Although the indictment does not name FTX, Bloomberg has reported that "victim company-1" named in the court filings was FTX, which was hacked for around $400 million amid the chaos as the company was collapsing.
SIM swappers charged over hacks, reportedly including FTX
Three people running a SIM swapping operation have been charged with fraud and identity theft. By gaining access to the personal information of their victims and then convincing cell phone providers to "swap" victims' phone numbers to phones they controlled, they were then able to gain access to various accounts controlled by their victims.
Crypto exchange created by Three Arrows Capital founders to shut down
Who can believe this. OPNX, the crypto derivatives exchange created by the people who ran and then blew up the Three Arrows Capital hedge fund, will be shutting down. The exchange was originally announced in January 2023, with a tentative name of "GTX" — "because G comes after F", they said. It was created as an evolution of the CoinFLEX exchange, which had become insolvent and halted withdrawals in June 2022. Much of the exchange's focus was on allowing creditors of bankrupt cryptocurrency projects to trade their claims — including claims on Three Arrows Capital.
Now, as Su Zhu emerges from several months in jail, he, Kyle Davies, and the other executives of OPNX are shutting down the project. Traders have a week to settle their positions, and another week before the platform closes entirely.
Both Zhu and Davies are, of course, trying to promote a new crypto derivatives trading project.
More than $58 million stolen in Twitter phishing schemes in January
Scam Sniffer's January 2024 report describes more than 40,000 victims who collectively lost more than $58 million thanks to various phishing schemes on the Twitter platform.
The top seven victims collectively lost $17 million, with the top victim alone losing $4.7 million.
$112.5 million in XRP stolen from Ripple CEO Chris Larsen
Blockchain sleuth zachxbt noticed the strange movement of around 213 million XRP, the native token for the Ripple project. These tokens were priced at around $112.5 million at the time of the theft. He originally identified the source of funds as Ripple itself, though Ripple CEO Chris Larsen later went on Twitter to claim that the funds that were stolen had come from his personal wallets and not from wallets belonging to the Ripple project.
Larsen attempted to downplay the massive theft, claiming repeatedly that the theft did not represent a threat to Ripple itself, and trying to reassure people that Ripple wallets are still safe. However, fears over a threat to Ripple itself and the true separation between Larsen's wallets and those belonging to the Ripple project continued, and XRP dipped around 5% on the news.
Abracadabra exploited for almost $6.5 million, Magic Internet Money stablecoin depegs
Well that sure is a headline I just had to write.
The Magic Internet Money ($MIM) stablecoin has lost its dollar peg again, dipping all the way below $0.77 in a flash crash before returning to around $0.95.
The depeg appears to be related to an exploit of the Abracadabra lending protocol, which allows people to borrow $MIM. An attacker exploited an apparent flaw in the platform's smart contracts to drain around $6.5 million.
This is the second time the token has depegged, after a June 2022 incident shortly after the Terra collapse.
HyperVerse founder Sam Lee charged
US Attorneys in Maryland and the US Securities and Exchange Commission filed criminal and civil lawsuits, respectively, against Sam Lee, the co-founder of the HyperVerse cryptocurrency investment scheme, which has defrauded victims of between $1.3 billion and $1.9 billion depending on whose estimate you use. The US Attorneys have accused Lee of securities fraud and wire fraud. The SEC has accused Lee and a major HyperVerse promoter, Brenda Indah Chunga (aka "Bitcoin Beautee"), of securities fraud and offering unregistered securities.
This is the second HyperVerse related criminal charge in recent days, following the arrest of promoter "Bitcoin Rodney".
Goledo Finance hacked for $1.7 million
Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK at around $1.7 million.
Goledo Finance contacted the attacker to offer a 10% "bounty" for the return of the remaining assets. In a message on January 29, the attacker wrote: "I hacked Goledo and want to negotiate".
- Tweet by CertiK [archive]
- On-chain message from the attacker [archive]
Korean crypto karaoke platform Somesing hacked
Have you ever gone out to karaoke and thought "man, the only thing missing from this perfect night is a blockchain"? No? Weird.
Anyway, the South Korean Somesing platform — which is really more of a TikTok-but-just-for-song-covers clone than anything to do with karaoke — suffered a breach in which 730 million SSX tokens were stolen. These tokens are nominally priced at around $11.5 million, but around 2/3 of the stolen tokens were as yet undistributed and not a part of the circulating supply.
8,100 Bitcoin forfeited by Silk Road drugs distributor in guilty plea
The US government is cementing its status as one of the largest BTC holders by adding another 8,100 BTC (priced at almost $350 million today) to its stash. The tokens were forfeited in a plea agreement from Banmeet Singh, who sold large quantities of drugs including fentanyl, LSD, ecstasy, Xanax, Ketamine and Tramadol on various dark web marketplaces including the Silk Road.
Singh pled guilty to conspiracy to possess with the intent to distribute controlled substances and conspiracy to commit money laundering, charges for which he's expected to serve around 8 years in prison.
- "Defendant pleads guilty in dark web narcotics case involving largest cryptocurrency seizure of $150 million in drug proceeds", U.S. Attorney's Office, Southern District of Ohio [archive]
- "Dark-web drug-ring plea nets DEA millions in cryptocurrency", The Washington Post [archive]
WallStreetMemes token price plummets after staking contract exploited
Hackers were able to exploit a vulnerability in the staking contract for WallStreetMemes ($WSM), a memecoin and online casino project targeted at the "meme warriors" who frequent various financial meme communities, many of which formed around the Gamestop short squeeze.
The attackers were able to siphon 769 million $WSM from the contract, which was notionally worth around $7 million. However, the token lacks liquidity to support swapping hundreds of millions of tokens without depressing the price, and the token price dropped around 35% in the wake of the attack as the thief began to cash out over several days.
Meanwhile, WSM announced that they would be issuing a new token to replace the stolen tokens, and "renew[ing] the liquidity pool"... somehow.
- WSM exploiter wallets [archive]
- "Important Security Update", WallStreetMemes Medium [archive]