Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

Raft exploited for $3.3 million, then hacker screws up

An attacker exploited the Raft defi project after finding a vulnerability that allowed them to mint 6.7 million of Raft's R stablecoin without any backing.

The attacker then went to convert the R into ETH, which they would then be able to launder and cash out. However, an error in the attacker's code caused 1,570 ETH ($3.25 million) to be sent to the burn address, rendering it permanently inaccessible to everyone including the hacker. Only 7 ETH remained. However, because they had to spend ETH to fund the attack, the hack ultimately resulted in a loss of 4 ETH (~$8,000) for the perpetrator. Oops.

As a result of the hack, the R stablecoin lost its dollar peg, plummeting down to around $0.70. Raft acknowledged the attack and announced that they had paused minting.

Theme tags: Bug, Bummer, Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi, stablecoins

Samudai treasury drained

The treasury of the Samudai DAO was apparently drained as an attacker compromised the project's multisignature wallets and the wallet belonging to the project's founder, Kushagra Agarwal. Altogether, around $1.25 million in ETH was stolen.

Agarwal sent a message to the thief shortly afterwards, offering a 10% "bounty" in exchange for the return of the rest of the funds. The attacker didn't seem to be interested, and in mid-January began tumbling the assets through the Tornado Cash cryptocurrency mixer.

Samudai didn't seem to publicly acknowledge the theft, even though they've posted on Twitter a few times since then. The organization had raised $2.5 million in pre-seed capital in June 2022.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Poloniex hacked for more than $120 million

Assets including Bitcoin, Ethereum, and Tron's TRX token, priced at more than $126 million, were stolen from Justin Sun's Poloniex cryptocurrency exchange. Researchers are still homing in on the exact amount of funds that were stolen from the company's hot wallets across multiple blockchains, but suffice to say it's a lot.

Poloniex was initially tight-lipped, posting on Twitter that they had "disabled for maintenance" an exchange wallet. Justin Sun later updated that they were investigating the "hack incident", and promised to "fully reimburse" the massive theft... somehow. He later tweeted that they would offer a 5% "bounty" to the hacker if they returned the funds within a week, threatening to "engage law enforcement" otherwise.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Bitcoin, Ethereum, Tron

CoinSpot exchange exploited

The Australian cryptocurrency exchange CoinSpot appears to have been hacked for around 1,283 ETH (~$2.4 million). In two separate transactions, the ETH was transferred out of CoinSpot's hot wallet, then bridged to Bitcoin via Thorchain and another bridge.
Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

Wintermute declares friendship over with Near Foundation and Aurora Labs after they refuse to send $11 million

"Public service announcement or 'how we are not really friends with Near Foundation and Aurora Labs going forward'", wrote Wintermute CEO Evgeny Gaevoy on Twitter. He launched into a thread accusing Near and Aurora of refusing to honor a previous agreement to facilitate the redemption of around 11.2 million USN, the de-pegged stablecoin of the Near network. Wintermute said they had helped FTX to sell that quantity of the USN tokens, providing them with dollars to disburse to creditors, under the belief that Near and Aurora would help them honor the USN redemptions at $1.

However, Near later decided it would not honor the redemption, accusing Wintermute of trying to pull off an arbitrage trade with the distressed asset. They also, somewhat curiously, claimed that the funds that were provided to Wintermute by the FTX estate may have been the tied to illegal activities. Aurora also described Wintermute's claims as "unfounded", and accused Wntermute of "tr[ying] to exploit the programme to profit from the purchase of distressed assets from the Alameda estate".

Wintermute has promised to "pursue all legal avenues" against the Near Foundation and Aurora Labs.

Theme tags: Hmm, Shady business
Blockchain tags: Blockchain: Ethereum

MEV bot exploited for almost $2 million

An MEV bot was exploited after an attacker discovered a vulnerability in its code that allowed anyone to call one of its functions that sold wBTC for wETH. Using a flash loan to imbalance a wETH/wBTC pool on Curve, the attacker then caused the bot to purchase wBTC at its inflated price. They then sold the wBTC for a profit. Altogether, the exploiter made off with 1,047 ETH ($1.975 million).
Theme tags: Hack or scam
Blockchain tags: Blockchain: Bitcoin, Ethereum

Arrests made in $300 million Indian crypto scam

Indian police have arrested around eighteen people, including four police officers, in connection with a $300 million cryptocurrency scam that affected around 100,000 people in Himachal Pradesh. Victims were invited to invest in a cryptocurrency called Korvio Coin (KRO), but later the scam incorporated other tokens as well. Around 5,000 government officials and around 1,000 police fell victim to the scam, with some themselves becoming promoters.

The scam was allegedly orchestrated by Subhash Sharma, who has not been apprehended. This particular fraud was uncovered in September, but has been ongoing since as long ago as 2018.

Theme tags: Hack or scam

Yuga Labs' social media lead resigns after racist and antisemitic tweets resurface

One might think that a social media lead might have a grasp on his own social media accounts, and might have scrubbed damning tweets made only shortly before they began their position.

One also might think that a company embroiled in constant racism accusations might be cautious about screening its employees.

Neither of these things happened, though, and someone dug up vile tweets by Shpend Salihu, better known as NGBxShpend. Salihu resigned shortly after the tweets came to light, writing that they had "become a distraction from the [Bored Ape Yacht] Club and what we're all about."

Theme tags: Yikes
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Bored Ape collectors experience searing eye pain after "ApeFest" party

Bored Ape #9291. A brown-furred ape, wearing a slouchy orange beanie and black t-shirt, has its mouth open in a sort of smile. There are red laser beams shooting out of (or perhaps into) its eyes.All this time I thought the lasers were going in the other direction (BAYC #9291) (attribution)
Bored Ape collectors attending an ApeFest party in Hong Kong have now been subjected to the kind of eye pain the rest of us have felt for years having to look at their hideous, pricey JPEGs.

The going theory is that event organizers skimped on lighting costs by using UV lights intended for sanitization, not for entertainment, causing burns to the eyes and skin. The eye condition, photokeratitis, is better known as "snow blindness" or "welder's flash", as it more typically affects people who haven't worn proper eye protection while welding or while exposed to sunlight reflected from ice and snow.

Several attendees reported having to seek emergency medical treatment after experiencing excruciating eye pain and vision problems, and tweet threads began circulating giving various other ApeFest attendees advice on recovering from the painful condition.

Bored Ape creator Yuga Labs belatedly issued a tweet two days after the incident, claiming only a small fraction of attendees had experienced "eye-related issues", but encouraging anyone with symptoms to "seek medical attention just in case".

Theme tags: Bummer, Yikes
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Sam Bankman-Fried convicted on seven charges

Sam Bankman-FriedSam Bankman-Fried (attribution)
After less than five hours of deliberation, a jury convicted Sam Bankman-Fried of seven fraud and money laundering charges. The conviction followed a five-week-long trial which culminated in Sam Bankman-Fried himself taking the stand, only to appear evasive and sullen as he told prosecutors he couldn't recall many significant events from his time as FTX CEO.

Sentencing is scheduled for March 28, 2024, though scheduling could be affected by factors including whether the US decides to continue pursuing an additional five charges also set to be tried in March.

Theme tags: Law

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.