New wallet drainer steals almost $60 million in 9 months
A new wallet drainer tool has stolen $58.98 million in cryptocurrency assets from more than 63,000 victims in the past nine months. People using the drainer software have pulled in victims by running ads on Twitter and through Google ads, employing various tricks to thwart ad reviewers trying to thwart malicious ads on their platforms.
Aurory bridge hacked for over $1 million
The Aurory gaming platform uses a bridge called SyncSpace to move assets between the blockchain and the game's off-chain network. On December 17, the bridge was targeted on Arbitrum's Camelot DEX, and an attacker successfully siphoned around 600,000 $AURY tokens from the liquidity pool. As a result, the pool went from around $1.5 million in liquidity to around $312,000, and the price of the $AURY token dropped 11% as the attacker sold it off in bulk.
The Aurory team posted on Twitter to acknowledge the hack, writing that they'd disabled SyncSpace as they investigated. They also wrote that SyncSpace had been audited months ago, but that the audit had failed to detect the vulnerability.
"Top tier" NFTs stolen in NFT Trader hack
Attackers exploited old smart contracts from the NFT Trader peer-to-peer NFT trading application to steal pricey NFTs, including at least 37 Bored Apes, 13 Mutant Apes, and NFTs from the VeeFriends and World of Women collections. Some ETH and APE tokens were also stolen. Altogether, the stolen NFTs are priced at around $3 million, though the hacker may not be able to liquidate them for that ammount.
One attacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price.
Meanwhile, NFT holders were urged to revoke access to NFT Trader, since the platform seemed aware of the attack but unable to stop it. NFT Trader was ultimately able to thwart the attacker to stem additional bleeding, likely thanks to help from community members who pointed out a way the contract could be shut down.
Later, the "residual garbage" attacker returned 36 Bored Apes and 18 Mutant Apes after a Yuga Labs co-founder paid the 120 ETH (~$260,000) ransom.
SafeMoon files for bankruptcy
The company behind the SafeMoon cryptocurrency scam has filed for Chapter 7 bankruptcy. Screenshots circulated on Twitter of a letter to employees citing "a number of operational and financial challenges", likely referring to — oh, I don't know — maybe the whole criminal indictment against SafeMoon's founders and executives and simultaneous civil lawsuit from the SEC.
Although SafeMoon claimed to have created a token that would "safely go to the moon", executives allegedly siphoned millions of dollars of investor funds to spend on personal expenses including luxury cars and real estate.
In the bankruptcy filing, SafeMoon has claimed to have 50–99 creditors, between $10 and $50 million in estimated assets, and $100,000 to $500,000 in estimated liabilities.
- Chapter 7 Voluntary Petition, filed in the US Bankruptcy Court, D. Utah [archive]
Supply chain attack on Ledger puts much of defi at risk
A supply chain attack on the Ledger connector application has rippled throughout the world of decentralized apps, which widely use the software to enable people to connect their popular Ledger hardware wallets to perform transactions. Although hardware wallets are meant to be among the most secure ways to store crypto, they too are vulnerable to attacks when they are connected to perform transactions.
A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.
CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.
CoinList reaches $1.2 million settlement with OFAC over Russian sanction violations
The Californian cryptocurrency exchange CoinList has settled a lawsuit from the Treasury Departments Office of Foreign Assets Control (OFAC) for $1.2 million. OFAC charged CoinList for processing almost 1,000 transactions between April 2020 and May 2022 on behalf of residents of Crimea, a Ukrainian territory occupied by Russia in 2014 and sanctioned by the United States shortly after.
CoinList reportedly allowed 89 users to sign up for accounts on the platform, most of whom had stated that they were residents of Russia but provided addresses in Crimea.
- "OFAC Settles with CoinList Markets LLC for $1,207,830 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations", Department of the Treasury enforcement release [archive]
Money launderers charged over $80 million crypto romance scam
Four individuals who helped launder money through shell companies and various bank accounts have been charged in connection to an $80 million "pig butchering" cryptocurrency scam. The scam reportedly involved at least 284 transactions, though it's not clear how many victims were involved.
- "Four Individuals Charged for Laundering Millions from Cryptocurrency Investment Scams", Department of Justice press release [archive]
Australian victims lose estimated $1.3 billion to prolific scammers' HyperVerse project
Many investors have reported losses thanks to a cryptocurrency investment scheme called HyperVerse, which operated in Australia from around 2018 to mid-2023. Several financial watchdogs issued warnings about the company, including the UK, Canada, Germany, and New Zealand. The Hungarian central bank warned in August 2022 that the HyperVerse project was a "suspected pyramid scheme... behind which there is no real economic activity... There is a significant chance that investors may permanently lose part or all of their invested capital."
Estimates by Chainalysis suggest that victims have lost a combined $1.3 billion (with a B) to the scam thus far.
The scheme's operators Sam Lee and Zijing "Ryan" Xu were also behind Blockchain Global, a collapsed company that operated the Australian ACX crypto exchange that collapsed in 2019. The company is in liquidation, and creditor claims are expected to surpass $50 million. Although Lee and Xu were reported for investigation to the Australian Securities & Investments Commission, ASIC did not take any action.
Lee has also been involved in other investment platforms, including two that are currently active: StableDao and We Are All Satoshi. Both platforms were the target of cease and desist letters from the Californian Department of Financial Protection and Innovation in September 2023, who described them both as "fraudulent pyramid and Ponzi scheme[s]".
- "Investors lose millions as crypto schemes operate unchecked in Australia", The Guardian [archive]
- "'They are so convincing': Vera Gazzard lost her life savings to HyperVerse", The Guardian [archive]
- "Crypto Scam Revenue Dropped 46% in 2022, While Blockchain Analysis Finds Links Between What Appear to be Distinct Scams", Chainalysis [archive]
- "More than $50 million owed to creditors after collapse of Blockchain Global's cryptocurrency exchange", ABC News [archive]
Crypto scammer suddenly pleads guilty in trial surrounding EXW fraud
There was surprise in an Austrian courtroom when a defendant suddenly gave up any pretense of innocence, proclaiming, "I've run out of steam, I've finished driving... I plead guilty in full and ask for a lenient and speedy sentence". The judge then had to back up and understand what exactly he was pleading guilty to. The same defendant had earlier admitted to some guilt, but denied the fraud had been planned from the start. Later, he said that he had indeed planned from the beginning to steal the funds.
The scam in question was a Ponzi scheme called EXW, in which the eight defendants stole at least €17.6 million (~$19.3 million) from at least 40,000 victims in late 2019 and 2020. The fraud later resurfaced under a different name. However, in court, the ex-girlfriend of the main defendant testified that the scam had actually brought in €80–100 million ($88—$110 million).
One of the defendants, who from reports seems to be the same one who just admitted his guilt in court, reportedly feigned being autistic when he was arrested by police, somehow earning himself enough time to erase the contents of his phone.
He and seven other defendants have been charged with fraud, money laundering, running a pyramid scheme, and operating a criminal organization.
- "EXW Wallet indictments, arrests & criminal trial in Austria", Behind MLM [archive]
- "EXW-Prozess: Hauptangeklagter bekennt sich schuldig", Salzburger Nachrichten (in German) [archive]
- "Angeklagter bekennt sich im Prozess um Kryptobetrug vollumfänglich schuldig", Der Standard (in German) [archive]
Blockchain chess platform Immortal Game ditches token after "heavy cheating"
After raising $12 million from crypto-focused venture funds, the Immortal Game blockchain chess platform has announced that they would be nixing most of the blockchain part by shutting down support for their "Checkmate" token and stopping development on play-to-earn and NFT projects. Although they began as a blockchain chess company, they seem to be pivoting to just being a chess company.
"We found that by offering large amounts of cash with no limit barrier to entry, we encouraged heavy cheating on the platform and degraded the user experience for our legitimate player base who want a fair and safe place to play chess online," they wrote. Who could have guessed.
Somewhat ironically, they suggested that they may still intended to look into using web3 technology for "anti-cheat measures".