SEC sends Wells notice to Uniswap

April 10, 2024

SEC sends Wells notice to Uniswap

The US Securities and Exchange Commission issued a warning to the Uniswap decentralized exchange in the form of a Wells notice. Wells notices are used to inform the recipient of an impending lawsuit, and give them a last-ditch opportunity to convince the SEC that the suit is unwarranted.

The notice was received with an adversarial posture by Uniswap, who announced its receipt with a blog post titled "Fighting for DeFi". "Taking into account the SEC's ongoing lawsuits against Coinbase and others as well as their complete unwillingness to provide clarity or a path to registration to those operating lawfully within the U.S., we can only conclude that this is the latest political effort to target even the best actors building technology on blockchains," they wrote.

The news was met with outrage in the crypto community, who generally saw the action as indicative of an overly aggressive posture by the SEC to crack down on defi and crypto more broadly.

"Fighting for DeFi", Uniswap Labs blog [archive]

April 9, 2024

$23 million goes missing amid STFIL claims that they're being investigated

(attribution)

STFIL, a protocol that promises liquid staking and "leverage mining" to holders of Filecoin's FIL token, announced on Twitter that "We believe that the STFIL core technical team is under investigation by local Chinese police."

According to STFIL, while some of the core team members were detained by Chinese police, FIL tokens were moved to an unknown wallet. They also acknowledged that there had been "abnormal, unscheduled upgrades to the protocol". They asked their community members for help in tracking the wallet.

Some speculated that the story was fake, and that the project had stolen the funds. However, Chinese police have in several instances cracked down on people and companies involved in Filecoin-related projects, including an $83.3 million alleged pyramid scheme in August 2023 and a group of Filecoin Ponzi schemers in 2021. Filecoin mining became popular in China after its 2018 initial coin offering, and also became a magnet for Ponzi schemes and other scams.

April 8, 2024

MuskSwap and related projects exit scam for over $5 million

A person or group have raised funds for various crypto projects only to abandon them, empty the project wallets, and launder the funds through Tornado Cash. The largest of the projects was called "MuskSwap", which proclaimed: "$MUSK & MuskSwap was born to show admiration to elon musk's super projects like solarcity, tesla, space x and his constant influence on the world finance & the crypto market."

The project described itself as a DEX with a native $MUSK token, and launched in July 2021. However, the token tanked on December 25, 2021. Although the project team tried to blame the crash on "liquidity issues" and promised paths forward, they locked the project Telegram chat on March 11, 2022. On April 5, 2022, the team withdrew remaining funds and deleted the website.

Crypto analysis firm CertiK linked the MuskSwap project to several other scam tokens and projects: RocketDoge, InfinityGame, SpaceX, MUFC (themed after Manchester United), and Elona Musk. Altogether, the rug pulls have drawn in $5.1 million.

"Decrypting MuskSwap: A web of Scams and Tracking Funds Through Tornado Cash", CertiK [archive]

April 7, 2024

Bored Ape-themed fast food restaurant shuts down

A photograph of a restaurant with a sign featuring a Bored Ape NFT and the text "Bored & Hungry". The building is vacant and a sign shows "Chile Verde Mexican Food coming soon"

(attribution)

It's hard to believe that the hamburger joint themed around the owner's Bored Ape NFT failed to take off. Although there was novelty value in the themed restaurant, which for a time boasted that it accepted cryptocurrency payments, the excitement seemed to wear off quickly after a few early news articles. After a while, the restaurant's crypto payments became spotty, with employees saying the system was unwieldy and unpopular among customers.

Some more recent Yelp reviews described fairly mediocre food, which "[t]he NFTs don't make up for".

The restaurant opened in April 2022, a month after owner Andy Nguyen purchased Bored Ape #6184 for $268,000, along with three Mutant Apes for an additional combined $187,000. #6184 became the restaurant's logo, and the others were incorporated into the restaurant's branding. The NFTs haven't been resold since, although it's unlikely they could recoup close to their original purchase prices — Bored Apes have been averaging a little under $50,000 in recent sales, and Mutants around $8,500 each.

April 5, 2024

Do Kwon and Terraform Labs found liable for $40 billion fraud

Do Kwon (attribution)

After hearing arguments that Terraform Labs was "built on lies" during a two-week-long trial, the jury in the civil case against the company and its founder Do Kwon found that both were liable for fraud.

Kwon and his company were behind the algorithmic stablecoin, Terra, which dramatically collapsed in May 2022, sending huge ripple effects throughout the ecosystem. He and his company had lied about the stability of the token, ultimately causing massive financial damage to the tune of around $40 billion.

Kwon is in custody in Montenegro after attempting to flee criminal cases in both the United States and South Korea. The civil case in the US proceeded without him.

"Terraform Labs and founder Do Kwon found liable in US civil fraud trial", Reuters [archive]
Verdict in Securities and Exchange Commission v. Terraform Labs Pte Ltd. [archive]

April 4, 2024

SushiSwap team votes to give themselves control of much of the "decentralized" project's treasury

(attribution)

The leadership team behind SushiSwap, a popular defi platform, submitted proposals for a DAO governance vote that would transfer control of around $40 million from the DAO to a small centralized organization called "Sushi Labs". That organization would also receive all future airdrops awarded to SushiSwap. According to the proposal, this was motivated by a desire for efficiency and faster development.

The "yes" votes are currently in the lead with a 63% margin. The most yes votes came from sushigov.eth, the official SushiSwap team address, which also created the proposal. It is the first time that address has ever participated in a governance proposal.

The 5.5 million yes votes from the team wallet, plus another 3.1 million delegated from other community members, were enough to push the vote to majority support. A former SushiSwap contributor has also alleged that the SushiSwap team was manipulating the vote with additional wallets.

On Twitter, Sushi's "Head Chef" claimed that he had consulted with lawyers and then authorized the voting activity out of fear of an "extortative [sic] governance attack attempt".

"SushiSwap Community Cries Foul Over Vote to Centralize $53M Treasury", Decrypt [archive]
"SushiSwap team treasury takeover looks likely despite heated debate", Cointelegraph [archive]
Tweet by Jared Grey [archive]

April 3, 2024

Project promising to rug pull raises almost $29,000

(attribution)

A project describing itself as "The world's first memecoin pre-announced as a rugpull" was explicit in its marketing: "do not buy this coin, as it will go to zero."

Despite that, people sent the creator over 8.8 ETH (almost $29,000) for the project's "pre-sale", even as they repeated on Twitter that the project was a scam and that no one should buy it.

April 1, 2024

FixedFloat exchange hacked again

(attribution)

The FixedFloat cryptocurrency exchange was exploited again, this time for around $2.8 million. This follows shortly after a February 18 hack in which attackers made off with $26 million.

FixedFloat acknowledged the theft in a Twitter post, and blamed the same thieves. They claimed that this theft was enabled by a vulnerability in a third-party service.

March 30, 2024

Solana faces wave of drain attacks linked to trading bots including Solareum

(attribution)

The Solana ecosystem is grappling with a spate of drained wallets. A cause has yet to be definitively determined, but some of the thefts were linked to the use of trading bots like Solareum. Solareum speculated that the exploits may have been linked to compromised Telegram bot tokens, which could have allowed the attackers to obtain private keys from message history.

Solareum later wrote that they would be closing the project, and deleted their website. This drew some criticism from users who accused them of doing nothing to investigate the hack, or even being responsible themselves. The project wrote on Twitter, "We at #SOLAREUM team can clarify that we DO NOT steal money." Ah, well, in that case.

Other bots may have been involved in the theft, though it's not clear at this point. Though there was some speculation that a trading bot called BonkBot was to blame, that seems to have been unfounded.

The total theft amount is not clear, but exceeds $500,000.

March 28, 2024

Prisma Finance hacked for $12 million; attacker makes detailed demands

(attribution)

The defi protocol Prisma Finance was hacked for 3,257 ETH ($11.5 million). An attacker was able to take advantage of a flaw in the project's smart contracts, allowing them to manipulate users' positions and steal some of their collateral. Two other watchful attackers observed the attack strategy and replicated it, stealing a combined additional 173 ETH (~$610,000).

Plasma paused the protocol after detecting the attack.

The first attacker, who stole the bulk of the assets, sent an on-chain message to Prisma claiming that they had performed a "whitehat rescue", and inquired about returning the funds. In later messages, however, they asked the project to answer questions about their security practices and projects' responsibilities to users to prevent attacks. The attacker then transferred the stolen funds to Tornado Cash — indicating their return is unlikely.

In another message, the attacker was angry that Prisma had not expressed gratitude to them or remorse to their users, and was angry they had used terms like "exploit" and "attack" in their description of the incident. They demanded that the team reveal their identities, apologize, and thank the attacker in an online press conference.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.