SEC sues Consensys, maker of MetaMask wallet

As expected, the SEC has filed a lawsuit against Consensys, the maker of the popular MetaMask cryptocurrency wallet. Although Consensys had recently gloated about the SEC completing an investigation into the company's offering of ETH, and determining not to pursue action over it, a Wells notice sent to the firm in April suggested that some legal action was impending. Shortly afterwards, Consensys filed a lawsuit against the SEC, alleging regulatory overreach.

The SEC's lawsuit claims that Consensys violated securities laws by acting as an unregistered securities broker, and by offering staking services that constituted unregistered securities offerings. The SEC has previously cracked down on staking offerings by other firms, including Coinbase and Kraken.

Logan Paul files defamation lawsuit over Coffeezilla's coverage of his failed CryptoZoo project

Logan PaulLogan Paul (attribution)
A year and a half after threatening to sue YouTuber Coffeezilla for his series of videos exposing influencer Logan Paul's (alleged) role in (allegedly) scamming his large following with a failed blockchain game, Paul has followed through on the threat. Although he acknowledges in the lawsuit that the project was definitely a scam, Paul says that he too was duped by several "conmen" who he'd brought on as advisers.

In the lawsuit, Paul claims that Coffeezilla knowingly falsely accused Paul of being in on the scam in hopes of getting more attention on his videos. Paul is seeking more than $75,000 in damages.

In January 2024, Paul filed suit against the advisers he's described as "conmen". He's also pointed the finger at them while defending a potential class action complaint from defrauded investors.

FBI busts group of crypto-seeking home invaders

The Department of Justice busted a group of more than a dozen people, led by a 24-year-old man named Remy St. Felix, who perpetrated a string of break-ins and violent assaults in hopes of obtaining their victims' cryptocurrency holdings. The group seems to have been far more successful with their hacking thefts than with their in-person attempts to obtain cryptocurrency, but that didn't stop them from committing a string of eleven break-ins where they assaulted, threatened, and kidnapped victims.

In one case, a victim was able to transfer $150,000 in cryptocurrency to the attackers before their cryptocurrency exchange blocked the suspicious transfers. However, in their other attempts to physically steal crypto, they were unsuccessful, with victims either refusing to hand over their crypto or successfully escaping.

In one case, St. Felix and his associates targeted a woman from whom his group had already stolen $3 million in a SIM swapping attack. When they broke in and held the woman at gunpoint to try to steal the $500,000 in crypto she had left, the woman refused to turn over her password to her cryptocurrency account, so dismayed by her earlier loss that she told the men just to shoot her.

St. Felix was convicted on nine counts by a federal jury, and faces a sentence of seven years to life in prison. Thirteen co-conspirators also pleaded guilty.

Farcana token plummets 60% amid murky explanations

The token for the Farcana blockchain shooting game plummeted in value by around 60%. First, the project team announced that one of the project wallets had been compromised. However, they later deleted that tweet, then claimed that one of their market makers had been compromised. They emphasized that their wallets had not been hacked, and that their smart contracts had not been exploited.

23.8 million FAR were taken from a wallet, and the majority were sold for around $164,000 in USDT. The exploiter still holds 3.4 million FAR, which are notionally worth $83,250 but not likely to be sellable for that amount.

Farcana raised $10 million in seed funding in November 2023 from investors including Animoca and Polygon Ventures.

Victim loses $11 million to permit phishing

A victim lost $11 million in Aave Ethereum (aEthMK) and Pendle USDe tokens after signing several permit phishing signatures. Permit phishing is a technique in which scammers convince a victim to sign a transaction that grants broad permissions, allowing the scammer to then drain assets from the wallets.

Sportsbet.io likely hacked for $3.5 million

It appears that the online crypto sports betting platform Sportsbet.io suffered a theft of around $3.5 million in USDT and Tron's TRX tokens. The theft was observed by crypto sleuth zachxbt, who noted that the theft seems to have been perpetrated by the same attacker who stole at least $55 million from the BtcTurk cryptocurrency exchange only hours earlier.

SportsBet has not yet disclosed any theft.

"Read-only" CoinStats crypto application enables wallet breaches

CoinStats, an application promising to help people track their cryptocurrency holdings, has suffered a breach impacting more than 1,500 user wallets.

The application asks its users to connect their wallets to allow it to track their holdings, but promises on the website that it offers "the ultimate security for your digital assets". "Since we ask for read-only access only, your holdings are perfectly safe under any conditions," the website promises, later touting its "military-grade encryption".

CoinStats shut down the platform while investigating the incident. Losses have been estimated at around $2.2 million.

50 Cent claims his accounts were compromised to promote a memecoin

Tweet by 50cent: "Get Rich or Die Tryin! 💪🏾 Get the official $GUNIT Now"Scam tweet from 50 Cent's account (attribution)
50 Cent has claimed his Twitter account and website were hacked to promote a memecoin called $GUNIT. "I have no association with this crypto," the rapper wrote on Instagram.

50 Cent also claimed in the post that "Who ever did this made $300,000,000 in 30 minutes." It's not clear where 50 Cent got this number, because the token has only done $19.8 million in volume. One wallet made around $722,000 off the token, and three others also made over $100,000.

BtcTurk exploited for at least $55 million

The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted deposits and withdrawals while investigating, and said they are working with law enforcement.

It appears that assets notionally worth around $55 million were stolen. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.

According to newly installed Binance CEO Richard Teng, Binance froze $5.3 million of the stolen assets.

CertiK and Kraken accuse each other of misconduct over bug report and $3 million "testing"

Prominent blockchain security firm CertiK has accused American cryptocurrency exchange Kraken of threatening them after they reported a bug. According to CertiK, they discovered a bug in the exchange software, which they tested with multiple transactions over several days. Some of these were large transactions, which CertiK said they performed to test whether Kraken had alerting in place to detect higher-value transfers. When they reported the vulnerability to the exchange, they say the exchange patched the bug, but then threatened CertiK employees and demanded they repay a "mismatched" amount of crypto allegedly taken during the testing period.

However, others have noted that the number of transactions and amount of cryptocurrency taken by CertiK while "investigating" the bug seems to far exceed the norm for whitehat security researchers, and that they took cryptocurrency amounting to millions of dollars — making their "testing" look a lot more like a blackhat theft. Furthermore, CertiK made several transfers to Tornado Cash as part of their "testing" — an entity that is sanctioned by the United States.

Kraken alleged that CertiK did not disclose the full extent of their employees' transactions, and refused to return the $3 million they had taken. They also alleged that CertiK had attempted to extort them. Kraken said they had been in contact with law enforcement, and were "treating this as a criminal case".

Ultimately, CertiK returned the funds. However, it's not clear if criminal action may be ongoing.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.