Samourai Wallet operators charged over crypto mixer operations

Keonne Rodriguez and William Lonergan Hill, founders of the Samourai Wallet, were arrested and charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money transmitting business. The charges relate to their operation of a cryptocurrency mixer that the DOJ says helped to launder over $2 billion in unlawful transactions. $100 million of that, they say, was connected to dark web markets including Silk Road and Hydra Market. Indeed, Samourai had actively marketed its products to "Dark/Grey Market participants".

Rodriguez was arrested in the United States; the United States will seek extradition for Hill, who was arrested in Portugal.

Samourai Wallet advertised itself as "a bitcoin wallet made for the streets", which would "keep your transactions private, your identity masked, and your funds secure". It touted features including "remote self-destruct", and would hide itself from a phone's applications list. As charges were filed in the United States, the wallet's website began displaying a seizure notice that informed visitors of a coordinated law enforcement action by the US Attorney's Office in the Southern District of New York, FBI, IRS, Europol, and Portuguese and Icelandic police. The app was also removed from the Google Play Store.

ZKasino rug pulls after raising $33 million

A project promising to build a decentralized casino managed to raise $33 million, despite an anonymous team that had exhibited several instances of shady behavior throughout ZKasino's development. The project promised that everyone who bridged ETH to their layer-2 chain would be able to receive their ETH back 1:1 in thirty days.

Instead, the project's creators transferred those more than 10,500 ETH ($33 million) to Lido, an Ethereum staking service. As for the "return" of funds, the project team indeed followed through with their promises to return the crypto... except instead of ETH, depositors received the project's native token, ZKAS, which would vest over a period of 15 months. The project announced that they had calculated the ZKAS distribution based on a discounted rate, "as a favour to our users who have bridged to participate in the ecosystem". Gee, thanks!

One investor in the project wrote, "We made a mistake investing in Zkasino early. ... [I]t sounds like a scam, but 95% of crypto consists of such crap. With memecoins pumping every day, people believe this could be the next one."

It seems that ZKasino's creators have links to other crypto scams, including a failed "ZigZagExchange", which raised around $15 million that was allegedly misallocated to work on the ZKasino project. Crypto sleuth zachxbt had also described the team as "proven bad actors" in December, listing multiple instances in which they had avoided making promised payments.

After the rug pull, the project's planned IDO on Ape Terminal and AIT Launchpad were canceled, and MEXC (which had invested in the project's seed round) canceled the token listing.

Hedgey Finance hacked for almost $45 million

Hedgey Finance, a platform used to manage token claims, lockups, and vesting, was hit with a flash loan attack that drained $44.7 million of customer funds from the platform.

The majority of assets were stolen from Hedgey on the Arbitrum layer-2 network, although around $2.1 million of them were stolen from the version deployed on the Ethereum mainnet.

Hedgey Finance confirmed the exploit, and sent an optimistic and congratulatory message on-chain: "Well done for finding it! We're assuming you executed this exploit as a white hat, so we'd like to get in touch with you to discuss next steps." No on-chain response thus far.

Hong Kong police arrest 72 people, freeze $29 million in connection to JPEX

Police in Hong Kong have arrested 72 people and frozen HK$228 million (~US$29 million) in connection to the collapse of the JPEX cryptocurrency exchange in September 2023. The South China Morning Post has described the collapse as the largest alleged fraud of its kind in Hong Kong.

According to Hong Kong police, they have received more than 2,600 complaints about JPEX, involving HK$1.6 billion (~US$204 million) in assets.

Avi Eisenberg convicted of $110 million Mango Markets heist

A jury found Avi Eisenberg guilty of fraud and market manipulation after he stole $110 million from the Mango Markets defi protocol in October 2022. Although he tried to argue that "code is law", and that his actions were legal as they were allowed by the project's smart contracts, jurors ultimately agreed with prosecutors that his manipulation of token prices constituted fraud.

Shortly after he was identified as the person behind the attack, Eisenberg tweeted that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions". Sadly for him, jurors didn't share this belief.

Eisenberg faces up to 20 years in prison.

Roger Stone endorses $TRUMP memecoin with misleading posts

Roger StoneRoger Stone (attribution)
Amid tweets alleging corruption among jurors in his 2019 criminal case, far-right activist and Trumpworld figure Roger Stone has posted several tweets endorsing "MAGA Memecoin", one of the many memecoins with the $TRUMP ticker. In several posts, he's suggested the token enjoys support from Trump himself, mentioning that the token is "the largest holding in Donald Trump's crypto wallet". "Donald Trump has at least $2M in @MAGAMemecoin in his crypto wallet - get yours- this cryptocurrency is going UP!", he wrote in another.

What he failed to mention is that the tokens in Trump's wallet were airdropped to him, likely without Trump even realizing it. Several of Trump's crypto wallets are publicly known, and people send coins and NFTs to them all the time. Trump has no more endorsed Stone's "MAGA Memecoin" than he has the "HarryPotterTrumpHomerSimpson777Inu" tokens that also sit in his crypto wallet.

Elsewhere, Stone disclosed, "My promotion of MAGAMemecoin is, of course, sponsored." I haven't been able to find where he has disclosed the amount he was paid for these promotions, as he is required to do.

$2 million emptied from Grand Base real world asset platform

Grand Base, a real world assets platform built on the Base layer-2 blockchain, has seen $2 million exit the platform in a hack or rug pull.

The team behind the project claimed that the deployer wallet had been compromised, allowing an attacker to drain the project's liquidity pool. Altogether, 615 ETH (~$2 million) was taken from the project.

Grand Base is a platform where users can trade "gAssets", which are crypto tokens that represent stocks in tech companies including Amazon, Apple, Google, Meta, and Microsoft.

tea.xyz causes open source software spam problems, again

The tea.xyz protocol first earned an entry on Web3 is Going Just Great in late February, when their plan to reward open source software contributors resulted in crypto enthusiasts with no intention of participating in OSS opening endless pull requests to claim ownership of prominent OSS projects. This spam was disruptive to said projects, whose (usually volunteer) maintainers had to figure out what was going on and then try to stop the spammy PRs.

Max Howell, the creator of tea.xyz (and creator of homebrew, though he's no longer involved), seemed apologetic, and promised to make changes to the protocol to stop this spammy behavior.

Now, deprived of that avenue, people are just creating massive waves of empty software packages, with nothing other than a "teafile" with their crypto wallet address for rewards, and submitting them to package managers like NPM and RubyGems.

This spam prompted a blog post from RubyGems, who wrote that they had to devote time to strengthening limits on package publishing and "ensuring [accounts] didn't disrupt the community further."

Security researchers at Phylum also wrote up the protocol's impact on the JavaScript world, which has seen as many as 7x as many packages published on NPM as previous daily averages. "Automated sustained spamming of this volume for months on end is rare and does nothing but cause heavy strain on the ecosystem itself, degrading the performance of the ecosystem for genuine users and straining open source security researchers," they wrote.

$26 million liquidated in surprise Pac Finance smart contract change

Pac Finance, a fork of the Aave lending protocol deployed on the Blast blockchain, surprised some of its users as an unannounced and unexpected code change lowered the liquidation threshold. Pac Finance said that they had asked an engineer to make changes to the smart contract, and that that person had unexpectedly decreased the threshold at which positions could be forcibly liquidated. This change resulted in $26 million being liquidated across the project.

Pac Finance has said they are "actively developing a plan with [impacted users] to mitigate the issue."

Australian NGS Crypto mining fund collapses

NGS Crypto, which sold "crypto mining packages" to interested investors, has been put into receivership. The Australian firm encouraged customers to set up a self-managed super fund — a type of retirement fund — to achieve returns they said were powered by crypto mining. The firms advertised returns of up to 16% annually, and promised that investors would receive 100% of their initial investment back at the term's completion — even "in the unlikely event that crypto mining becomes unprofitable".

NGS and its associated business is believed to have pulled in around AU$62 million (US$42 million) from around 450 Australians.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.