Radiant Capital sent an on-chain message to the attacker, offering to negotiate a bounty.
Radiant Capital lending protocol hacked for $4.5 million
Radiant Capital, a cross-chain lending protocol built on the Arbitrum layer-2 network, was hacked for 1,900 ETH (~$4.5 million). The exploit relied on a flaw in the underlying code, which was forked from Compound and Aave. The original code has a known rounding issue, which makes new projects vulnerable to attack shortly after they are deployed if they are not specifically configured to avoid the issue. In this case, the attacker had observed the contract being deployed and performed the exploit only six seconds after the project was activated.
- Tweet thread by Radiant Capital [archive]
- Tweet thread by PeckShield [archive]
- On-chain message from Radiant Capital to the exploiter [archive]
Wallet security startup founder scammed out of $125,000
Bill Lou, the co-founder of a cryptocurrency wallet that claims to "revolutionize wallet security", was scammed out of 52 stETH (~$125,000) when he clicked a link promising an airdrop for a project. However, he had fallen for a phishing link that was prominently placed in Google search results, mimicking a real project but draining users' wallets when they authorized the transaction.
"I just got scammed out of $125k of stEth while trying to claim the $LFG airdrop. And I'm a fking founder of a wallet startup that's trying to improve wallet security..." wrote Lou on Twitter. "This is the first time I've been scammed. I always read about others but you never think it could happen to you..." he wrote.
If the founder of a wallet security project can't avoid scams in the crypto world, what hope do the rest of us have?
Orbit Bridge hacked for $81 million
The Orbit Bridge project, a cross-chain bridge for the Orbit Chain project, was exploited on December 31 for around $81 million. The attacker made off with around 26,742 ETH (~$64 million) and $18 million in the DAI stablecoin. Orbit Chain's total value locked plummeted from $152 million to $71 million as over half the funds were drained.
Orbit began sending the attacker on-chain messages, writing that "we will track you down and restore the damage you incurred to the ecosystem. And we will not stop." Orbit also wrote on Twitter that they were working with various law enforcement agencies.
Wallet gets phished for $4.4 million
Someone had a not so fun end to the year when they fell victim to a phishing attack and had around 275,700 LINK drained from their crypto wallet. Those tokens are priced at around $4.4 million.
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorizing the malicious drainer. It's not clear if that's how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.
UST and LUNA deemed securities in court
The federal judge overseeing the SEC v. Terraform Labs case has determined that Terra's UST stablecoin, LUNA token, and related tokens were securities. "There is no genuine dispute that UST, LUNA, wLUNA, and MIR are securities because they are investment contracts," wrote Judge Jed Rakoff.
This is a major decision in the crypto world, which recently celebrated a decision in the SEC v. Ripple case, which found that some sales of Ripple's XRP token did not constitute unregistered securities offerings.
The SEC has maintained a position that the majority of crypto asset offerings are securities offerings, which has been an unpopular opinion among those in the cryptocurrency industry — which broadly does not wish to be regulated by the SEC.
- Memorandum & Opinion in SEC v. Terraform Labs [archive]
Levana Protocol loses over $1.1 million in slow motion
An attacker successfully manipulated an oracle to drain around 10% of the liquidity pool for the Levana Protocol, an Osmosis-based perpetual futures project. This amounted to $1.146 million.
The attack was unusual in that it lasted almost two weeks, going unnoticed because it was draining pools slowly enough that the Levana team assumed it was organic activity. However, when the network became congested, the attack suddenly became more profitable — and more noticeable.
- "Levana exploit postmortem", Medium [archive]
Barry Silbert resigns from Grayscale board
New SEC filings have revealed that Digital Currency Group CEO Barry Silbert and president Mark Murphy have resigned from the board of Grayscale Investments, the organization behind the Grayscale Bitcoin Trust and a subsidiary of DCG.
Grayscale is in the midst of an application process with the SEC for approval to convert the trust into a spot bitcoin ETF. This has been an ongoing effort by Grayscale, and has been denied before.
DCG, meanwhile, is in the middle of financial difficulties and ongoing legal battles, including a lawsuit from the New York Attorney General alleging a $1 billion fraud by DCG and its Genesis subsidiary. The lawsuit from the NYAG also names Silbert personally.
Telcoin exploited for $1.25 million
$TEL, the token associated with the Telcoin remittances project, plunged 40% as an exploiter was able to steal around $1.25 million from the project. The company later disclosed that the issue had to do with how the project had been implemented on the Polygon network. The app was taken offline as the company investigated the hack.
Telcoin later announced that they "plan[ned] to restore all wallets to their previous balances", though did not say whether or how they would be making up the $1.25 million deficit.
Telcoin had been audited by CertiK, though CertiK tweeted to say that "this contract was not in the scope of the audit conducted by CertiK".
Tether mints itself a $1 billion Christmas present
I wish I could give myself a billion dollars for Christmas, too.
On December 25, Tether minted 1 billion of its USDT dollar-pegged stablecoin. CEO Paolo Ardoino announced on Twitter that the mint was an "authorized but not issued transaction, meaning that this amount will be used as inventory for next period issuance requests and chain swaps". This seems to be a recent trend for Tether, as similar language was used for a $1 billion mint in September.
The activity has raised more questions around where the real money backing Tether is coming from, and if it even exists at all. Some have argued that these recent Tether mints are being used to artificially inflate the price of Bitcoin, which has been on an upward trend since mid-October.
Tether, which boasts a market cap of more than $90 billion, has never been audited, and has lied about its backing in the past.
Megabot exit scams for almost $750,000
The Megabot project rug pulled, stealing $742,000 from those who bought in to the project's presale. The majority of the money — around $692,000 — was stolen on the Solana network.
Megabot had advertised itself as an AI trading bot that would earn users "up to 30% monthly". The team had promised that the bot would perform trades while "sidestepping potential risks such as honeypots, rugs, and slow rugs".
"No one will be able to rug you anymore", their website boasted. Ah, well.