Transit Swap hacked for $21 million, hacker returns large portion

Transit Swap is a multi-chain decentralized exchange aggregator. Users of the project were collectively exploited for approximately $21 million when an attacker took advantage of a bug in the project's smart contract that allows arbitrary external calls. The attacker used this vulnerability to steal tokens that had been approved for swap by Transit Swap users. Amusingly, the hacker lost about $1 million of their ill-gotten funds to a MEV bot that was able to successfully front-run the swap.

Multiple cryptocurrency security companies collaborated to investigate the hack shortly after it occurred. Transit Swap announced that "through the joint efforts of the SlowMist security team, the Bitrace security team, the PeckShield security team, the TokenPocket team and the TransitFinance technical team, we now have a lot of valid information such as hacker's IP, email address, and associated on-chain addresses." They subsequently announced that the attacker had returned around 70% of the stolen funds ($14–$15 million).

NFT trading fantasy league emerges to provide traders with the "sweet adrenaline" of flipping NFTs that they're missing in the bear market

"Most of us are too poor to be spending the [ether] we have left on huge sweeps, but we still want that sweet adrenaline rush of flipping JPEGs" said Brian Krogsgard, co-founder of the Flip NFT platform, in a statement you would think might have raised a red flag or two in his own mind. Evidently NFT traders are now being pitched NFT trading fantasy leagues, where they will be able to paper trade NFTs without risking their real-life fake money. Unfortunately for the traders, the app uses actual NFT price data, so the huge NFT project bull runs that some traders experienced during the NFT mania of 2021 will likely not emerge here, either.

One misconfigured node apparently takes the entire Solana network offline

In the latest illustration of our marvelous new decentralized, resilient blockchain future, one single Solana node apparently was able to take down the entire Solana network. Solana outages are nothing new, and tend to end (as this one did) with Solana issuing instructions to the people who run their validators, asking them all to turn them off and on again.

A validator operator reported that "It appears a misconfigured node caused an unrecoverable partition in the network." It's a bit startling that, in a supposedly decentralized network, one single node can bring the entire network offline.

Elon Musk's texts reveal his ideas for a blockchain-based Twitter

Texts exposed in the discovery process during the Elon Musk v. Twitter lawsuit have exposed not just a number of high-profile people embarrassingly simping for Musk, but also Musk's ideas about Twitter-but-on-the-blockchain.

In a text sent to his brother, Musk wrote, "I have an idea for a blockchain social media system that does both payments and short text messages/links like twitter. You have to pay a tiny amount to register your message on the chain, which will cut out the vast majority of spam and bots. There is no throat to choke, so free speech is guaranteed." In another message, to the president of his Boring Company, Musk narrowed in on an amount: 0.1 Doge per tweet or retweet. At today's prices, at 0.1 Doge per tweet, 1¢ would buy you about 160 tweets.

Musk's idea that there is some magical amount of money that ordinary people are willing to pay to send out a tweet or a retweet, but that spammers are not willing to pay to spam, seems preposterous. And given that "free speech is guaranteed" and blockchains are immutable, he would really need to hope that he finds this amount, because otherwise there's going to be a lot of spam permanently stored on Web3 Twitter.

As with many of Musk's ideas, the idea for a blockchain-based "free speech" social network is not new. On one of the more popular such services, BitClout, the home page shows posts such as "are there actually real ppl here, or only 'marketing' and ai-generated art?" It costs $0.01 to create a profile or to begin a tutorial on how to use the site. Out of the list of ten top-ranked creators on the site, the top two (Elon Musk and Naval Ravikant) haven't even signed up yet, and another five haven't posted in months.

Musk appeared to later toss out his blockchain social network idea, though not for spam reasons: "Blockchain twitter isn't possible, as the bandwidth and latency requirements cannot be supported by a peer to peer network, unless those 'peers' are absolutely gigantic, thus defeating the purpose of a decentralised network".

MEV bot earns over $1 million in profit, loses almost $1.5 million in hack an hour later

MEV bots are a controversial category of bots who frontrun transactions in ways that are often detrimental to users. One such bot, known as 0xbadc0de, earned a windfall when a trader tried to sell 1.8 million cUSDC (USDC on the Compound protocol) – notionally worth $1.85 million – but only received $500 in assets in return due to low liquidity. The MEV bot, however, profited 800 ETH (~$1 million) from arbitrage trades surrounding the sale.

One hour later, a hacker exploited a vulnerability in the bad code of 0xbadc0de, which allowed them to withdraw all of the ETH in the contract: not just the ETH they'd recently earned in the huge trade, but all 1,101 ETH (~$1.5 million).

The bot operator subsequently sent a message to the thief via an Ethereum transaction, writing that if the thief returned the funds, they would give them 20% as a "bounty". Otherwise, they wrote, "we will have no choice but to pursue accordingly with everything in our power with the appropriate authorities to retrieve our funds". The thief replied by mimicking the message, writing, "What about normal people who you have mev'ed and literally fucked them? Will you return them?" and suggesting that if they returned all of the funds they'd extracted, the thief would pay them 1%.

Someone claims to have burned a Frida Kahlo drawing to "transition it into the Metaverse" as NFTs

a ghostly figure with enormous eyes intertwined with a giant fish, a broom, duck, bird, and other creatures against a green backdrop, with the phrase “Here are the sinister ghosts” scrawled across it.Fantasmones Siniestros (Sinister Ghosts) (attribution)
A businessman has published a video in which he burns a drawing that he claims is an original Frida Kahlo drawing worth more than $10 million—though its value and its authenticity have both been questioned. The entrepreneur created 10,000 NFTs from the drawing, which he's selling for 3 ETH (~$4,000) (reduced from the original 3.5 ETH/$4,700) for a hoped total of $40 million. He claims that in burning the artwork, he has "transitioned [it] into the Metaverse".

So far, the stunt has resulted in two NFTs being minted by outside parties, for total proceeds of 7 ETH (~$9,400) – not quite the millions the drawing allegedly cost the NFT project creator. Meanwhile, Mexican authorities have said they are investigating whether the businessman committed a crime in intentionally damaging an artistic monument.

Crypto executive exodus continues

The wave of crypto executives stepping down from their roles is continuing, after Genesis' CEO left the company and Michael Saylor gave up his CEO title (but stayed on as chairman) in August.

Now, Genesis' managing director has stepped down after five years. Kraken CEO Jesse Powell relinquished his title, planning to remain at the firm as a chairman. Alex Mashinsky has resigned as the CEO of Celsius Network in the midst of bankruptcy proceedings. And FTX US president Brett Harrison will also be stepping down.

Eight state regulators file enforcement actions against Nexo

Crypto lending service Nexo was hit with a barrage of cease-and-desist lawsuits from eight states: California, Vermont, Oklahoma, Kentucky, Washington, South Carolina, New York, and Maryland. Several of them also tacked on fines, with Washington levying a hefty $1 million against the company, and Maryland fining them $5,000 per violation.

Nexo had previously been warned to stop offering services in New York state and to register under securities regulations, but hadn't done so. Several states called into question Nexo's "real-time audit", which they describe as bogus. Kentucky also noted in their lawsuit that when the company's holdings of their own $NEXO token was taken out of the equation, the company appears to be insolvent.

Four NFTs valued at at least $150,000 stolen from Jason Falovitch

An illustration of a golden brown ape with closed eyes, biting its lower lipBored Ape #7779 (attribution)
Sports manager turned crypto entrepreneur Jason Falovitch is now perhaps best known for his influence in the NFT space. He co-founded the Leverage Game Media company along with Mark Cuban, a group that owns many NFT assets and helps promote NFT projects through their control of major sports social media pages. Falovitch also co-founded @NFT, a group of social media pages that earned a ban from Twitter in February after accusations that they promoted scammy NFT projects without proper disclosure.

On September 25, Falovitch tweeted "I got hackled last night on Opensea. Apes, doodles, eth. It's not pretty." Four NFTs had been stolen from his wallet — two Doodles, and a Mutant and Bored Ape – along with 6 ETH (~$7,750). The Mutant and Bored Apes were both resold, for 15.99 ETH (~$20,700) and 82.69 ETH (~$107,000) respectively. Factoring in Doodle floor prices, the hacker is looking at at least $150,000 in profit.

The loss, however, is larger for Falovitch, who spent ~$377,000 on the four NFTs based on the price of ETH at the times of purchase. Falovitch tweeted after the hack, "Now I’m over $1M hacked in ETH and NFTs." It's not clear if he's referring to other wallets he may control that were compromised, previous hacks he's suffered, or if he's massively overestimating the value of the stolen NFTs. He also tweeted that he discovered his car was broken into as he went to drive to the police department to report the NFT thefts.

Well-known crypto researcher zachxbt, who is known for helping victims of wallet hacks recover their assets, tweeted to Falovitch: "Karma for all of the people you rekt with the scams promoted on your Instagram page. Definitely won't be tracking this one."

IRS gets permission for summons to go after taxpayers who didn't report crypto transactions

The IRS was granted authorization to issue a "John Doe summons", which will require M.Y. Safra Bank to provide them with information on U.S. customers who may have failed to report taxable cryptocurrency transactions. This summons is specifically aimed at customers who used sFOX, a crypto broker that used M.Y. Safra Bank's services. The IRS was also previously authorized to serve a John Doe summons on sFOX directly.

The press release stated, "Based on its recent experiences with cryptocurrencies, the IRS has strong reason to believe that many virtual currency transactions are not being properly reported on tax returns."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.