Bifrost wrote in their post-mortem analysis that because the attack was limited to the BTC address registration server, and the hack didn't exploit any smart contract or protocol vulnerabilities, a security audit performed by Theori "is still valid" — leading one to wonder why anyone should trust an "audited" platform if $2.25 million in assets can be stolen without invalidating an audit.
More than $2.25 million stolen from Bifrost's BiFi platform
Bifrost is a platform that allows developers to create dApps across multiple blockchains. They run the service BiFi, which is a defi platform built atop Bifrost. On July 10, they inadvertently exposed the key to their Bitcoin address-issuing server. An attacker was able to use this to self-sign their own deposit address, then make a fake deposit into the BiFi Bitcoin lending service in exchange for 1,852 ETH ($2.25 million).
- "Post-mortem: BiFi-BTC illegal address registration", Bifrost blog
Hackers steal $1.43 million from Omni NFT lending platform
Hackers used a flash loan attack to steal around 1,300 ETH ($1.43 million) from the NFT lending platform Omni. Omni allows users to borrow cryptocurrency against their NFTs.
Hackers used NFTs from the popular Doodles collection as collateral to borrow wETH, then withdrew all but one of the NFTs, allowing them to perform a re-entrancy attack. The attacker then laundered the funds using the Tornado Cash cryptocurrency tumbler.
According to Omni, only funds belonging to the platform that were being used for testing were taken by the attacker.
- "Hacker drains $1.4 million worth of ETH from NFT lender Omni", The Block
- Exploiter wallet on Etherscan
CoinFLEX sues Roger Ver to try to recover claimed $84 million debt
When CoinFLEX suspended withdrawals on June 23, they blamed "continued uncertainty involving a counterparty".
Although they initially dodged naming the counterparty, CEO Mark Lamb eventually publicly stated that this counterparty was Roger "Bitcoin Jesus" Ver, who he said failed to meet a $47 million margin call. However, Ver publicly refuted this claim, stating that CoinFLEX in fact owed him money. Both parties went back and forth, each accusing the other of misrepresenting the situation.
On July 9, the company stated that they would be seeking arbitration to recover $84 million from Ver — an updated figure that they said factored in the "significant loss in liquidating his significant FLEX coin positions".
Vauld seeks protection against creditors
Cryptocurrency exchange Vauld, who suspended withdrawals on July 4, filed for a moratorium against creditors in Singapore, a process that's conceptually similar to Chapter 11 bankruptcy proceedings in the U.S.
In late June, the exchange laid off 30% of staff and took other measures to cut costs. They later disclosed they were short $70 million, partly from exposure to the Terra ecosystem which collapsed in May.
- "Peter Thiel-Backed Crypto Lender Vauld Files for Protection Against Creditors", The Wall Street Journal
Three Arrows Capital founders are nowhere to be found
Kyle Davies and Zhu Su, the founders of Three Arrows Capital, have apparently disappeared after the firm entered bankruptcy proceedings. Although lawyers for the duo have said they intend to cooperate with the proceedings, their whereabouts are unknown, and the liquidators' lawyers stated they had "not yet received any meaningful cooperation" from either. Those lawyers have expressed concerns that the pair might make off with the remaining funds — a substantial portion of which are cash, cryptocurrencies, and NFTs, and could be easily transferred.
Hypernet Labs shuts down shortly after being hit with a fraud lawsuit
Ivan Ravlich, founder of the nebulous crypto firm called Hypernet Labs, announced on Twitter that "Hypernet's road has reached an end". "Hypernet was impacted by the same market headwinds that have touched millions around the world since May. Unfortunately, the treasury was also held in Ethereum, which disproportionately exacerbated the bear market's impact on our balance sheet", he wrote.
What he didn't mention was the lawsuit that had just been filed against the company, by investors who allege that Ravlich and his co-founders lied to investors and never created any usable product or service. Investors claim to have lost millions in cryptocurrency, and one alleged that Ravlich and his compatriots used a shell company in the Cook Islands to make it harder for him to recoup his losses.
Hypernet initially promised to build a system for renting unused computing power, and in 2018 raised around $20 million in an initial coin offering. In late 2021, Hypernet "pivoted hard" into NFTs, which one investor stated was a "knee jerk reaction to the flavour of the day" and a "last-ditch attempt to find a non-existent market for a non-existent product".
Blockchain.com faces a $270 million loss from their loan to Three Arrows Capital
Crypto exchange Blockchain.com announced in a letter to shareholders that they could lose the $270 million in cryptocurrency and USD they loaned to Three Arrows Capital, a now-insolvent crypto fund that is pursuing bankruptcy. The ripple effects of the 3AC implosion have been felt throughout the crypto ecosystem, contributing to liquidity issues and the outright failure of some other platforms. Blockchain.com assured customers that they would not be one of those platforms, writing that the company "remains liquid, solvent and our customers will not be impacted", but they also would not be the first crypto company in recent weeks to assure customers that everything is fine shortly before being forced to reveal that everything is not fine at all.
Former asset manager for Celsius files lawsuit alleging the company was a Ponzi scheme
Jason Stone, founder of the KeyFi company who formerly managed assets for Celsius, filed a complaint against Celsius Network in a New York court, alleging the company was operating as a Ponzi scheme and owes them "a significant sum of money". Stone alleged that, despite claiming that Celsius's trading teams would properly hedge against any impermanent loss or loss due to token fluctuation incurred by KeyFi, they were doing nothing of the sort. Upon learning this in March 2021, they terminated their relationship with Celsius. However, Stone alleges that Celsius owes KeyFi "a significant sum of money", which Celsius has not acknowledged. Instead, Stone claims, Celsius has accused them of theft.
The legal complaint reads, "Prior to Plaintiff coming on board, Defendants had no unified, organized, or overarching investment strategy other than lending out the consumer deposits they received. Instead, they were desperately seeking a potential investment that could earn them more than they owed to their depositors. Otherwise, they would have to use additional deposits to pay the interest owed on prior deposits, a classic 'Ponzi scheme.' The recent revelation that Celsius does not have the assets on hand to meet its withdrawal obligations shows that Defendants were, in fact, operating a Ponzi-scheme."
Reddit launches more NFT avatars, but won't call them NFTs
Reddit announced that they will be selling "Collectible Avatars", artist variations on the Reddit "Snoo" figure that users can then customize. Amusingly, Reddit's announcement carefully dodges describing them as NFTs, instead writing that "Collectible Avatars are backed by blockchain technology". Despite this, the avatars are indeed NFTs, created on the Polygon blockchain, though users will be able to buy them with plain ol' fiat.
This is not Reddit's first foray into NFTs. The platform launched four 1-of-1 "CryptoSnoo" NFTs in June 2021, which allow the four holders to display the NFTs on their profile. The "Collectible Avatars" appear to be an attempt to open this same functionality to a broader group of Redditors, while simultaneously appearing to try to sidestep the more negative sentiment around NFTs that has developed since their last project.
Crypto platform 2gether closes user access to accounts
The Spanish cryptocurrency platform 2gether suddenly announced that they were "forced to close service for private accounts" due to "lack of resources and crypto winter". Users found themselves unable to access their accounts via the website or the app, which showed an "under maintenance" message. The company also closed all social media accounts. The previous day, the company had announced they would begin charging a €20 ($20.33) fee for users because it was "impossible to maintain the free service", but apparently decided to go much further. Around 100,000 users found themselves unable to withdraw their funds.
2gether had previously made news in August 2020, when hackers stole 114 Bitcoin and 276 ETH — then worth around €1.183 million ($1.2 million), and representing 15% of customer funds. The company successfully raised €1.5 million ($1.52 million) in a financing round several months later to cover the loss.
- La plataforma de criptomonedas 2gether cierra y deja a 100.000 afectados, La Vanguardia (in Spanish)