OpenSea NFT marketplace lays off 20% of employees
OpenSea, the largest NFT marketplace, announced that they would be laying off around 20% of their employees, or around 60 people. CEO Devin Finzer blamed "crypto winter" for necessitating the decision, a common phrase that has been referenced by multiple CEOs who have announced layoffs in the past two months.
John McAfee associate fined $376,000 for pump & dump scheme and undisclosed promotion of ICOs
In October 2020, the SEC filed charges against anti-virus software magnate, two-time Libertarian presidential candidate, and all-around shady character John McAfee, as well as his bodyguard, Jimmy Watson Jr. They alleged that the two had promoted several initial coin offerings (ICOs) without disclosing that they were being paid to do so. The SEC also charged the pair with participating in a pump and dump scheme, where they secretly bought large amounts of a cryptocurrency token before hyping it on Twitter (where McAfee had millions of followers), then selling the tokens as the price increased.
McAfee died by suicide in June 2021 in a Spanish prison, shortly before he was due to be extradited to the United States on tax evasion charges. His death kicked off a tornado of conspiracy theories by QAnon followers.
Now, the SEC has wrapped up the investigation, finding his partner in crime responsible for the undisclosed promotion and pump and dump scheme. In addition to a $376,000 fine, Watson is prohibited from any professional cryptocurrency trading.
Celsius files for bankruptcy
One month after pausing customer withdrawals, crypto lending firm Celsius Network filed for Chapter 11 bankruptcy. Celsius had recently hired a new group of restructuring lawyers from Kirkland & Ellis, the same group counseling Voyager Digital in their bankruptcy proceedings announced on July 6.
- "Crypto Lender Celsius Files for Bankruptcy After Cash Crunch", Bloomberg
- "Troubled Crypto Lender Celsius Hires New Restructuring Lawyers", The Wall Street Journal
Citizen Finance claims to have been hacked for around $100,000
Citizen Finance, a multichain platform that has something to do with NFTs and blockchain gaming, claimed to have suffered an attack by an outside party who obtained access to a private key for the BNB and Polygon chains. The attacker then used their access to transfer 244 BNB (~$55,000), 57,637 MATIC (~$32,300), and 7,000 USDC for a total windfall of around $94,300. The theft also caused the value of the CIFI token to plummet more than 50%.
As with many of these attacks, it's not immediately clear if there was truly an outside party who gained unauthorized access, or if the "attack" was actually a rug pull or an inside job. The project tweeted on July 16 that they were "continu[ing] to investigate" and had hired outside security firms to try to help them identify the hacker and recoup lost funds.
More than $8.17 million stolen in phishing attack targeting Uniswap users
In a successful, broadly-targeted phishing campaign, more than 70,000 addresses connected to Uniswap were airdropped tokens that baited users into approving transactions that allowed attackers to control their wallets. After some initial confusion that there might be a vulnerability in Uniswap itself, it was determined that the thefts were being perpetrated through the airdrop, which also linked users to a website that resembled the authentic Uniswap site. Users were tricked into signing the contract, and cryptocurrency and NFTs were stolen from wallets.
One single wallet targeted by the phishing attack lost more than $6.5 million worth of Ether and Bitcoin, and another targeted by attackers lost around $1.68 million worth of those currencies.
Vauld is short around $70 million
Crypto lending firm Vauld, which suspended withdrawals and announced they were considering restructuring on July 4, have disclosed to their creditors a shortfall of around $70 million. They explained this was due to mark-to-market losses relating to the declining pricess of Bitcoin, Ether, and Polygon, as well as exposure to the now-collapsed Terra stablecoin UST. They also attributed some of the shortfall to longterm loans that can't be called back for another 3–11 months.
Several weeks prior, Vauld had cut 30% of staff, slashed executive salaries, and began various other cost-cutting measures.
Rival firm Nexo has said it is considering acquiring Vauld, though some have expressed skepticism that Nexo is in a position to afford such an acquisition.
Report claims that Binance served Iranian customers in violation of sanctions
The latest Reuters investigation into Binance has alleged that the company processed transactions for Iranian users, despite U.S. sanctions and the company's claim to be compliant with them. Iranian traders interviewed by Reuters stated that they were able to take advantage of Binance's poor KYC checks to use the service despite the sanctions.
The usage of the exchange by residents of sanctioned countries could draw the attention of US regulators. It's also the latest in several investigative reports by Reuters into Binance, in addition to a June report that the exchange facilitated $2.35 billion in illicit transfers from 2017–2021, and an April report that Binance supplied the Putin regime with information about crypto donors to opposition leader Alexei Navalny.
More than $2.25 million stolen from Bifrost's BiFi platform
Bifrost is a platform that allows developers to create dApps across multiple blockchains. They run the service BiFi, which is a defi platform built atop Bifrost. On July 10, they inadvertently exposed the key to their Bitcoin address-issuing server. An attacker was able to use this to self-sign their own deposit address, then make a fake deposit into the BiFi Bitcoin lending service in exchange for 1,852 ETH ($2.25 million).
Bifrost wrote in their post-mortem analysis that because the attack was limited to the BTC address registration server, and the hack didn't exploit any smart contract or protocol vulnerabilities, a security audit performed by Theori "is still valid" — leading one to wonder why anyone should trust an "audited" platform if $2.25 million in assets can be stolen without invalidating an audit.
- "Post-mortem: BiFi-BTC illegal address registration", Bifrost blog
Hackers steal $1.43 million from Omni NFT lending platform
Hackers used a flash loan attack to steal around 1,300 ETH ($1.43 million) from the NFT lending platform Omni. Omni allows users to borrow cryptocurrency against their NFTs.
Hackers used NFTs from the popular Doodles collection as collateral to borrow wETH, then withdrew all but one of the NFTs, allowing them to perform a re-entrancy attack. The attacker then laundered the funds using the Tornado Cash cryptocurrency tumbler.
According to Omni, only funds belonging to the platform that were being used for testing were taken by the attacker.
- "Hacker drains $1.4 million worth of ETH from NFT lender Omni", The Block
- Exploiter wallet on Etherscan
CoinFLEX sues Roger Ver to try to recover claimed $84 million debt
When CoinFLEX suspended withdrawals on June 23, they blamed "continued uncertainty involving a counterparty".
Although they initially dodged naming the counterparty, CEO Mark Lamb eventually publicly stated that this counterparty was Roger "Bitcoin Jesus" Ver, who he said failed to meet a $47 million margin call. However, Ver publicly refuted this claim, stating that CoinFLEX in fact owed him money. Both parties went back and forth, each accusing the other of misrepresenting the situation.
On July 9, the company stated that they would be seeking arbitration to recover $84 million from Ver — an updated figure that they said factored in the "significant loss in liquidating his significant FLEX coin positions".