New wallet drainer steals almost $60 million in 9 months
Aurory bridge hacked for over $1 million
The Aurory team posted on Twitter to acknowledge the hack, writing that they'd disabled SyncSpace as they investigated. They also wrote that SyncSpace had been audited months ago, but that the audit had failed to detect the vulnerability.
"Top tier" NFTs stolen in NFT Trader hack
One attacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price.
Meanwhile, NFT holders were urged to revoke access to NFT Trader, since the platform seemed aware of the attack but unable to stop it. NFT Trader was ultimately able to thwart the attacker to stem additional bleeding, likely thanks to help from community members who pointed out a way the contract could be shut down.
Later, the "residual garbage" attacker returned 36 Bored Apes and 18 Mutant Apes after a Yuga Labs co-founder paid the 120 ETH (~$260,000) ransom.
SafeMoon files for bankruptcy
Although SafeMoon claimed to have created a token that would "safely go to the moon", executives allegedly siphoned millions of dollars of investor funds to spend on personal expenses including luxury cars and real estate.
In the bankruptcy filing, SafeMoon has claimed to have 50–99 creditors, between $10 and $50 million in estimated assets, and $100,000 to $500,000 in estimated liabilities.
- Chapter 7 Voluntary Petition, filed in the US Bankruptcy Court, D. Utah [archive]
Supply chain attack on Ledger puts much of defi at risk
A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.
CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.
CoinList reaches $1.2 million settlement with OFAC over Russian sanction violations
CoinList reportedly allowed 89 users to sign up for accounts on the platform, most of whom had stated that they were residents of Russia but provided addresses in Crimea.
- "OFAC Settles with CoinList Markets LLC for $1,207,830 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations", Department of the Treasury enforcement release [archive]
Money launderers charged over $80 million crypto romance scam
- "Four Individuals Charged for Laundering Millions from Cryptocurrency Investment Scams", Department of Justice press release [archive]
Australian victims lose estimated $1.3 billion to prolific scammers' HyperVerse project
Estimates by Chainalysis suggest that victims have lost a combined $1.3 billion (with a B) to the scam thus far.
The scheme's operators Sam Lee and Zijing "Ryan" Xu were also behind Blockchain Global, a collapsed company that operated the Australian ACX crypto exchange that collapsed in 2019. The company is in liquidation, and creditor claims are expected to surpass $50 million. Although Lee and Xu were reported for investigation to the Australian Securities & Investments Commission, ASIC did not take any action.
Lee has also been involved in other investment platforms, including two that are currently active: StableDao and We Are All Satoshi. Both platforms were the target of cease and desist letters from the Californian Department of Financial Protection and Innovation in September 2023, who described them both as "fraudulent pyramid and Ponzi scheme[s]".
- "Investors lose millions as crypto schemes operate unchecked in Australia", The Guardian [archive]
- "'They are so convincing': Vera Gazzard lost her life savings to HyperVerse", The Guardian [archive]
- "Crypto Scam Revenue Dropped 46% in 2022, While Blockchain Analysis Finds Links Between What Appear to be Distinct Scams", Chainalysis [archive]
- "More than $50 million owed to creditors after collapse of Blockchain Global's cryptocurrency exchange", ABC News [archive]
Crypto scammer suddenly pleads guilty in trial surrounding EXW fraud
The scam in question was a Ponzi scheme called EXW, in which the eight defendants stole at least €17.6 million (~$19.3 million) from at least 40,000 victims in late 2019 and 2020. The fraud later resurfaced under a different name. However, in court, the ex-girlfriend of the main defendant testified that the scam had actually brought in €80–100 million ($88—$110 million).
One of the defendants, who from reports seems to be the same one who just admitted his guilt in court, reportedly feigned being autistic when he was arrested by police, somehow earning himself enough time to erase the contents of his phone.
He and seven other defendants have been charged with fraud, money laundering, running a pyramid scheme, and operating a criminal organization.
- "EXW Wallet indictments, arrests & criminal trial in Austria", Behind MLM [archive]
- "EXW-Prozess: Hauptangeklagter bekennt sich schuldig", Salzburger Nachrichten (in German) [archive]
- "Angeklagter bekennt sich im Prozess um Kryptobetrug vollumfänglich schuldig", Der Standard (in German) [archive]
Blockchain chess platform Immortal Game ditches token after "heavy cheating"
"We found that by offering large amounts of cash with no limit barrier to entry, we encouraged heavy cheating on the platform and degraded the user experience for our legitimate player base who want a fair and safe place to play chess online," they wrote. Who could have guessed.
Somewhat ironically, they suggested that they may still intended to look into using web3 technology for "anti-cheat measures".