Twitter and YouTube accounts for the British Army simultaneously hacked and used to promote NFT and crypto scams

A screenshot of the Twitter profile for @BritishArmy, which has been rebranded to use the same images as the Twitter account of the real "The Possessed" NFT account. A pinned tweet reads "we are ready to present you with a collection of anomalies. The Anomalies is a collection of special Possessed 1/1s, created by @whatthefurr. They will all animate in typical Possessed style 1/3 You can get it right now! Get your nft : the possssed.xyz #NFT"Hijacked British Army Twitter account (attribution)
The 362,000-follower verified Twitter account and 178,000-follower YouTube account for the British Army were simultaneously compromised, and used to shill two different crypto scams.

On Twitter, the account details were changed to resemble the Possessed NFT project (as also happened to top Super Smash Bros. Ultimate player MkLeo in March). Tweets from the account announced a "new NFT collection" and linked to a fake minting website, complete with a fake counter showing the number of available NFTs appearing to dwindle.

Meanwhile, the YouTube account was rebranded to resemble ARK Invest, the investment management firm founded by Cathie Wood. It ran a steady stream of fake videos cribbed from an old, real livestream with Elon Musk and Jack Dorsey, but surrounded with borders promoting "double your money" Bitcoin and Ether scams. This is a common YouTube scam, and one such scam earned crypto scammers $1.3 million in 24 hours back in May.

Crema Finance hacked for $8.8 million, most returned

Solana liquidity protocol Crema Finance was exploited for around 69,500 SOL (~$2.3 million) and around $6.5 million worth of stablecoins for a total loss of around $8.8 million. The hacker then swapped the stablecoins for Ethereum via Uniswap.

Crema Finance sent a message to the hacker via Ethereum transaction, writing that "you have 72h from now to consider becoming a white hat and keeping $800k as the bounty... Otherwise the police and legal force will officially get involved and there will be endless tracing waiting for you." On July 6, Crema announced that they had reached an agreement with the hacker, who returned most of the funds and kept 45,455 SOL ($1.68 million) as a "bounty".

Although the terms of the "bounty" agreement suggested that Crema Finance would not involve law enforcement, sometimes these things are out of platforms' hands (or they renege on the agreement). On July 11, 2023, the U.S. Attorney for the Southern District of New York announced charges against Shakeeb Ahmed, a security engineer alleged to have perpetrated the theft.

Crema Finance is not to be confused with C.R.E.A.M. Finance, a crypto lending service that was hacked three separate times in 2021 for a total of nearly $200 million.

Meta hammers another nail into the coffin of Libra, announcing the shutdown of their Novi project

Diem, formerly known as Libra, was a stablecoin-based payments system proposed by Meta, formerly known as Facebook. Novi, formerly Calibra (are you keeping up?), was a crypto wallet and crypto-based money transfer pilot project run by the company. The app was advertised as a solution for sending remittances, and claimed it would help provide "equal access to financial services".

Libra-now-Diem ground to a halt after concerns from regulatory bodies and the general public, with Facebook-now-Meta abandoning the project in January 2022. Now they've announced they'll be shutting down Calibra-now-Novi, too, and have advised users to withdraw their balance "as soon as possible". Users won't be able to add money to their accounts beginning on July 21.

Quixotic NFT marketplace hacked for more than $100,000

Quixotic, an NFT marketplace on the Optimism network, was attacked after a hacker was able to exploit a recently updated smart contract. The attacker made off with at least $100,000.

Quixotic is the largest NFT marketplace on Optimism, a layer 2 Ethereum network. Despite being the largest marketplace on the network, it still does fairly little in volume compared to NFT marketplaces on other networks, boasting only around $420,000 in trading volume in the last 30 days.

Quixotic paused marketplace activity after discovering the hack, and promised to reimburse all users who had tokens stolen from them.

Ankr gateways for Polygon and Fantom compromised, seed phrases possibly stolen

The Ankr public RPC gateways (basically an API for dApps and other services to communicate with the blockchain) for Polygon and Fantom were impacted when attackers compromised the projects' DNS management. Those who accessed Polygon or Fantom using Ankr's RPC gateways saw pop-up windows stating that "funds are at risk", and prompting them to enter their seed phrases at a website linked from the popup to "restore their wallet".

Polygon's chief information security officer Mudit Gupta told CoinDesk that day that "no funds [were] lost as far as we know but we are still investigating", and that dApps using the Ankr RPC endpoint were non-functional. Ankr later announced that the RPC systems had been fully restored, and that the breach had come from a "third-party vendor" that enabled attackers to change Ankr's domain hosts.

Voyager Digital suspends withdrawals and other activity

Voyager Digital announced that they had suspended trading, deposits, withdrawals, and loyalty rewards. This came after it was revealed that Voyager had issued a notice of default to the bankrupt Three Arrows Capital on a loan of more than $670 million worth of USDC and Bitcoin. On June 22, Voyager had reduced their withdrawal limit, suggesting they were having trouble meeting customer demand for withdrawals. The week before that, Voyager had secured a large loan from FTX to try to help them stay afloat.

Voyager announced that they were making the decision "given current market conditions", and that it "gives us additional time to continue exploring strategic alternatives with various interested parties". They also released some financial and balance sheet updates that painted a pretty grim picture.

Coca-Cola launches Pride NFTs, bringing the commercialization of Pride to new lows

A 3D rendering of a glass coke bottle with pink and orange swirls on it, surrounded by faceted spherical prisms and rainbow lightsCoca-Cola Pride Bottle #8 (attribution)
If it wasn't already nauseating to watch a huge corporation like Coca-Cola use LGBTQ Pride Month to market their products and pay lip service to supporting LGBTQ rights while supporting anti-LGBTQ politicians, now they're doing it with NFTs. Coca-Cola launched "The Coca-Cola Pride Collection" of 136 NFTs, which are minting for 335 MATIC (~$158). The website states that all proceeds will go to LGBTQ+ charities.

At that price, Coca-Cola will only be earning about $21,500 (minus any expenses) if the project mints out, plus any resale fees. A many-billion-dollar company like Coca-Cola might consider just donating the 20 grand themselves.

Mirror Trading International charged after $1.7 billion fraud

Mirror Trading International was a South African Bitcoin pool operator that advertised to investors that it would generate 10% returns a month, with bonuses for referring friends and family. In reality, the project was a global pyramid scheme that lied to investors about the existence of a "trading bot", falsified account statements, engaged in no profitable forex trading, and used participants' deposits to pay out "returns" to other investors. The company operated from May 2018 until its bankruptcy and liquidation in early 2021, pulling in more than $1.7 billion.

Mirror Trading International was founded and operated by Cornelius Johannes Steynberg, who had been on the run from South African police until recently being detained in Brazil on an INTERPOL warrant. The CFTC is seeking full restitution, disgorgement, and bans from future trading.

On September 7, 2023, a U.S. District Court ordered MTI to pay $1.7 billion in restitution.

Owner of Circle Society platform, which advertised 600% returns, charged with fraud

The U.S. Department of Justice announced fraud charges against David Saffron, the owner of the Circle Society cryptocurrency investment platform (with no relation to Circle). Saffron allegedly lied to investors, saying he operated a cryptocurrency trading bot that would generate 500–600% returns on investment. He also reportedly held meetings at luxury homes in the Hollywood Hills and traveled with armed security "in order to create the false appearance of wealth and success".

The scheme ultimately drew in about $12 million from investors, beginning in late 2017. Saffron was charged with one count of conspiracy to commit wire fraud, four counts of wire fraud, one count of conspiracy to commit commodities fraud, and one count of obstruction of justice. If convicted of all charges, he faces up to 115 years in prison.

Previously, in April 2021, the a court ordered Circle Society and Saffron to pay $32 million in relation to the scheme after a default judgment in a lawsuit from the CFTC, who described the whole thing as a Ponzi scheme.

Operator of fraudulent Titanium Blockchain Infrastructure Services ICO charged with securities fraud

The U.S. Department of Justice charged Michael Alan Stollery with securities fraud over his role as founder and CEO of Titanium Blockchain Infrastructure Services (TBIS). TBIS was a supposed cryptocurrency investment platform that launched an initial coin offering in 2018. The ICO drew in $21 million until the SEC obtained a court order to halt the offering on May 29, 2018.

The DoJ alleges that Stollery falsified the TBIS whitepaper, wrote fake testimonials on the project website, and made up business relationships with the U.S. Federal Reserve Board and large companies including Apple, Pfizer, and Disney.

If convicted on all counts, Stollery faces up to 20 years in prison.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.