Someone makes NFTs out of photographs from the Xinjiang Victims Database

A 3D rendering of a man, standing in a T-pose and pictured from above his head. The rendering itself is shown on what appears to be a polaroid-style photograph inside a black plastic sleeve with stickers on itMade in Uyghur NFT (blurring added by W3IGG) (attribution)
The Xinjiang Victims Database is a database that aims to collect records on ethnic minority citizens in China's Xinjiang Uyghur Autonomous Region who have been imprisoned in concentration camps as a part of the Uyghur genocide. According to the project, "The goal of this database consists in documenting the aforementioned individuals, so as to both protect them now and hold the Chinese authorities accountable later."

Someone apparently decided this was perfect material for an NFT project, which they named "Made In Uyghur". They took 100 images from the database, clumsily projected them onto 3D-rendered human models in a T-pose, and listed them for $25 apiece.

Upon becoming aware of the NFTs, the Xinjiang Victims Database updated their site licensing to CC BY-NC, a Creative Commons license that forbids commercial reuse. "Commercial use of the data, including images of victims, is not okay", they wrote on Twitter, "[Made In Uyghur] never contacted us about this".

"Saxon James Musk" token developer rug pulls for around $442,000

Who could have predicted that the shitcoin named after one of Elon Musk's 16-year-old sons could turn out to be a scam? Well, besides the people who fell for previous rug pulls of tokens based on the Musk family, such as Baby Elon coin in June or the Baby Musk Coin in February...

The project developer suddenly sold off their share of the coin for around 1355 WBNB (~$442,000), sending the coin price plummeting by more than 68% as a result.

Beanstalk Farms comes back for round two after $182 million exploit

The algorithmic stablecoin project Beanstalk Farms suffered a devastating hack in April 2022, suffering $182 million in losses from a governance attack and flash loan exploit on the project. The project tried a fundraiser to restore the stolen money, but only raised $10 million.

Now, Beanstalk is re-launching, saying they've made changes to their governance model and security practices, and have received audits from two major firms.

In June, the project creator stated that "The thing about a system like Beanstalk is that it works until it doesn't. You can never actually know if it works, only that it has worked so far."

Hacker compromises wallet of Steven Galanis, CEO of Cameo app, stealing $231,000

An illustration of an ape with grey-brown fur, with heavily lidded eyes, wearing 3D glasses and a togaBored Ape #9012 (attribution)
A hacker compromised the wallet belonging to Steven Galanis, the CEO of Cameo, an app that allows people to pay various celebrities to record short messages for them. The hacker took 9,457 ApeCoin (~$69,000), 2.3 ETH (~$3,900), a Bored Ape NFT, three Otherside land plots, and other various NFTs. The hacker then flipped the Bored Ape for 77 ETH (~$131,000), and the other NFTs for a combined 16 ETH (~$27,000).

Galanis wrote on Twitter that he "Just got my Apple ID hacked". Although he didn't offer more details on how he had determined iCloud was to blame, it's likely he's referring to an attack vector where MetaMask automatically backs up users' seed phrases to iCloud unless it's disabled, meaning that a hacker who successfully accesses a person's iCloud account can also compromise any of their MetaMask wallets. The same type of attack saw a user lose $650,000 in April, and brought wider attention to the app's behavior.

Researchers identify an attack strategy actively being used by the second-largest Ethereum mining pool to earn outsized mining rewards

Researchers from The Hebrew University have identified an attack on the consensus mechanism used by Ethereum which they describe as risk-free and which can used to "obtain consistently higher mining rewards compared to the honest protocol". They also identified that the attack was being actively used by F2Pool's Ethereum mining pool to attack other mining operations. F2Pool is the second-largest Ethereum mining pool.

By manipulating the timestamps of blocks to be added to the chain, a miner can replace other miners' main-chain blocks with their own blocks, obtaining the fees that would have gone to the other miners. The attack has been called an "Uncle Maker" attack because Ethereum refers to valid but not main-chain blocks as "uncles".

F2Pool co-founder Chun Wang responded on August 8 to the allegations against his mining pool, apparently acknowledging their behavior and suggesting that manipulating a vulnerability in a system is not a "blatant disregard [of] the rules" as the researchers had characterized it. He tweeted: "We respect the *consensus* as is. If you don't like the consensus, convince [Ethereum developer Tim Beiko] to send me another Announcement and change it." Quote-tweeting a tweet by the lead author of the paper who described F2Pool's technique, he wrote, "I can't stop appreciate this elegant implementation of what we've done over the past two years... A robust system must withstand all kind of tests."

India freezes assets of WazirX, Binance's Indian exchange

India's Enforcement Directorate froze $8.16 million of assets belonging to WazirX, a Binance-owned cryptocurrency exchange that is one of the largest exchanges in India. According to the ED, its action was a result of an investigation into WazirX allegedly laundering the proceeds of a crime by allowing it to be converted into cryptocurrencies.

The ED wrote in a press release, " ED found that large amounts of funds were diverted by the fintech companies to purchase crypto assets and then launder them abroad...(a) maximum amount of funds were diverted to WazirX exchange and the crypto assets so purchases have been diverted to unknown foreign wallets".

Ian Macalinao revealed to have pumped the total value locked on the Solana ecosystem by pretending to be 11 developers working on over a dozen projects

Ian Macalinao sitting in a folding chair and speaking into a microphone, gesturing at someone out of frameIan Macalinao (attribution)
CoinDesk revealed that eleven developers behind Solana projects including Sunny Aggregator and Cashio were all actually personas created by Ian Macalinao. Macalinao created the Saber protocol on Solana, and used his personas to build what appeared to be independent projects that all used Saber. In doing so, he was able to artificially inflate the apparent total value locked (TVL) on Solana by double-counting the same tokens. At their peak popularity, Saber and Sunny were responsible for the $7.5 billion of Solana's $10.5 billion TVL.

In an unpublished blog post where he confessed to his deception, he wrote, "I believe it contributed to the dramatic rise of SOL". He wrote the post shortly after one of his persona's projects, Cashio, was hacked for $52 million, but apparently shelved it.

Ian Macalinao's brother Dylan, the other co-founder of Saber protocol, aided in the scheme by lending credibility to Ian's various personas to those who had doubts about trusting money to projects led by pseudonymous individuals.

All told, Ian Macalinao was responsible for the Saber protocol, the Protagonist VC firm and incubator, and Ubeswap under his real name. He created Sunny Aggregator as Surya Khosla, Cashio as 0xGhostchain, Goki as Goki Rajesh, Quarry as Larry Jarry, TribecaDAO as Swaglioni, Crate as kiwipepper, aSOL as 0xAurelion, Arrow as oliver_code, Traction.Market as 0xIsaacNewton, Sencha as jjmatcha, and VenkoApp as ayyakovenko.

CoinGape and Binance publicize scam recovery address after Nomad hack

After the August 1 Nomad bridge exploit, Nomad created an address where people who took money out of the bridge could return it.

However, that was not the address that CoinGape published in their article titled "Breaking: Nomad Announces ENS Address And Bounty For Returning Funds" article, which was syndicated to Binance's news feed. Instead, they indicated that people should send funds to a different address, a scammer who had been sending on-chain messages to various people who took money out of Nomad during the exploit, asking they return it.

Although CoinGape removed the article fairly quickly, it remained live on Binance's site for over an hour. Fortunately, it doesn't appear anyone besides the writers have fallen for the scam, as no cryptocurrency has been sent to the address.

ZB crypto exchange exploited for more than $3.5 million

The self-described "world's most secure digital asset exchange", ZB, suffered an exploit in which attackers stole a large number of different cryptocurrencies, estimated by various researchers to be valued at around $3.6 million and $4.8 million.

ZB announced that they were suspending deposit and withdrawal services due to "sudden failure of some core applications".

Robinhood cites crypto market crash in decision to lay off 23% of employees

Stock and crypto trading app Robinhood announced they would be laying off 23% of their staff: 780 people. The layoffs followed a prior round of layoffs in April, which saw 9% of their staff (~342 people) out of jobs.

Robinhood CEO Vlad Tenev wrote, "Since that time, we have seen additional deterioration of the macro environment, with inflation at 40-year highs accompanied by a broad crypto market crash. This has further reduced customer trading activity and assets under custody. Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022."

The announcement came the same day that Robinhood was fined $30 million by the state of New York for insufficient anti-money laundering and cybersecurity protections in the crypto portions of their offering.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.