The firm had attempted to keep up appearances that all was well, spending lavishly and even opening new offices several weeks before entering bankruptcy. However, it turns out that employee pension contributions had not been being paid since early summer. Employee salaries had not been paid since October.
- "Pleite von Zuger Krypto-Startup: PK, AHV, Löhne offen", Inside Paradeplatz (in German)
"This tool really helped me unload those embarrassing early NFT Hype investments. Should shave about $1000 off my tax bill", a supposed user writes in a testimonial blurb on the site (although the testimonials appear to be faked).
Perhaps someone has finally found a viable crypto business model after all.
Wallets linked to Sam Bankman-Fried's Alameda Research unexpectedly begin selling off $1.7 million in tokens
Altogether, an estimated $1.7 million was moved through various services to obfuscate the flow of funds.
3Commas did not come off looking very good after this incident, after they spent weeks denying any breach and accusing those who were concerned 3Commas had been compromised of spreading misinformation and "FUD".
Researcher zachxbt wrote that he had verified 44 victims who had lost a combined $14.8 million due to the leak, although he acknowledged that this was only the number of people he could verify and that the total number of people affected was likely much higher.
Users with assets on the platform will see a significant haircut in what they are allowed to withdraw. Midas intends to keep 55% of the Bitcoin, ETH, or stablecoins held by users in their accounts, as well as any rewards users had earned.
Lest the users be too upset that more than half of their assets no longer belong to them, fear not: Midas will be making up the difference in a new, valueless token that does not yet exist, but that will be associated with some future project that Midas has not described yet. You're welcome!
They've also announced they will be pivoting to "CeDeFi". Yes, that is indeed short for "centralized decentralized finance". No, I am not joking.
It quickly became apparent that a man named Avraham Eisenberg was behind the exploit. In screenshots leaked from a conversation in a private Discord channel shortly before the attack, Eisenberg talked about the exploit he had planned. "I'm investigating a platform that could maybe lead to a 9 figure payday. Should I do it?" he wrote. When someone replied, "unles[s] it is highly illegal", Eisenberg responded: "Are there rules these days?" When someone suggested responsibly disclosing the vulnerability to the protocol, Eisenberg refused, saying the bug bounty was likely to be too small.
Eisenberg later owned up to the attack, tweeting a thread in which he wrote that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are."
The feds apparently disagreed with his evaluation, and arrested Eisenberg in Puerto Rico on December 26. He is charged with commodities fraud and commodities manipulation.
BTC.com is the seventh largest Bitcoin mining pool, which also operates other crypto mining services. Its parent company, BIT Mining, is publicly traded on the NSYE.
- "Bitcoin mining pool BTC.com reports $3M cyberattack", Cointelegraph
- "BIT Mining Limited Subsidiary Experiences Cyberattack", press release
BitKeep has claimed that attackers were able to compromise a version of their software and introduce malicious code which enabled them to drain user funds. BitKeep recommended their users contact the team behind BNB Chain on social media to plead with them to freeze an address used by the hackers, although the attackers had already begun to tumble the funds.
This is the second BitKeep-related hack in the last few months. In October, hackers stole more than $1 million worth of BNB when the Swap feature of the BitKeep wallet was exploited.
Rubic paused their project to limit further thefts, and stated they would pursue audits before coming back online. They also stated that they would "strive to compensate for the losses".
Now, Hong Kong police have arrested Liang Haoming and Thor Chan, two executives connected to AAX. Police have reportedly accused the men of using the maintenance excuse to halt customer withdrawals while dealing with a liquidity crisis.
- "2 executives of crypto exchange AAX arrested in Hong Kong: Report", CoinTelegraph
- "虛擬貨幣交易平台AAX倒閉 警拘兩男涉欺詐 主腦捲2.3億潛逃海外", 香港01 (in Chinese)