...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
A trader apparently trying to bid $100 for one of the NFTs seems to have mistakenly entered 100 ETH, or around $190,000. The trade was of course quickly accepted by a seller who made a tidy 1666x the typical floor price.
Some have speculated the massive offer was money laundering, but the fact that the bid was an open offer that could be accepted by anyone seems to make that theory less likely.
The attacker apparently took advantage of a re-entrancy vulnerability to execute the theft, then swapped the tokens and bridged them to the Ethereum main chain.
Sentiment tweeted that they were aware of the attack and investigating what had happened. They also stated that they were working with law enforcement. Later that evening, they sent a message to the hacker, offering to let them keep 10% of the stolen funds as a bounty if they returned the rest. Sentiment was audited by two crypto security firms.
On April 6, Sentiment announced that the exploiter had returned 90% of the funds, keeping $95,000 and receiving a promise from the organization that they would not try to prosecute the theft.
Youssef was vague as to the reasons for the closure, writing that "While I cannot share the full story now, I can say that we unfortunately have had some key staff departures. Also, regulatory challenges for the industry continue to grow, especially in the peer-to-peer market and most heavily in the U.S."
Youssef later elaborated in a Twitter Space, explaining that he feared for the safety of user funds because of a lawsuit from his co-founder, who he also accused of "[driving] away all of our senior level staff".
Some had trouble withdrawing funds from the platform, though this seemed to be due to the overload. Youssef tweeted, "Paxful database is a bit overloaded now as everyone is withdrawing funds. It is making transfers slow. I promise funds r safe and they will clear soon".
On May 8, Paxful came back online, though it was unclear whether or in what capacity the business would continue to operate going forward.
Cobie decided he wanted to make a record of his prediction, so he tweeted the SHA-256 hash of the string "Interpol Red Notice for CZ". Typically, this would allow him to later reveal the seed, allowing him to prove after the fact that he had indeed made a correct prediction. Why? I don't know. Bragging rights I guess?
Anyway, according to Cobie, one of Cobie's inner circle leaked the seed, and the contents of Cobie's prediction were widely circulated on Twitter. Some thought the prediction was inside knowledge of events that had already transpired. Someone else began circulating a doctored screenshot of the Interpol website, purporting to show a red notice. People began offloading their BNB tokens (the native token for Binance and Binance's blockchain), causing a sudden 3% dip in the token price. Bitcoin also fell on the news.
MEV bots are a phenomenon that became popular in recent times: bots that use various techniques to extract value by inspecting pending blockchain transactions and then sending advantageous transactions of their own. In this case, a bot was performing a "sandwich attack": sending transactions just before and just after a pending transaction, which manipulate the price of the underlying asset, allowing the bot operator to "steal" value from the victim — "steal" in quotes, because there is some debate over whether MEV bots are really stealing, or are operating within the rules laid out for them.
In order to manipulate prices in this way, they have to put a substantial amount of money at risk. A "rogue" Ethereum validator appeared to replace some of the transactions that were being executed by the bot, leading to a loss of WBTC, USDT, Dai, and WETH totaling a bit over $25 million.
The vote, which still has a day left before completion, is currently standing at 75% against and 25% in support. However, it was discovered that Arbitrum had already begun spending those 750 million tokens, including via the movement of a substantial amount of tokens, and "conversion of some funds into stablecoins for operational purposes".
Another Arbitrum team member subsequently published a post in which they claimed that the proposal was not really a vote but rather a "ratification" of decisions that had already been made by the Arbitrum team, leading many to question what the DAO was even for in the first place. Others questioned the fact that Arbitrum was receiving so much money to use however they liked, not subject to DAO approval.
Things got even messier when the Arbitrum Twitter account "clarified" that "40M $ARB tokens have been allocated as a loan to a sophisticated actor in the financial markets space", and the rest had been sold off for "operational costs". The loan of $52 million worth of ARB to an unnamed actor and the conversion of another $13 million to stablecoins led some to accuse the Arbitrum team of "selling off", cashing in far more than would likely be required for foundation costs in a brief period of time.
In April, four employees filed a lawsuit against the company, claiming around CAD$519,000 in unpaid wages.
Allbridge announced that they were investigating the theft, and were working with law enforcement. Meanwhile, the project suspended operations and announced that they were preparing a user compensation plan.
In October 2022, Bittrex was fined a combined $29 million by the US Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN). The OFAC fine pertained to Bittrex's service of users based in Crimea, Cuba, Iran, Sudan, and Syria, who altogether performed $263 million in transactions using the platform. FinCEN's fine was imposed as a result of alleged "willful violations" of requirements around anti-money laundering and suspicious activity reports.
Bittrex will continue operations outside of the US, and currently operate in Europe, South America, and elsewhere.
However, the airdrop had a bumpy start, with scammers latching on to the event to proliferate fake airdrop websites. Phishers reportedly scammed more than 10,000 people using these schemes. At one point, Twitter even suspended the real Arbitrum Twitter account after mistaking it for one of the many phishing accounts. Attackers also compromised a Discord account belonging to an Arbitrum developer, using it to post a phishing link to the official Arbitrum Discord server.
Then, when the time for the airdrop came, the token claiming website crashed on the traffic, as did the Arbitrum block explorer. Those who were able to claim their tokens paid exorbitant gas fees, and some wallets attempting to estimate required gas fees malfunctioned, showing estimates in the billions of dollars.
Finally, the airdrop was widely gamed by people commandeering hacked vanity addresses to receive the airdrop tokens allocated to them, with at least $500,000 worth of tokens reportedly claimed by one attacker. Other attackers scrambled to compete with one another to claim tokens allocated to compromised wallets whose private keys had been shared publicly on Github and elsewhere, trying to be the first to siphon the funds. Two additional exploiters siphoned a combined total of more than 1 million ARB tokens from other wallets. One sold them for 713 ETH ($1.27 million); the other transferred the ARB tokens to other wallets.
No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.
