Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

Multichain finally confirms their CEO was arrested in China

After a months-long saga involving "stuck" transactions, Multichain announcing they couldn't get in contact with their CEO, rumors that the whole team was arrested, and several suspicious transactions of more than $100 million each, Multichain has finally announced that their CEO — known only as Zhaojun — was arrested on May 21. According to the project, all of his devices, hardware wallets, and mnemonic phrases were taken by Chinese police during the arrest. "Since the inception of the project, all operational funds and investments from investors have been under Zhaojun's control. This also means that all the team's funds and access to the servers are with Zhaojun and the police," they wrote.

The Multichain project claimed in a lengthy Twitter thread that the team attempted to keep the project running by using stored credentials on Zhaojun's home computer, thanks to access provided by his sister. However, they say that the July 6–7 movement of $130 million out of the project was an "abnormal" transfer by an unknown party. They claim that the July 9–10 transfer of around $107 million was his sister attempting to preserve assets by moving them into wallets she controlled. According to the team, his sister also was arrested on July 13, and "the status of the assets she has preserved is uncertain".

"Due to the lack of alternative sources of information and corresponding operational funds, the team is forced to cease operations," they wrote. They also claimed that they don't have control over the domain pointing to the frontend of the project, and so are unable to take the project offline, and resorted to pleading with GoDaddy for help in doing so.

"Honestly he deserves jail for this level of cryptography incompetence alone," wrote crypto personality 0xfoobar on Twitter.

Theme tags: Law, Shady business
Tech tags: DeFi

SEC, CFTC, and FTC sue Celsius; CEO Alex Mashinsky arrested

Alex Mashinsky sitting onstage, wearing a Madonna microphone and a t-shirt reading "Banks are not your friends." with the Celsius logoAlex Mashinsky (attribution)
A multi-agency hammer came down on the bankrupt cryptocurrency lender and alleged Ponzi scheme that was Celsius. The co-founder and former CEO of the company, Alex Mashinsky, was arrested and charged with seven counts including securities and commodities fraud, wire fraud, and conspiracy to manipulate the price of Celsius' CEL token. The indictment also named Roni Cohen-Pavon, Celsius' former Chief Revenue Officer.

Alongside the indictment from the DOJ, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Federal Trade Commission (FTC) each filed their own separate lawsuits against Mashinsky and Celsius.

These latest lawsuits join an existing lawsuit, filed in January 2023, against Mashinsky by the New York Attorney General.

Theme tags: Law

Digitex Futures CEO to pay $15 million over commodities violations

Adam Todd, the CEO of the Digitex Futures exchange, has been ordered to pay $3.9 million in disgorgement and $11.7 million in penalties. The Commodity Futures Trading Commission won a default judgment against him in their lawsuit alleging violations of the Commodity Exchange Act, including failing to register as a derivatives exchange, attempting to manipulate the price of the DGTX token, and failing to implement proper KYC and anti-money laundering programs.

According to Todd in a YouTube video, "We do not need to do KYC. [...] You should not have to give them because the U.S. government or whatever other [expletive] government in the world says that you need to. You do not need to. You just do not." Well, in that case.

Todd was also accused of trying to artificially inflate the price of the DGTX token by buying it on third-party exchanges, writing out his plans in excruciating detail with a customer who provided him funds to use on pumping the token.

Theme tags: Law

OptyFi shuts down, citing regulatory threats and failed fundraising attempt

OptyFi, a so-called "AI-powered defi" project, announced it would be shutting down for a variety of reasons. First, they blamed their recent failed token sale, in which they had hoped to raise $600,000. They blamed this failed sale on their Discord project being hacked, and on various community members falling victim to a fake token sale link.

However, they stated that the main reason they decided to shut down the project was the "significant and mounting regulatory challenges", pointing to the recent claim by the BarnBridge defi project that they were under SEC investigation. According to OptyFi, they are concerned that the $OPTY token or OptyFi vault tokens could be deemed securities, or that the OptyFi vaults themselves could be determined to be a "Mutual Fund type vehicle".

OptyFi promised to refund any tokens purchased during the most recent token sale, but many community members still accused the project team of rug pulling. OptyFi had previously raised $2.4 million in a seed funding round in January 2022.

Theme tags: Collapse, Law
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Platypus Finance hacked for the second time

Platypus Finance paused their pools after they were alerted to what they described as "suspicious activities". Security firm PeckShield was apparently the first to notice the activity, sending them a dreaded "hi, you might want to take a look" tweet that has become their signature way of alerting protocols that something bad has just happened. The CertiK security project also tweeted that they'd observed multiple suspicious flash loans involving the project.

This is the second apparent hack of Platypus Finance, following an $8.5 million hack only ten days after it launched in February 2023. The first hack also involved flash loans.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Avalanche
Tech tags: DeFi, stablecoins

New Rodeo Finance project exploited for the second time in one week

An attacker manipulated a price oracle to drain 472 ETH (~$884,000) from Rodeo Finance, a new Arbitrum-based leveraged yield protocol. The thief then used Tornado Cash to tumble the funds, some of which they placed into staking programs. According to Rodeo Finance, the attacker initially exploited the protocol for closer to $1.7 million, but $810,000 was recovered. Small victories. Anyway, Rodeo paused the protocol, and stated that they are working on recovery plans.

This was actually the second attack to impact Rodeo Finance in a single week. On July 5, the same day as their public token launch, the project was exploited for around $90,000 thanks to a bug in a smart contract.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

NFT phisher charged over OpenSea lookalike scam

A sad-looking Bored Ape wearing a yellow fisherman's hat and bandolier, smoking a cigar, on a bright orange backgroundBored Ape #7358, originally purchased by Hank666 for 49 ETH ($175,000 at the time) (attribution)
The U.S. Attorney's Office of the Southern District of New York announced the unsealing of charges against Soufiane Oulahyane, who they allege created a lookalike OpenSea website to trick victims into entering their login details, and used sponsored links in a "popular internet search engine" to cause his site to show up as the first result when a person searched "opensea". A victim with the OpenSea name "Hank666" entered his credentials into the scam website on September 26, 2021, and Oulahyane quickly used the credentials to transfer his crypto assets, sell his NFTs, and transfer the proceeds of those sales to his own wallet. Altogether, Hank666 lost assets that he had paid around $449,000 to obtain.

Oulahyane is charged with wire fraud, two counts of access device fraud, and aggravated identity theft.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

AlgoFi announces shutdown

AlgoFi, a lending protocol built on the Algorand blockchain, announced that they will begin winding down the project. They were vague about the specific reasons, writing only that "a confluence of events has taken place that no longer makes building and maintaining the Algofi platform to the highest standards a viable path for our company". Although AlgoFi is nominally decentralized, like many defi projects, its fate ultimately rested with the small team building it.

AlgoFi had raised a seed funding round of $2.8 million in November 2021, and was backed by groups including Union Square Ventures, Arrington XRP Capital, Pillar VC, and Y Combinator. They had also received other investments from groups including Jump Capital and Coinbase Ventures.

AlgoFi accounts for over half of the value on the Algorand blockchain, which itself has experienced a marked decline from earlier this year.

Theme tags: Collapse
Tech tags: DeFi, lending

Multichain drained of another $107 million days after previous theft

Only five days after $130 million was emptied from the Multichain blockchain bridge, another $107 million in a wide range of assets has been taken. After the first theft, Multichain urged users to stop using the project and revoke contract approvals, but a large quantity of assets remained on the service.

People are becoming increasingly suspicious that the Multichain thefts may be an inside job, not least because Multichain's CEO suddenly disappeared in late May and hasn't been located since.

Theme tags: Hack or scam, Rug pull, Shady business

Arkham Intelligence referral program exposes user emails

In a somewhat amusing complement to Arkham Intelligence's "on-chain intelligence exchange" announcement, a new product which seeks to allow people to buy and sell private information about blockchain wallet owners, Arkham has found themselves in hot water for exposing user email addresses without the users' knowledge.

Like many platforms, Arkham Intelligence allows its users to earn rewards for referring new customers. Users are given a unique link to invite others to sign up, which then credits them for the referral. However, some people have observed that the unique string used to identify the user is simply their email address, base64-encoded. This is a simple way of encoding a piece of text, which is trivially reversed to expose the email address.

A user who noticed the encoding strategy tweeted: "ABSOLUTE LMAO. ALL #ARKHAM REFERRAL LINKS SHARED ON TWITTER IS DOXXING EVERYONE BECAUSE THE EMAIL IS IN THE REFERRAL URL". They then went on to decode some referral links from anonymous crypto personalities, writing "HOW DOES IT FEEL TO GET DOXXED???"

Arkham Intelligence quickly updated its referral program to use an encryption algorithm that can't easily be reversed in this way, and the CEO apologized for what he said was an early version of creating referral links that was never updated.

Theme tags: Hmm

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.