Then, on July 17, the exchange released a new announcement: "Due to cooperation with the police investigation, the platform has suspended related services... Please wait for the police announcement." They also wrote in the post, "AEX reserves the right of final interpretation of this announcement", and below the signature wrote, "The closer you look, the further you see."
On July 20, PREMINT's CEO announced they would be compensating all users affected by the hack by sending them ETH equivalent to the floor price of the stolen NFTs. "I realize that the NFTs stolen were not all floor NFTs... You might feel like this compensation isn't enough. But I don't think there's any other scalable and objective way to do this," he said. The total repayment will amount to about 340 ETH ($525,000). PREMINT also bought the two most expensive stolen NFTs from their new owners for the prices they had paid to buy them from the hacker — 92 ETH ($138,000) for a Bored Ape and 12 ETH ($17,800) for an Azuki. Those NFTs were returned to their original owners.
NFTs valued at $150,000 stolen via phishing link posted to the hacked Twitter account of NFT artist DeeKay
Altogether, the stolen NFTs were valued at around $150,000. DeeKay reported that he wasn't sure how his Twitter account had been compromised, but that "my guess is that [two-factor authentication] was off for that specific time". DeeKay wrote that he was considering compensating his followers who were victim to the scam, but that "[a] few are pretending to be affected and looking for opportunities", and "this also encourages hackers to keep doing their thing". "There were some kind souls who were affected and have shown me great flexibility for me to compensate in different ways. Some are asking for high demands as if I was the hacker...😪", he wrote in the thread.
The news sparked rumors about Coinbase, including that they might be facing a liquidity crisis or insolvency. Others dismissed those rumors as unfounded, and normal behavior for a company facing a market downturn. Coinbase CEO Brian Armstrong tweeted that Coinbase was "well capitalized".
zachxbt traced the funds to various centralized crypto exchanges, and also found that some of the money had been used to purchase other pricey NFTs including Bored Apes, CryptoPunks, and others. He also identified two individuals he suspected were behind the pseudonymous creators of the project, who had mysteriously begun posting luxury trips, designer purchases, and an expensive Mercedes after the project mint.
After zachxbt's thread, the project tweeted for the first time in a very long time, writing "for the 2736463266474th time, itz not rug 😪, just a very deliberately slow creative process, lots of pivots..." However, the project never followed through on their promised new deadline. The social media account showing evidence of the alleged creator's lavish spending was also deleted.
Reception on Twitter was brutal, with one person commenting, "And that's another one for Beloved Icons Ruined By Pyramid Scheme Bingo". Another described the decision to launch an NFT project as "jumping on the bandwagon while it's actively collapsing". The reception on Discord was also tepid, with only 130 people joining the server in the two days following the announcement.
McAfee died by suicide in June 2021 in a Spanish prison, shortly before he was due to be extradited to the United States on tax evasion charges. His death kicked off a tornado of conspiracy theories by QAnon followers.
Now, the SEC has wrapped up the investigation, finding his partner in crime responsible for the undisclosed promotion and pump and dump scheme. In addition to a $376,000 fine, Watson is prohibited from any professional cryptocurrency trading.
- "Crypto Lender Celsius Files for Bankruptcy After Cash Crunch", Bloomberg
- "Troubled Crypto Lender Celsius Hires New Restructuring Lawyers", The Wall Street Journal
As with many of these attacks, it's not immediately clear if there was truly an outside party who gained unauthorized access, or if the "attack" was actually a rug pull or an inside job. The project tweeted on July 16 that they were "continu[ing] to investigate" and had hired outside security firms to try to help them identify the hacker and recoup lost funds.