The scam was helped along by ben.eth, a Twitter personality who retweeted one of the tweets by the compromised account in which Aoki appeared to endorse a token created by ben.eth. According to crypto sleuth zachxbt, multiple followers of ben.eth were impacted by his retweet, which zachxbt characterized as "quote tweet[ing] a phishing scam posted by the compromised @steveaoki account for clout". Ben.eth ultimately promised to reimburse his fans who lost money thanks to his tweets.
Hackers steal around $170,000 after compromising Steve Aoki's Twitter account
Twitter account compromises remain a lucrative way to scam crypto enthusiasts. Someone was able to compromise the Twitter account belonging to electronic musician and crypto enthusiast Steve Aoki, posting a fake link to his NFT project that drained unsuspecting traders' wallets.
Transactions stuck on Multichain blockchain bridge due to "force majeure"
The Multichain blockchain bridge, formerly known as Anyswap, encountered an apparent issue as users' funds were delayed for over 24 hours in getting to their destination. Some reported delays since as far back as May 21. The delay was blamed on a backend upgrade "taking longer than expected". Multichain later tweeted that "some of the cross-chain routes are unavailable due to force majeure, and the time for service to resume is unknown". They also announced that they would compensate affected users.
Meanwhile, rumors swirled that the Multichain team had been arrested by Chinese police, though there doesn't seem to be much corroborating evidence of this.
The issues and the rumors sparked a drop in token price of around 30%. Several large parties also appeared to distance themselves from the project and its token, including the Fantom Foundation, which withdrew 449,740 MULTI (~$2.4 million) in liquidity on SushiSwap.
On May 31, Multichain issued a statement that "we are currently unable to contact CEO Zhaojun and obtain the necessary server access for maintenance", and wrote that even more bridges were being impacted by the same issues as in the previous week.
Morgan DF Fintoch likely exit scams for around $31 million
A Ponzi scheme called Morgan DF Fintoch lured consumers by claiming to be owned by the American banking giant Morgan Stanley. Morgan Stanley themselves warned of the scheme, writing that it was an impersonator, and that any claims of affiliation were false. The government of Singapore also issued a warning about the firm in early May. The company advertised a wallet which they claimed would "pay 1% per day,36% 30 Days and 100% in 63 days".
On May 23, crypto sleuth zachxbt tweeted that the project appeared to have executed their exit scam, bridging around 31.6 million Tether to various addresses. Platform users began to report that they could not withdraw funds.
Brand new $CS token exploited for almost $700,000
An attacker exploited the brand new $CS token for almost $700,000 using a flash loan exploit. They then swapped the funds into around 383 ETH ($689,400) and laundered them through Tornado Cash.
Tornado Cash DAO suffers hostile takeover
A proposal ostensibly to penalize cheating network participants in the Tornado Cash crypto tumbler project successfully passed by DAO vote. However, the proposer had added an extra function, which they subsequently used to obtain 1.2 million votes. Now that they have more than the ~700,000 legitimate Tornado Cash votes, they have full control of the project.
The attacker has already drained locked votes and sold some of the $TORN tokens, which are governance tokens that both entitle the holder to a vote but also were being traded for $5–$7 around the time of the attack. The attacker has since tumbled 360 ETH (~$655,300) through Tornado Cash to obscure its final destination. Meanwhile, $TORN plummeted in value more than 30% as the attacker dumped the tokens.
The attacker now has full control over the DAO, which according to crypto security researcher Sam Sun grants them the ability to withdraw all of the locked votes (as they did), drain all of the tokens in the governance contract, and "brick" (make permanently non-functional) the router.
Croatian cryptocurrency investment company BitLucky reportedly collapses; more than $75 million allegedly missing
Croatian company BitLucky told its customers that it would invest their money in cryptocurrencies, promising 5–25% monthly profits. However, its director Luka Burazer wrote an email to clients on May 19, explaining: "Dear clients, with a series of bad trades and decisions, unfortunately, I have brought the state of the company into a crisis situation. We will have more information in the following days". He and the company co-founder have since gone dark, turning off their cell phones, not replying to emails, and deleting their social media presence. According to Croatian news outlet Jutarnji list, a secretary for the company reached on the phone explained, "the director went crazy and spent all the money". The losses allegedly involve crypto assets notionally worth €70 million (~$75.7 million), and affect at least 700 individuals.
Some have expressed the opinion that BitLucky was a Ponzi scheme all along, given the unreasonable promises of 5–25% monthly returns. The editor of a crypto news outlet also expressed that "there was a 'line of [red] flags'", including that Burazer never wanted to appear in the media or have his picture shown online.
- "Najveća domaća kripto prevara? Riječanin klijentima uzeo 70 milijuna €. Upravo je u bijegu", Jutarnji list (in Croatian)
WDZD Swap exploited for $1.1 million
On May 19, an attacker successfully exploited the BNB Chain-based defi project WDZD Swap, making off with 609 Binance-Pegged ETH (~$1.1 million). The attack was apparently executed by a known exploiter, who had also previously exploited a project called Swap X.
- "DeFi protocol WDZD Swap exploited for $1.1M: CertiK", CoinTelegraph
Around $110 million "stuck" in Aave protocol on Polygon due to a bug that can't be fixed for a week
Recently, the Aave protocol deployed a contract upgrade on the Polygon version of their v2 project that was not compatible with Polygon. The bug has resulted in around $110 million of funds in wETH, wBTC, USDT, and wMATIC being "stuck", meaning users can't perform any actions involving those funds.
The funds are not at risk, but it will take at least a week before the funds are unstuck because any code change requires a DAO vote. "Considering governance times, if approved, the fix will be applied in approximately 7 days from now: 1 day of delay to start voting, 3 days of voting, 1 day of timelock on Ethereum, and 2 extra days of timelock on Polygon," explained a post by Bored Ghost Developing, a contributor to Aave.
Phishing-as-a-service company "Inferno Drainer" steals assets nominally worth $5.9 million in three months
A scam-as-a-service company identified by ScamSniffer and dubbed "Inferno Drainer" has stolen assets nominally worth around $5.9 million since mid-February. The vendor sells phishing scam software that is then used by phishers to target victims, who believe that they are interacting with an established crypto project. Inferno Drainer takes 20–30% of the stolen funds as "payment" for the scam software.
One Inferno Drainer victim lost assets worth around $417,000. They later sent an on-chain message to the thief, writing: "you are ruining my life and for me this money was a lifetime's work, I won't have enough my family..." They asked the attacker to return 50% of the funds stolen from them, offering to not report the scammer to Interpol and other authorities in return, and even offering to "sign a contract allowing you to use legally the stolen crypto".
Grumpy Cat trademark owner sends cease and desist via NFT over unauthorized "Grumpy Cat Coin"
A Grumpy Cat Coin memecoin emerged in May, with a website using illustrations of the late real-life Grumpy Cat to promote the coin. Crypto influencers, including the "SlumDoge Millionaire", jumped on board to promote the token. (The "SlumDoge Millionaire" is Glauber Contessoto, a person who briefly became a paper millionaire from, as he claims, emptying his bank account, selling all his stocks, and maxing out credit cards to buy 5 million Dogecoin during the 2021 crypto frenzy. His holdings spiked to over $1 million in value, but he didn't cash out; they are now priced at around $365,000.)
However, Grumpy Cat's owner owns trademarks associated with Grumpy Cat, and it seems she has become aware of the coin. On May 18, she minted an NFT and transferred it to the Grumpy Cat Coin deployer address. The NFT image is a copy of a cease and desist letter representing Grumpy Cat Limited. The letter describes the coin offering as a "blatant and willful infringement of our client's trademark rights", and insists that the coin creators stop all activities related to the coin offering or face legal action. The letter also mentioned that the URL of the project website — grumpycat.fyi — was a violation of the Anti-Cybersquatting Consumer Protection Act. The project subsequently changed its domain to gccoin.fyi in an apparent effort to avoid this issue.
Simultaneously, a message addressed to holders of the Grumpy Cat Coin was posted to Grumpy Cat's Twitter account, describing the token as a "desperate, sad attempt to scam unwitting traders" by "SlumDoge Millionaire and their cohorts".