Reaper Farm exploited for around $1.7 million

Yield farming project Reaper Farm suffered an exploit that resulted in a $1.7 million loss. The attackers discovered a vulnerability that allowed them to withdraw anyone else's funds. They then bridged funds to Ethereum, then laundered them through Tornado Cash. After discovering the exploit, Reaper Farms used the same vulnerability to remove funds from the remaining vulnerable vaults to prevent the attacker from stealing more.

Shortly after the exploit, Reaper Farms announced they plained to raise capital via "the sale of vested $OATH tokens from our treasury with desirable terms", which would then be used alongside other assets in their treasury to compensate users.

Operators of Dropil crypto scam sentenced to federal prison

Two men who ran an "investment management service" called Dropil were sentenced to 2½ and 3 years in prison after stealing around $1.9 million from more than 2,000 people. They convinced people to buy DROP tokens, which they said would provide access to an automated trading bot that would return up to 63% in annual returns. In reality, there was no functional trading bot. When the SEC inquired, the two men forged profitability reports and lied under oath about the project.

SEC charges perpetrators of $300 million Forsage crypto pyramid scheme

The SEC charged eleven people who helped to create and promote the crypto pyramid and Ponzi scheme Forsage. The scam operated from January 2020 into 2021, despite multiple cease and desist actions from regulators in the US and the Philippines.

Users deposited their money into projects running on the Ethereum, Tron, and Binance blockchains, and earned rewards for recruiting others to the scheme. The project also used payments from newer investors to pay out earlier investors—a Ponzi scheme.

Players in the National Women's Soccer League may be "out money" after Voyager bankruptcy

Half of the money in a large deal between the crypto platform Voyager Digital and the National Women's Soccer League was supposed to be distributed to players in cryptocurrency accounts. According to a press release from Voyager, this was intended to "provide NWSL players with financial education on crypto, including key lessons and tools, to help develop long-term financial growth opportunities for players potentially well after their competitive playing careers have ended."

Those players have certainly learned something about crypto, as the league informed them that they're not likely to get the funds they were promised after Voyager Digital filed for bankruptcy in early July.

People rush to steal some of the $190 million in the Nomad bridge after an exploit is discovered

After an attacker began exploiting a vulnerability in the Nomad bridge, many people rushed to replicate the attack and steal some of the roughly $190 million of various cryptocurrencies in the bridge. Some didn't seem to think through the consequences of using wallets tied to their real-life identities to exploit the vulnerability, which should be interesting to watch.

Nomad posted on Discord and tweeted that they were "aware of the incident" and "investigating", but the attack was ongoing over an hour after the acknowledgement.

Four days before the attack, Nomad announced that they'd raised a $22.4 million seed round from investors including Coinbase, OpenSea, and Crypto.com.

CoinFLEX cuts "significant number" of staff

CoinFLEX, a yield farming platform that stopped withdrawals in late June, announced they had made major staff cuts to reduce their cost base by 50–60%. "The intention is to remain right-sized for any entity considering a potential acquisition of or partnership opportunity with CoinFLEX," they wrote in a blog post.

Restructuring plans reveal Babel Finance's $225 million losses during crypto market dip

Babel Finance, a crypto lender that suspended withdrawals in mid June, sustained "massive losses" thanks to its proprietary trading desk, which was trading with customer funds. According to a restructuring plan viewed by Bloomberg, Babel's prop desk lost around 8,000 BTC and 56,000 ETH, valued at around $225 million at the time of the loss. The trading team was not using risk controls, and their unhedged position led to forced liquidations that made Babel's lending and trading departments unable to meet its margin calls from counterparties like Zipmex.

Helium caught lying that Lime and Salesforce use their network

A graphic from Helium's website, with the header "Helium is used by:" and then a collage of logos including Lime and SalesforceScreenshot of Helium's website (attribution)
Helium, a network of wireless hotspots for low-power devices whose operators are incentivized by a crypto token, has been lying about its relationship with scooter rideshare company Lime. According to an investigation by Matt Binder in Mashable, Helium has been boasting that Helium is used by Lime on their website and describing them in press coverage as a prominent user of the network despite the fact that Helium and Lime never had a formal relationship. "Helium has been making this claim for years and it is a false claim", said a Lime spokesperson.

Helium is a common name that comes up when people are pressed to provide examples of web3 use cases. The New York Times ran a feature on the company in February 2022, titled "Maybe There's a Use for Crypto After All", where Kevin Roose lavished praise on the company and wrote that they had "largely avoided the hype and inflated claims that surround many crypto projects" (oops) and repeated the false claim about a Lime partnership (double oops). Lime said that the Times never contacted them to fact-check the claim; meanwhile, Helium founder Amir Haleem prominently points people to the article with a pinned tweet.

However, a recent Twitter thread by Liron Shapira drew attention to the fact that the company's total monthly revenue from network usage is only $6,500—raising questions about the feasibility of hotspot operators actually earning much in the way of rewards (as the rewards are distributed based on network usage).

Following the publication of Binder's article, Helium quietly removed Lime's logo from their website, along with that of Salesforce, a CRM software company. Salesforce also confirmed to The Verge that they had no partnership with Helium, and that the graphic on the Helium website where Salesforce's logo was displayed as a user of Helium was "not accurate".

Regulators order Voyager to stop saying they're FDIC insured

One of the ways Voyager Digital drew in customers was by promising that their funds in USD were protected from a collapse of the company by FDIC deposit insurance, which normally applies to bank accounts. When Voyager declared bankruptcy earlier this month, some of their customers were horrified to discover this was not the case.

The Federal Reserve and the FDIC sent a cease-and-desist to Voyager, asking them to remove the misleading statements about deposit insurance. It would have been nice if this had come a bit earlier—perhaps before people had deposited money into accounts with the company and could no longer get it out.

Nirvana Finance drained of $3.5 million

The Solana-based yield farming project, Nirvana Finance, was exploited by an attacker who used flash loans to drain the project of just under $3.5 million. The attacker took out a $10 million loan from the Solend project, used it to mint ANA tokens, swapped the ANA for $13.5 million, and then repaid the loan. The attack was similar to the attack on Crema Finance earlier in the month.

The attack caused the project's ANA token to plunge in value by 80%, and the project's NIRV stablecoin to lose its dollar peg, falling to $0.08. Nirvana Finance tweeted, "Please be advised: ANA has lost its collateral, and NIRV has lost its peg. Until the thief restores funds, these tokens will not have exchange value. Be very careful with trading NIRV & ANA, as they currently have no guaranteed value."

They also tweeted at the hacker, promising to stop investigating the hacker's identity and to pay a $300,000 "bounty" in exchange for the funds back. They wrote, "You have not taken money from VCs or large funds—the treasury you have taken represents the collective hopes of everyday people."

The project had promised its users over 60% APY, and its Twitter account described ANA as "the balanced risk investment with adaptive yield".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.