"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.
Trip.com accused of "rug pull" as it shuts down its Trekki NFTs
Travel company Trip.com has some perturbed crypto holders on its hands, after shutting down the "Trekki" NFT project it launched in June 2023. The company's dolphin-themed NFTs had come with a roadmap that promised eventual staking features, "travel to grow" and "travel to earn" mechanisms, and other developments, which have been cancelled. However, Trip.com promised that its discount coupon functionality would remain.
Users of LI.FI protocol suffer losses of at least $10 million
Users of the cross-chain swapping API LI.FI Protocol, and of projects that build on top of it, suffered wallet drains amounting to at least $10 million (and counting). An attacker was able to exploit the users who had set infinite approvals. The protocol urged those who had interacted with several affected smart contracts to revoke permission, and warned: "Please do not interact with any LI.FI powered applications for now!"
Three arrests made in relation to Metamax pyramid scheme
Three people have been arrested in connection to a crypto pyramid scheme called Metamax. Those behind the scam promised that people who invested in the scam could then earn income of up to $400 a day simply by watching, sharing, liking, and reviewing videos. There was, of course, a referral component as well, where people earned commission on the "investments" of people they referred. And for people who chose to invest in one of Metamax's fixed investment plans, they were promised 1.5% daily returns.
Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.
Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.
Minterest hacked for $1.4 million
An attacker stole $1.4 million from the defi lending project Minterest. Using a flash loan attack, they manipulated the exchange rate calculated by the project, allowing them to withdraw more tokens than they originally loaned.
Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.
Dough Finance hacked for $1.9 million
Defi platform Dough Finance was hacked for 608 ETH ($1.8 million) by a hacker using a flash loan attack funded through the Railgun privacy service.
Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.
Popular defi protocol websites replaced with wallet drainers amid mass Squarespace domain hijacking
Websites providing the frontends for some popular defi services, including Compound Finance, were compromised and replaced with wallet drainers: websites resembling the usual frontend, but which drain unsuspecting users' wallets when used.
Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.
The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."
Web2 is going just great!
OmegaPro founder arrested for allegedly running crypto Ponzi
Turkish authorities arrested Andreas Szakacs, also known as Emre Avci, for his role in the OmegaPro cryptocurrency Ponzi scheme. Victims were invited to make small investments in the "Omega Invest" application, which made quick returns. They were enticed to invest more and more, but when they attempted to withdraw funds, they discovered the money had been taken. Altogether, victims have claimed around $103 million in losses.
The OmegaPro Ponzi scheme was reportedly linked to the OneCoin crypto Ponzi, whose operators stole at least $4 billion from millions of victims since 2019. Multiple people associated with OneCoin have been arrested, including its co-founder Karl Sebastian Greenwood, but its "Cryptoqueen" co-founder Ruja Ignatova was one of Europol's most wanted fugitives and remains the subject of an Interpol red notice.
- "$4B cryptocurrency scammer caught in Istanbul", Türkiye Today [archive]
Doja Cat's Twitter account hacked to promote meme token
The Twitter account belonging to rapper Doja Cat was compromised on July 8, tweeting to her 5.6 million followers that they should "buy $DOJA or else", and various other messages to that effect. Doja Cat quickly posted on her Instagram account to say that the Twitter account had been compromised.
The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.
Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.
Bittensor wallets drained
Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth around $8 million, was siphoned. Although blockchain sleuth zachxbt hypothesized that the attack may have been thanks to a private key leak, Bittensor later claimed that affected users had in fact been compromised by a malicious Bittensor package that had been uploaded to Python's PyPi package manager. It's not yet clear how the malicious package made it onto the package manager.
Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.
- "Bittensor Community Update — July 3, 2024", Opentensor Foundation [archive]
Silvergate Bank pays $63 million to settle charges from multiple agencies
More than a year after the crypto-friendly Silvergate Bank collapsed, its parent company has agreed to pay $63 million in fines to the Federal Reserve and California Department of Financial Protection and the Innovation. The SEC also imposed a $50 million fine, though the terms of the settlement noted this "may be offset" by the other penalties.
According to the regulators, Silvergate "had serious deficiencies" in its anti-money laundering programs, including in its intra-customer crypto transfer product. In particular, the SEC highlighted $9 billion in suspicious transfers among FTX entities that should have been detected by compliance programs. The SEC also alleged that Silvergate misrepresented its financial state during the post-FTX collapse bank run.
- "SEC Charges Silvergate Capital, Former CEO for Misleading Investors about Compliance Program", U.S. Securities and Exchange Commission [archive]
- "Crypto-Friendly Silvergate Bank Pays $63M to Settle Charges With SEC, Fed, California Regulator", CoinDesk [archive]