DOJ charges two founders of Tornado Cash, arrests one

A year after the Department of Treasury added Tornado Cash to the OFAC sanctions list, the DOJ has come in to charge the service's two founders with conspiracy charges involving money laundering, sanctions violations, and operating an unlicensed money transmitter. The Feds arrested Roman Storm, a U.S. national; Russian co-founder Roman Semenov is "at large".

The Feds claim that the two founders knew Tornado Cash was widely being used to launder hundreds of millions of dollars by North Korea, but "turned a blind eye" and claimed to be complaint with sanctions laws. They also state that they refused to implement anti-money laundering and KYC programs, as is required of money transmitting services.

These charges are likely to be controversial — as has been the sanctioning of Tornado Cash — among crypto advocates and others, as they run up against thorny First Amendment questions and conflicting ideas about who, if anyone, is liable for running decentralized services.

Users pull $150 million in funds from Balancer protocol within hours after reports of a critical vulnerability

Balancer, a popular Ethereum-based defi protocol, has warned users that they should withdraw funds from vulnerable pools on the project after receiving a report of a critical vulnerability. No funds have been lost thus far, and the project has pools that could be impacted, though not all pools can be paused. Because of the nature of crypto projects, Balancer can't simply patch the vulnerability, and is now having to urge users to withdraw their liquidity as soon as possible.

Balancer had around $850 million TVL prior to the announcement. Since revealing the issue, users have removed more than $150 million in assets from the project. Balancer has stated that "only 1.4% of the total TVL is at risk", though 1.4% of $850 million would still be a sizeable $12 million windfall for any potential exploiter.

Victim loses $900,000 to Google Ad phishing

Google Ad phishing is the practice of taking out a Google advertisement to promote a malicious website impersonating a legitimate project. By taking out the ad, the result is pushed to the top of the search results page, tricking unsuspecting victims into believing it's a legitimate search result.

On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.

Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".

SEC cracks down on Titan crypto investment manager for advertising 2,700% returns

Titan Global Capital Management, an investment advisory firm, has been charged by the SEC for violations of securities laws, including misrepresenting potential investment performance, making misleading disclosures pertaining to crypto custody, failing to impose limits on employees' crypto trades, and more.

Titan advertised "annualized" performance results of up to 2,700% on its Titan Crypto trading strategy, which the SEC says was misleading because it failed to include material information about how the performance was calculated. Titan had based the calculation on three weeks of performance, assuming it would continue for a full year.

Titan has agreed to a cease-and-desist order, censure, and over a million in disgorgement and penalties.

Harbor Protocol exploited

The "interchain stablecoin protocol" Harbor announced on August 19 that they had experienced an exploit that drained some of the funds in the project pools. They wrote on Twitter that they were "working hard to estimate the total losses incurred as well as investigate the exploiter(s) and trace the funds."

According to data on DefiLlama, TVL on the project dropped from around $370,000 to only $81,000. The TVL was already significantly down from the project's peak of almost $1.5 million.

Crypto founder loses over $250,000 to crypto scam

Bryan Lawrence, the leader of a crypto project called Glow Token, recently shared that he'd fallen victim to scammers impersonating employees of the Crypto.com exchange. Lawrence said that scammers promised to list Glow Token's FLARE token in exchange for more than $250,000 in "security deposits". Crypto.com later contacted Lawrence, asking him to stop falsely claiming that his token would be listed on Crypto.com, and alerting him to the apparent scam.

Lawrence is now suing Crypto.com, although this may be challenging given they apparently weren't behind the scam. Lawrence has also said that he has sold his house to pay for legal costs.

Recur NFT platform shuts down after $50 million Series A

In September 2021, the Recur NFT platform announced it had raised $50 million in a Series A funding round that saw the startup valued at $333 million.

In December 2021, the company offered $300 "Recur Passes", which promised holders early access to NFT drops and other perks. One of them resold for $88,888 in February 2022.

Now, Recur has announced they will be closing up shop, and warned users to migrate their assets away from the platform in advance of a November shutdown. The company cited "unforeseen challenges and shifts in the business landscape".

As for the Recur Passes, they're currently selling for somewhere between $7 and $11.

Terra website hijacked by phisher

Despite the catastrophic Terra/Luna collapse in May 2022, the Terra blockchain is still up and running. On August 19, the official Twitter account for the Terra project tweeted that the project's website had been hijacked, and was being used by a phisher to try to obtain access to users' wallets. When the website is opened, it prompts visitors to connect their wallets, which then allows the phishers to drain funds.

Despite a tweet on August 19 that "sites are coming back online", and a developer stating that they were "mostly back in control", the website apparently remained compromised for several days. The project reiterated via tweet on August 20 that the website was still not safe to use.

It's unclear how much was stolen as a result of the hijacking.

Exactly Protocol hacked for at least $12 million

The Exactly Protocol, an attempt to "decentralize the credit market" built on the Optimism layer-2 network, was exploited. The protocol announced a pause to investigate a security issue, after they were alerted to suspicious transactions.

An attacker has siphoned more than 7,160 ETH (~$12 million) from the project, which they've bridged back to the Ethereum main chain. The Exactly Protocol's TVL plunged from $37 million to under $12 million following the attack.

Exactly writes on their website that they had been audited by four different firms: Chainsafe, Coinspect, ABDK, and Cryptecon.

Fed issues cease and desist to FTX-connected Farmington State Bank

A small building with "BANK" written over the doorFarmington State Bank (attribution)
Farmington State Bank, also known as Moonstone Bank, is a tiny Washington state bank that drew scrutiny after the FTX collapse for receiving an outsized investment from the firm. The investment appeared to be an attempt by FTX to gain control of a US bank, and raised questions over how the purchase was approved by federal regulators.

Now, the Federal Reserve Board has issued a cease and desist to Farmington State/Moonstone, claiming they have violated the commitments they made while going through the approval process. Despite promises not to do so, the bank engaged in digital asset activity, reportedly working with stablecoin issuers.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.