Shiba Inu developers leak AWS credentials on Github

If Amazon would like to buy the rights to the slogan "Web3, powered by AWS™️", feel free to reach out, because I'm registering it.

On September 8, a security researcher published a blog post reporting that the developers behind the Shiba Inu coin—one with reality-defying levels of popularity at #13 on the list of coins by market cap—had apparently published their AWS credentials to Github. After making the discovery, his team attempted to contact the developers, but were not able to find a bug bounty program, responsible disclosure policy, or even people they could reach out to personally.

Luckily for Shiba Inu (and somewhat miraculously), the tokens were invalidated two days later before anyone malicious apparently took advantage of the vulnerability. The researcher wrote that the exposure had "the potential to cause serious security breaches, including but not limited to user fund theft, token embezzlement, disruption of services, etc."

Coinbase funds lawsuit against the Treasury Department over Tornado Cash sanctions

In the wake of OFAC adding Tornado Cash to the U.S. sanctions list in early August, Coinbase has announced they will fund a lawsuit against the Treasury Department to challenge the decision. Coinbase itself is not a plaintiff in a lawsuit, though two of the plaintiffs are Coinbase employees, who along with four other individuals filed suit in a Texas court. They say they previously used Tornado Cash for licit purposes, and are now suffering financial damages because they can't legally use the service.

In the suit, they argue that the Treasury Department overstepped its authority in what it can sanction, claiming that "Tornado Cash software, including the smart contracts, consists of immutable open-source software code, which is not property, a foreign country or a national thereof, or a person of any kind." They've also argued that the designation is unconstitutional under both the free speech protections of the First Amendment and the due process protections of the Fifth Amendment.

Crypto reacts to Queen Elizabeth's death

A pixel art illustration of Queen Elizabeth in skeletal form, inside a gilded frameQueenE 74 (attribution)
The news of Queen Elizabeth II's death resulted in the creation of at least 40 memecoins, multiple Queen Elizabeth-themed NFT collections, and special edition NFTs in various existing NFT projects.

Is there a way to include in one's will that you don't wish to be turned into an NFT or commemorated with a "Queen Inu" token when you die? Asking for a friend.

Company begins selling Celsius-themed Monopoly game... three months after Celsius suspends withdrawals

A Monopoly game themed after the company Celsius, with a large Celsius logo in the middleCelsiusopoly (attribution)
After what USA Strong Head of Sales & Partnerships described as "months and months" of work, apparently the company had decided they had sunk too much effort into the Celsius-themed game of Monopoly to scrap the project, and opted to push ahead. What could be more fun to any of the large group of users who have significant funds locked up in the platform than gathering around the table to play "Celsiusopoly", which they can buy for $99 (if they have that kind of money to spare). The center of the board is adorned with the Celsius logo and the slogan "Do Good. Then do well", and there is a "HODL Mode activated" square that might have been a lot funnier before the company involuntarily activated "HODL mode" for all its users.

If you were wondering who might decide to sell such a product, well, USA Strong's founder and CEO is none other than Krissy Mashinsky, wife of Celsius founder Alex Mashinsky.

Both the announcement tweet and the game product page were taken down shortly after the announcement, likely due to the less-than-enthused response from Celsius users.

Investors face $11 million loss in VBit Technologies/Advanced Mining Group, an alleged crypto Ponzi scheme

The Philadelphia Inquirer published a report on VBit Technologies, later Advanced Mining Group, a company that promised investors to buy and operate Bitcoin miners on their behalf and pay them out the returns. Much of the group's operations relied on a system of "affiliates" bringing in more investors—a sort of suspicious triangular-shaped scheme—and executives and top-performing affiliates enjoyed lavish rewards including expensive wines, six-figure sports cars, and fancy vacations.

However, customers trying to withdraw their "rewards" saw increasing delays in receiving their payouts—days, then weeks, then an indefinite pause. A COO hired by the group left the company only three weeks later. On June 27, the group sent an email to its customers explaining that there was a "potential pending settlement" with the SEC—the first customers heard of the existence of any investigation—and that they would no longer serve customers in the U.S. On July 15, the company promised to refund customers what they paid to sign up with the program, but no refunds or further updates have materialized.

The company has faced lawsuits in Washington state and Delaware, and apparently operated for two years after executives had acknowledged they were violating securities laws. The Delaware lawsuit describes the operation as a Ponzi scheme, and alleges that the company sold packages that would have required far more computing power than the company actually had access to.

David Bowie NFTs anger fans

A screenshot of a tweet by the official David Bowie account, which reads "Out of respect for the people of the UK and Queen Elizabeth II, we will be postponing the 'Bowie on the Blockchain' sale. We will update soon." Another user has screenshotted the tweet and crossed out "the people of the UK and Queen Elizabeth II" and replaced it with "David Bowie", making it read "Out of respect for David Bowie, we will be postponing the 'Bowie on the Blockchain' sale."Tweet by Jonathan Dean (attribution)
The latest entry in "group launches NFTs, fans hate it" comes from the David Bowie estate, who decided that "Bowie on the Blockchain" would be a cool idea to raise money for charity.

A tweet from OpenSea announcing the project received some positive replies, and a lot of other NFT projects trying to promote Bowie-themed NFTs they'd included in their collections. However, the tweet from David Bowie Twitter account seemed to be received almost universally negatively, with many commenters writing that they wished the estate would just raise money for charity without getting into NFTs, and others writing that they didn't think Bowie would have supported NFTs.

On September 10, the account announced that "Out of respect for the people of the UK and Queen Elizabeth II, we will be postponing the 'Bowie on the Blockchain' sale. We will update soon."

Flash loan attack nets attacker $370,000 from several sources

An attacker using the Avalanche blockchain successfully executed a flash loan attack impacting one contract and several other liquidity providers. The attacker made around $370,000 in USDC from the attack.

Binance plans to convert USDC and other stablecoins into their own BUSD stablecoin

Binance users who hold USDC (USD Coin), USDP (Pax Dollar), or TUSD (True USD) will find their holdings "converted" into Binance's stablecoin, BUSD, on September 29. The three stablecoins that Binance plans to convert are the second, fifth, and sixth largest stablecoins on the market as of September 5.

Binance claims the move is to "enhance liquidity and capital-efficiency for users", but the conversion and Binance's related decision to stop trading on spot pairs involving those same stablecoins seems like an attempt to increase the status of its own stablecoin against that of rivals.

Poolin suspends withdrawals from their wallet service

PoolinWallet is a crypto wallet service provided by Poolin, which runs the fourth-largest Bitcoin mining pool and third-largest Ethereum mining pool in the world. In the announcement they wrote that "Poolin Wallet is currently facing some liquidity problems due to recent increasing demands on withdrawals. But please be assured, all user assets are safe and the company's net worth is positive." The firm also urged users to ignore rumors of a rug pull.

Poolin users had been complaining about issues withdrawing from their Poolin wallets since at least August, which had sparked rumors of liquidity problems prior to the announcement. Poolin said in their announcement that they would announce their plans to resume withdrawals within two weeks.

Bitcoiner gets 6–15 months in prison, warns others about making peer-to-peer Bitcoin trades

Mark Hopkins, also known as "Doctor Bitcoin" or "Rizzn", announced on social media that he would be spending between 6 and 15 months in federal prison "for the crime of selling Bitcoin a few years ago". His charge carried a maximum sentence of five years imprisonment.

In 2019, his home was raided in connection to a Nigerian lottery scam, for which he converted between half a million and $1.5 million to cryptocurrency over the span of half a year. He was ultimately charged with "illegally operating a cash-to-cryptocurrency conversion business", to which he pleaded guilty (by his telling, in an attempt to get charges against his family members dropped).

Hopkins claims that "any time anyone with a crypto trades p2p (i.e., not with an exchange), they’re legally liable under this statute as it’s currently interpreted", though authorities have claimed that Hopkins knowingly aided the lottery scammer by telling them "I'm set up as a marketing company, so tell them you’re paying for a marketing campaign".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.