Samudai treasury drained

The treasury of the Samudai DAO was apparently drained as an attacker compromised the project's multisignature wallets and the wallet belonging to the project's founder, Kushagra Agarwal. Altogether, around $1.25 million in ETH was stolen.

Agarwal sent a message to the thief shortly afterwards, offering a 10% "bounty" in exchange for the return of the rest of the funds. The attacker didn't seem to be interested, and in mid-January began tumbling the assets through the Tornado Cash cryptocurrency mixer.

Samudai didn't seem to publicly acknowledge the theft, even though they've posted on Twitter a few times since then. The organization had raised $2.5 million in pre-seed capital in June 2022.

Poloniex hacked for more than $120 million

Assets including Bitcoin, Ethereum, and Tron's TRX token, priced at more than $126 million, were stolen from Justin Sun's Poloniex cryptocurrency exchange. Researchers are still homing in on the exact amount of funds that were stolen from the company's hot wallets across multiple blockchains, but suffice to say it's a lot.

Poloniex was initially tight-lipped, posting on Twitter that they had "disabled for maintenance" an exchange wallet. Justin Sun later updated that they were investigating the "hack incident", and promised to "fully reimburse" the massive theft... somehow. He later tweeted that they would offer a 5% "bounty" to the hacker if they returned the funds within a week, threatening to "engage law enforcement" otherwise.

CoinSpot exchange exploited

The Australian cryptocurrency exchange CoinSpot appears to have been hacked for around 1,283 ETH (~$2.4 million). In two separate transactions, the ETH was transferred out of CoinSpot's hot wallet, then bridged to Bitcoin via Thorchain and another bridge.

Wintermute declares friendship over with Near Foundation and Aurora Labs after they refuse to send $11 million

"Public service announcement or 'how we are not really friends with Near Foundation and Aurora Labs going forward'", wrote Wintermute CEO Evgeny Gaevoy on Twitter. He launched into a thread accusing Near and Aurora of refusing to honor a previous agreement to facilitate the redemption of around 11.2 million USN, the de-pegged stablecoin of the Near network. Wintermute said they had helped FTX to sell that quantity of the USN tokens, providing them with dollars to disburse to creditors, under the belief that Near and Aurora would help them honor the USN redemptions at $1.

However, Near later decided it would not honor the redemption, accusing Wintermute of trying to pull off an arbitrage trade with the distressed asset. They also, somewhat curiously, claimed that the funds that were provided to Wintermute by the FTX estate may have been the tied to illegal activities. Aurora also described Wintermute's claims as "unfounded", and accused Wntermute of "tr[ying] to exploit the programme to profit from the purchase of distressed assets from the Alameda estate".

Wintermute has promised to "pursue all legal avenues" against the Near Foundation and Aurora Labs.

MEV bot exploited for almost $2 million

An MEV bot was exploited after an attacker discovered a vulnerability in its code that allowed anyone to call one of its functions that sold wBTC for wETH. Using a flash loan to imbalance a wETH/wBTC pool on Curve, the attacker then caused the bot to purchase wBTC at its inflated price. They then sold the wBTC for a profit. Altogether, the exploiter made off with 1,047 ETH ($1.975 million).

Arrests made in $300 million Indian crypto scam

Indian police have arrested around eighteen people, including four police officers, in connection with a $300 million cryptocurrency scam that affected around 100,000 people in Himachal Pradesh. Victims were invited to invest in a cryptocurrency called Korvio Coin (KRO), but later the scam incorporated other tokens as well. Around 5,000 government officials and around 1,000 police fell victim to the scam, with some themselves becoming promoters.

The scam was allegedly orchestrated by Subhash Sharma, who has not been apprehended. This particular fraud was uncovered in September, but has been ongoing since as long ago as 2018.

Yuga Labs' social media lead resigns after racist and antisemitic tweets resurface

One might think that a social media lead might have a grasp on his own social media accounts, and might have scrubbed damning tweets made only shortly before they began their position.

One also might think that a company embroiled in constant racism accusations might be cautious about screening its employees.

Neither of these things happened, though, and someone dug up vile tweets by Shpend Salihu, better known as NGBxShpend. Salihu resigned shortly after the tweets came to light, writing that they had "become a distraction from the [Bored Ape Yacht] Club and what we're all about."

Bored Ape collectors experience searing eye pain after "ApeFest" party

Bored Ape #9291. A brown-furred ape, wearing a slouchy orange beanie and black t-shirt, has its mouth open in a sort of smile. There are red laser beams shooting out of (or perhaps into) its eyes.All this time I thought the lasers were going in the other direction (BAYC #9291) (attribution)
Bored Ape collectors attending an ApeFest party in Hong Kong have now been subjected to the kind of eye pain the rest of us have felt for years having to look at their hideous, pricey JPEGs.

The going theory is that event organizers skimped on lighting costs by using UV lights intended for sanitization, not for entertainment, causing burns to the eyes and skin. The eye condition, photokeratitis, is better known as "snow blindness" or "welder's flash", as it more typically affects people who haven't worn proper eye protection while welding or while exposed to sunlight reflected from ice and snow.

Several attendees reported having to seek emergency medical treatment after experiencing excruciating eye pain and vision problems, and tweet threads began circulating giving various other ApeFest attendees advice on recovering from the painful condition.

Bored Ape creator Yuga Labs belatedly issued a tweet two days after the incident, claiming only a small fraction of attendees had experienced "eye-related issues", but encouraging anyone with symptoms to "seek medical attention just in case".

Sam Bankman-Fried convicted on seven charges

Sam Bankman-FriedSam Bankman-Fried (attribution)
After less than five hours of deliberation, a jury convicted Sam Bankman-Fried of seven fraud and money laundering charges. The conviction followed a five-week-long trial which culminated in Sam Bankman-Fried himself taking the stand, only to appear evasive and sullen as he told prosecutors he couldn't recall many significant events from his time as FTX CEO.

Sentencing is scheduled for March 28, 2024, though scheduling could be affected by factors including whether the US decides to continue pursuing an additional five charges also set to be tried in March.

Onyx hacked for $2.1 million

The Onyx Protocol was hacked for 1,164 ETH (~$2.1 million) after an exploiter took advantage of a known vulnerability affecting forks of Compound Finance. The bug allows attackers to siphon funds from new and unfunded markets on Compound forks — in this case, a new pool that had been created for the PEPE token.

After pulling off the hack, the attacker received the usual flood of on-chain messages from people asking them to share some of their ill-gotten funds. Unusually, the attacker followed through, ultimately sharing 19.5 ETH (~$36,000) out of their spoils.

Onyx is far from the first Compound fork to fail to patch known vulnerabilities and suffer hacks as a result. Hacks stemming from known Compound bugs, such as the attacks on Rari Capital and Sonne Finance, have netted tens of millions of dollars apiece for attackers in the past.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.