Thousands lose money to iEarn Bot crypto scam

According to a report by the BBC, a scam called iEarn Bot has impacted thousands of victims across multiple countries. In the scam, victims are convinced to sign up for an "AI intelligent quantitative trading robot" called iEarn Bot, which appears to successfully trade cryptocurrencies on their behalf. However, after a time, victims realize they are not able to withdraw their supposed earnings, nor the funds they've put in.

According to the BBC, dozens of high-profile individuals in Romania, including members of the government and academics, lost money to the scam after it was promoted by technology expert Gabriel Garais — who also says he lost money in the scheme.

iEarn Bot claims to be a US-based company, although its website is full of false information. The person named as the company's founder told the BBC he has nothing to do with the scheme, and companies and institutions listed as "strategic partners" say there is no such partnership.

The BBC identified one cryptocurrency wallet that received payments from around 13,000 others totaling nearly $1.3 million.

Thwarted hacker asks security firm to reimburse gas fees

File this one under "the audacity".

On March 17, blockchain security company BlockSec observed an attacker trying to exploit a vulnerability in the NFT lending project Paraspace. Although they had successfully identified a vulnerability that could have allowed them to steal 2,900 ETH (a bit over $5 million), their attempt to execute the hack failed because they didn't correctly estimate what it would cost them in gas fees.

After observing the attempt, BlockSec executed a whitehat rescue, where they successfully executed the same attack to remove the funds from Paraspace and secure them until they could return them to the project team.

Incredibly, the exploiter sent an on-chain message to BlockSec: "hey man, I am the one who made the contract you just copied, I couldn't make it work for a stupid gas estimation error. since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck". Altogether, the would-be attacker spent around 0.7 ETH (~$1,200) on gas fees while trying to pull off the hack.

International group of law enforcement agencies shuts down down ChipMixer

Law enforcement from the United States, Germany, and the European Union worked together to take down the ChipMixer cryptocurrency tumbler, which they allege had been used to launder $3 billion since 2017 related to "ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes". The US Department of Justice also charged an individual with money laundering, operating an unlicensed money transmitting business, and identity theft in connection with the project.

According to the US DOJ, ChipMixer had been used to process, among other things, proceeds of the massive March 2022 Axie Infinity hack by a North Korean cybercrime group.

US law enforcement seized two domains and a Github account tied to the organization, and German law enforcement seized ChipMixer's back-end servers and $46 million in cryptocurrency.

Phishers take advantage of fears surrounding the USDC de-peg

When USDC deviated from its dollar peg on March 10, phishers were quick to devise a scheme to take advantage of holders' fears. A group launched a website appearing to be the blog belonging to Circle, the company that backs USDC. On the fake blog, they announced a supposed defi exchange where users would be able to exchange their USDC for stablecoins like Tether.

Holders trying to use the exchange approved transactions which they didn't realize allowed the phishers to drain their ETH. So far, the scammers have stolen around 74 ETH ($130,500).

Over $35 million lost as contagion from Euler hack spreads throughout defi

Contagion from the massive exploit of the Euler project has spread to around a dozen defi projects, including Balancer, Angle Protocol, Yearn Finance, InverseFinance, and others. Some are still evaluating if and how they may be affected, and how much they've lost.

Around $11.9 million of tokens were sent from the Balancer defi liqiuidity project to Euler during the attack, prompting Balancer to pause the project.

The Angle Protocol decentralized stablecoin project also disclosed that almost half of the total value locked in the project — around $17.6 million in the USDC stablecoin — were sent to Euler during the hack.

Meta pulls the plug on NFTs

In a Twitter thread, Meta (formerly Facebook) Head of Commerce and Fintech Stephane Kasriel announced that they would be "down digital collectibles (NFTs) for now to focus on other ways to support creators, people, and businesses". Meta had only launched its support for NFTs in Facebook and Instagram partway through last year — a bit late to the NFT craze, which had largely cooled by that point.

Mark Zuckerberg had once talked about eventually using NFTs for Meta's metaverse projects, suggesting that eventually "the clothing that your avatar is wearing in the metaverse, you know, [could] be basically minted as an NFT and you can take it between your different places". It sounds like that plan may no longer be on the table now.

Euler Finance exploited for almost $200 million

The decentralized lending platform Euler Finance suffered a flash loan attack in which an exploiter stole $197 million from the project. The attacker stole $8.7 million in the Dai stablecoin, $18.5 million in wrapped Bitcoin, $135.8 million in Lido staked Ethereum (stETH), and $33.8 million in the USDC stablecoin. Although Euler was well known for its many code audits, the project had later added a vulnerable function that had not been as heavily audited.

Euler announced that they were aware of the exploit, and were "working with security professionals and law enforcement".

Regulators shut down crypto-friendly Signature Bank

Two days after the collapse of Silicon Valley Bank and four days after the collapse of Silvergate Bank, the New York Department of Financial Services announced they had taken possession of Signature Bank, a New York-based bank that was a major bank partner for cryptocurrency companies. The bank was placed into receivership with the Federal Deposit Insurance Corporation (FDIC). According to a Signature board member, a bank run of billions of dollars began on Friday after the seizure of Silicon Valley Bank.

A joint statement from federal regulators announced that "All depositors of this institution will be made whole... no losses will be borne by the taxpayer. Shareholders and certain unsecured debtholders will not be protected. Senior management has also been removed."

The shutdown of Signature and the collapse of Silvergate leave many companies in the crypto industry without much access to the US banking system.

PeopleDAO loses $120,000 after payment spreadsheet is shared publicly

PeopleDAO is the successor to ConstitutionDAO, a group that made an ill-fated attempt to buy a copy of the US Constitution in November 2021. When the accounting lead for PeopleDAO accidentally shared an editable accounting spreadsheet link in a public Discord channel, an enterprising member of the Discord decided to take advantage. They inserted a row with their own wallet address for a 76 ETH (~$120,000) payment, then hid the row so it wouldn't display to the other viewers.

When team leads reviewed the spreadsheet to sign off on the payments, they didn't see the row, and there was no rollup showing total payments or anything else that would've helped them catch the malicious activity. The transactions were uploaded to a tool allowing asset transfers via CSV, and the required six out of nine multisig members approved the transaction.

PeopleDAO have reported that they're working with various security researchers to track the funds, and have reported the theft to the FBI and FTC.

USDC loses peg to the dollar

The major stablecoin USDC lost its peg to the US dollar on March 10. Earlier that day, the collapse of the Silicon Valley Bank sent shockwaves through the financial system, and some in crypto were concerned about possible contagion to crypto companies. In particular, it was known that some of Circle's cash reserves backing USDC were stored at SVB, but it wasn't clear quite how much. After some delay, Circle disclosed that $3.3 billion of their roughly $10 billion in cash reserves were stored with SVB.

That evening, Coinbase announced they would be pausing USDC redemptions for dollars until the following Monday, claiming it was only because in times of high volume, they needed to process transfers via the traditional banking system. Despite their stated reason, this deepened fears about the stability of USDC, which is supported in part by Coinbase.

The price of USDC began to wobble on smaller, less liquid exchanges like Gemini and Kraken before the issue was reflected more widely. However, most exchanges were showing USDC trading at prices between $0.90 and $0.98 later that night — a noticeable departure from USDC's normally fairly steady peg.

A sustained de-peg would wreak havoc on the crypto industry, where USDC is the second largest stablecoin and boasted a $43 billion market cap (at least before substantial outflows surrounding the SVB concern). Other stablecoins even have exposure to USDC, with both FRAX and DAI using USDC for significant portions of their collateral.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.