seed funding" but that he hadn't decided what to do with it.
Balancer drained of over $2 million following vulnerability warning
After warning users several days prior that a critical vulnerability had been discovered in their protocol, the Balancer defi project has been drained of around more than $2.1 million in a series of exploits apparently taking advantage of the bug.
Balancer acknowledged the hack, writing on Twitter that "Balancer is aware of an exploit related to the vulnerability [disclosed on August 22]. Mitigation procedures have drastically reduced risks, but [we] are unable to pause affected pools." They reiterated that users needed to withdraw funds from affected liquidity pools to prevent further thefts.
The blockchain researcher known on Twitter as MevRefund questioned why Balancer didn't execute a whitehat attack on their own protocol to try to safeguard the vulnerable funds.