After user backlash over a cumulative $550,000 in funds that were inaccessible to people who hadn't heard about the breaking change, Starkware re-enabled the ability for people to upgrade their wallets – leading some to question why it was ever disabled in the first place if it could be trivially re-enabled to prevent the loss of half a million in assets.
Starknet upgrade leaves $550,000 inaccessible
"The wallets that did not upgrade in time will lose their assets," a StarkWare customer support representative said on Discord to an individual inquiring why they could no longer access their cryptocurrency. The company had been urging users to upgrade their wallet software for months, but not everyone expected they might lose access to funds if they weren't carefully monitoring their wallet software's social media channels.
Blockchain gaming streamer loses life savings after exposing private key on stream
Brazilian blockchain gaming streamer Fraternidade Crypto says he lost his life savings after accidentally exposing his crypto wallet seed phrase during a livestream pertaining to Bitcoin and blockchain games. Presumably not realizing it was on the same screen he was streaming, he opened a text file containing a password for a gaming account so he could log into it. However, the file also contained his MetaMask private key, which was displayed to the roughly 70 viewers of the stream.
Apparently realizing his mistake, Fraternidade Crypto ended the stream, and says he tried to relocate the crypto to a new wallet. It was too late, however, and someone watching had already taken the around 86,000 MATIC (~$50,000) and various NFTs in the wallet.
Fraternidade Crypto posted an emotional video after the fact, explaining that the stolen funds were his life savings. He said he planned to file a police report, and also offered a reward for the return of the funds.
Fortunately, he was able to recover the stolen MATIC, though he says he has not been able to recover the NFTs, which have "incalculable value as they are NFTs, estimated value of approximately 15k dollars still lost".
Impact Theory to pay $6.1 million for unregistered NFT offering in an SEC first
Entertainment company Impact Theory has agreed to a $6.1 million payment to settle charges from the SEC that its sales of its "Founder's Keys" NFTs constituted an unregistered crypto asset securities offering. This is the first time the SEC has taken action against issuers of NFTs as unregistered securities offerings.
As a part of the agreement, Impact will destroy all remaining Founder's Keys NFTs, forgo royalties from future secondary sales, and publish a notice of the order on its websites and social media.
Founder's Keys in the rarest tier have recently sold for $1,500 apiece, and promised to give their holders access to Impact Theory's self-help content, which supposedly taught viewers how to "unlock their potential and pursue greatness". According to the SEC, the company encouraged holders to view the tokens as an investment into the business.
Clockwork project to shut down due to "limited commercial upside"
A year after raising $4 million in a seed round joined by Multicoin Capital, Solana Ventures, and Asymmetric, Clockwork co-founder Nick Garfield announced that the Solana-based automation platform would be shutting down. He wrote, "Ultimately the reason we are stepping away now is simple opportunity cost. We admittedly see limited commercial upside in continuing to develop the protocol, and have a growing personal interest to explore new opportunities."
A user asked what would happen to remaining seed money, if any, in a Twitter reply. Garfield answered that they "still have a meaningful portion of our seed funding" but that he hadn't decided what to do with it.
Balancer drained of over $2 million following vulnerability warning
After warning users several days prior that a critical vulnerability had been discovered in their protocol, the Balancer defi project has been drained of around more than $2.1 million in a series of exploits apparently taking advantage of the bug.
Balancer acknowledged the hack, writing on Twitter that "Balancer is aware of an exploit related to the vulnerability [disclosed on August 22]. Mitigation procedures have drastically reduced risks, but [we] are unable to pause affected pools." They reiterated that users needed to withdraw funds from affected liquidity pools to prevent further thefts.
The blockchain researcher known on Twitter as MevRefund questioned why Balancer didn't execute a whitehat attack on their own protocol to try to safeguard the vulnerable funds.
NFT collector SOL Big Brain loses around $1.5 million to phishing scam
The NFT collector SOL Big Brain lost around $1.5 million in ETH, stablecoins, and the Gearbox token after being targeted in a phishing scam. The attacker apparently compromised a Telegram account belonging to a founder of a portfolio company, then used it to message SOL Big Brain to ask him to claim his vested tokens. SOL Big Brain double checked that the sender was indeed the founder of the company, and did as he was instructed.
However, the attacker had set up a contract which used permit phishing to drain SOL Big Brain's wallet. He lost $740,000 in stablecoins, $550,000 in ETH, and another $200,000 in the GEAR token.
"Today is a bad day," wrote SOL Big Brain on Twitter.
Magnate Finance rug pulls for over $5.2 million
Magnate Finance, a lending protocol built on the new Base layer-2 blockchain, rug pulled within hours of a warning from crypto sleuth zachxbt. Zachxbt had discovered that a wallet address used by Magnate Finance was directly linked to Solfire Finance, a project that rug pulled for almost $5 million in January 2022. He warned his followers in a tweet that the project "will likely exit scam in the near future."
Sure enough, within an hour of zachxbt's tweet, the project drained $5.2 million from the protocol and deleted its website and Telegram group.
According to zachxbt, the project also shared on-chain links to the March 2023 Kokomo Finance rug pull, which saw its perpetrators profit around $4.5 million.
Members of $PEPE team allegedly dump $16.9 million worth of tokens
Holders of the $PEPE memecoin sold en masse after the PEPE multisig wallet transferred more than 16 trillion $PEPE (~$16.9 million) to crypto exchanges. Although the multisig previously required five of eight signatories to approve transactions, just before the massive transfer, the multisig was changed to require only two of eight signatures — a much lower level of security.
The transfers and change to the multisig sparked fears that the project was rug pulling, or had been hacked. This led to a massive $PEPE sell-off, with the token plunging around 17%.
A day after the transfers, a PEPE team member posted on the project's Twitter account, alleging that the transfers were indeed theft by three of the project's other team members.
U.S. Drug Enforcement Administration sends over $50,000 to a scammer
After seizing a little more than $500,000 in the Tether stablecoin from two accounts it believed were involved in illegal narcotics sales, the DEA mistakenly sent $50,000 of the seized funds to an enterprising scammer.
Someone observed the DEA wallet send a small test transaction before transferring the remaining seized funds, and quickly used a crypto wallet address with identical characters at the beginning and end to send an airdrop to the DEA source wallet. When the DEA agent went to send the remaining funds, they copied-and-pasted the address, believing it was the same one they'd sent the test transaction to. This is a common scam in the crypto world known as "address poisoning", and is successful primarily because crypto wallet addresses are very long strings of characters that people usually copy-and-paste, and only identify by the characters at the start and end.
Upon discovering that they'd been duped, the DEA contacted Tether to ask them to freeze the funds. However, by that time, the scammer had already converted the money into ETH, which couldn't be frozen. The DEA is now working with the FBI to try to trace the theft.
Former New Jersey prison guard charged by SEC over crypto pump-and-dump scheme targeted at cops
John DeSalvo, a former New Jersey corrections officer, was charged by the SEC over a pump-and-dump scheme associated with his "Blazar" token, a project he targeted at fellow law enforcement. With promises that the Blazar token would "guaranteed minimum 100X your money", DeSalvo convinced around 222 investors to pour in at least $623,888. He also made other false statements, including that the token was registered with the SEC, and that he had devised a way for people to take payroll deductions that would automatically be used to purchase the token.
Rather than "100x-ing", the token immediately plummeted when DeSalvo sold his ~41 billion Blazar tokens. DeSalvo is accused of using his profits from the scheme to speculate on other crypto tokens, pay for personal expenses, and reimburse one investor who threatened legal action.
DeSalvo is also being charged over a separate investment scheme he operated, where he solicited investments on Facebook, promising to use his claimed trading expertise to earn massive returns. The SEC alleges he lost most of the money in bad investments, and stole the rest for himself, blaming the losses on market movements.