Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

OptyFi shuts down, citing regulatory threats and failed fundraising attempt

OptyFi, a so-called "AI-powered defi" project, announced it would be shutting down for a variety of reasons. First, they blamed their recent failed token sale, in which they had hoped to raise $600,000. They blamed this failed sale on their Discord project being hacked, and on various community members falling victim to a fake token sale link.

However, they stated that the main reason they decided to shut down the project was the "significant and mounting regulatory challenges", pointing to the recent claim by the BarnBridge defi project that they were under SEC investigation. According to OptyFi, they are concerned that the $OPTY token or OptyFi vault tokens could be deemed securities, or that the OptyFi vaults themselves could be determined to be a "Mutual Fund type vehicle".

OptyFi promised to refund any tokens purchased during the most recent token sale, but many community members still accused the project team of rug pulling. OptyFi had previously raised $2.4 million in a seed funding round in January 2022.

Theme tags: Collapse, Law
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Platypus Finance hacked for the second time

Platypus Finance paused their pools after they were alerted to what they described as "suspicious activities". Security firm PeckShield was apparently the first to notice the activity, sending them a dreaded "hi, you might want to take a look" tweet that has become their signature way of alerting protocols that something bad has just happened. The CertiK security project also tweeted that they'd observed multiple suspicious flash loans involving the project.

This is the second apparent hack of Platypus Finance, following an $8.5 million hack only ten days after it launched in February 2023. The first hack also involved flash loans.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Avalanche
Tech tags: DeFi, stablecoins

New Rodeo Finance project exploited for the second time in one week

An attacker manipulated a price oracle to drain 472 ETH (~$884,000) from Rodeo Finance, a new Arbitrum-based leveraged yield protocol. The thief then used Tornado Cash to tumble the funds, some of which they placed into staking programs. According to Rodeo Finance, the attacker initially exploited the protocol for closer to $1.7 million, but $810,000 was recovered. Small victories. Anyway, Rodeo paused the protocol, and stated that they are working on recovery plans.

This was actually the second attack to impact Rodeo Finance in a single week. On July 5, the same day as their public token launch, the project was exploited for around $90,000 thanks to a bug in a smart contract.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

NFT phisher charged over OpenSea lookalike scam

A sad-looking Bored Ape wearing a yellow fisherman's hat and bandolier, smoking a cigar, on a bright orange backgroundBored Ape #7358, originally purchased by Hank666 for 49 ETH ($175,000 at the time) (attribution)
The U.S. Attorney's Office of the Southern District of New York announced the unsealing of charges against Soufiane Oulahyane, who they allege created a lookalike OpenSea website to trick victims into entering their login details, and used sponsored links in a "popular internet search engine" to cause his site to show up as the first result when a person searched "opensea". A victim with the OpenSea name "Hank666" entered his credentials into the scam website on September 26, 2021, and Oulahyane quickly used the credentials to transfer his crypto assets, sell his NFTs, and transfer the proceeds of those sales to his own wallet. Altogether, Hank666 lost assets that he had paid around $449,000 to obtain.

Oulahyane is charged with wire fraud, two counts of access device fraud, and aggravated identity theft.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

AlgoFi announces shutdown

AlgoFi, a lending protocol built on the Algorand blockchain, announced that they will begin winding down the project. They were vague about the specific reasons, writing only that "a confluence of events has taken place that no longer makes building and maintaining the Algofi platform to the highest standards a viable path for our company". Although AlgoFi is nominally decentralized, like many defi projects, its fate ultimately rested with the small team building it.

AlgoFi had raised a seed funding round of $2.8 million in November 2021, and was backed by groups including Union Square Ventures, Arrington XRP Capital, Pillar VC, and Y Combinator. They had also received other investments from groups including Jump Capital and Coinbase Ventures.

AlgoFi accounts for over half of the value on the Algorand blockchain, which itself has experienced a marked decline from earlier this year.

Theme tags: Collapse
Tech tags: DeFi, lending

Multichain drained of another $107 million days after previous theft

Only five days after $130 million was emptied from the Multichain blockchain bridge, another $107 million in a wide range of assets has been taken. After the first theft, Multichain urged users to stop using the project and revoke contract approvals, but a large quantity of assets remained on the service.

People are becoming increasingly suspicious that the Multichain thefts may be an inside job, not least because Multichain's CEO suddenly disappeared in late May and hasn't been located since.

Theme tags: Hack or scam, Rug pull, Shady business

Arkham Intelligence referral program exposes user emails

In a somewhat amusing complement to Arkham Intelligence's "on-chain intelligence exchange" announcement, a new product which seeks to allow people to buy and sell private information about blockchain wallet owners, Arkham has found themselves in hot water for exposing user email addresses without the users' knowledge.

Like many platforms, Arkham Intelligence allows its users to earn rewards for referring new customers. Users are given a unique link to invite others to sign up, which then credits them for the referral. However, some people have observed that the unique string used to identify the user is simply their email address, base64-encoded. This is a simple way of encoding a piece of text, which is trivially reversed to expose the email address.

A user who noticed the encoding strategy tweeted: "ABSOLUTE LMAO. ALL #ARKHAM REFERRAL LINKS SHARED ON TWITTER IS DOXXING EVERYONE BECAUSE THE EMAIL IS IN THE REFERRAL URL". They then went on to decode some referral links from anonymous crypto personalities, writing "HOW DOES IT FEEL TO GET DOXXED???"

Arkham Intelligence quickly updated its referral program to use an encryption algorithm that can't easily be reversed in this way, and the CEO apologized for what he said was an early version of creating referral links that was never updated.

Theme tags: Hmm

Arkham Intelligence releases "dox-to-earn" project

Arkham Intelligence, a blockchain intelligence company with the tagline "deanonymizing the blockchain", announced the launch of its "on-chain intelligence exchange", inviting people to "buy and sell information on the owner of any blockchain wallet address—anonymously, via smart contract." In the crypto world where transaction data is largely public, maintaining pseudonymity is often a critical part of maintaining safety and privacy. Needless to say, this had a mixed reception, with many terming the exchange "dox-to-earn".

"hey isn't the most profitable use of this just to put a bounty on whale wallets and then kidnap people? like ... did that come up in any meetings?" wrote one Twitter user. "We are now one step closer to onchain assassination markets", wrote another. Others, however, were more optimistic, speaking about "doxx[ing] scammers", "democratiz[ing] tools [the government] already has", and, in the longer term, "accelerat[ing] privacy".

Theme tags: Hack or scam

Dubai regulator cracks down on BitOasis

Dubai's Virtual Assets Regulatory Authority issued an alert that BitOasis was "under review for not meeting mandated conditions". In April, BitOasis received the first "MVP Operational License" issued under a new regulatory regime in Dubai, but has apparently already fallen out of compliance. VARA warned that further enforcement actions could follow, including rescinding the license.

BitOasis wrote on their website that the license had in fact been suspended, but stated that they had not begun offering services to the segments covered by the license (institutional and qualified investors).

BitOasis is among the most popular crypto exchanges in the Middle East and North Africa (MENA) region.

Theme tags: Law

Arcadia Finance exploited

Arcadia Finance is a defi margin trading protocol that launched on Ethereum and the Optimism Ethereum layer 2 protocol in March 2023. On July 9, an attacker used a flash loan to drain liquidity pools in the lending portion of the project, resulting in a total loss to the project of around 160 ETH and $163,000 in stablecoins for a total loss of almost $460,000.

The Arcadia Finance team paused related smart contracts to prevent further attacks, and began working with various crypto security projects to investigate the attack. They also sent on-chain messages to the attacker, threatening law enforcement action and suggesting they "return 90% of the funds... and walk away".

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi, lending

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.