Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

U.S. Drug Enforcement Administration sends over $50,000 to a scammer

After seizing a little more than $500,000 in the Tether stablecoin from two accounts it believed were involved in illegal narcotics sales, the DEA mistakenly sent $50,000 of the seized funds to an enterprising scammer.

Someone observed the DEA wallet send a small test transaction before transferring the remaining seized funds, and quickly used a crypto wallet address with identical characters at the beginning and end to send an airdrop to the DEA source wallet. When the DEA agent went to send the remaining funds, they copied-and-pasted the address, believing it was the same one they'd sent the test transaction to. This is a common scam in the crypto world known as "address poisoning", and is successful primarily because crypto wallet addresses are very long strings of characters that people usually copy-and-paste, and only identify by the characters at the start and end.

Upon discovering that they'd been duped, the DEA contacted Tether to ask them to freeze the funds. However, by that time, the scammer had already converted the money into ETH, which couldn't be frozen. The DEA is now working with the FBI to try to trace the theft.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

Former New Jersey prison guard charged by SEC over crypto pump-and-dump scheme targeted at cops

John DeSalvo, a former New Jersey corrections officer, was charged by the SEC over a pump-and-dump scheme associated with his "Blazar" token, a project he targeted at fellow law enforcement. With promises that the Blazar token would "guaranteed minimum 100X your money", DeSalvo convinced around 222 investors to pour in at least $623,888. He also made other false statements, including that the token was registered with the SEC, and that he had devised a way for people to take payroll deductions that would automatically be used to purchase the token.

Rather than "100x-ing", the token immediately plummeted when DeSalvo sold his ~41 billion Blazar tokens. DeSalvo is accused of using his profits from the scheme to speculate on other crypto tokens, pay for personal expenses, and reimburse one investor who threatened legal action.

DeSalvo is also being charged over a separate investment scheme he operated, where he solicited investments on Facebook, promising to use his claimed trading expertise to earn massive returns. The SEC alleges he lost most of the money in bad investments, and stole the rest for himself, blaming the losses on market movements.

Theme tags: Hack or scam, Law

DOJ charges two founders of Tornado Cash, arrests one

A year after the Department of Treasury added Tornado Cash to the OFAC sanctions list, the DOJ has come in to charge the service's two founders with conspiracy charges involving money laundering, sanctions violations, and operating an unlicensed money transmitter. The Feds arrested Roman Storm, a U.S. national; Russian co-founder Roman Semenov is "at large".

The Feds claim that the two founders knew Tornado Cash was widely being used to launder hundreds of millions of dollars by North Korea, but "turned a blind eye" and claimed to be complaint with sanctions laws. They also state that they refused to implement anti-money laundering and KYC programs, as is required of money transmitting services.

These charges are likely to be controversial — as has been the sanctioning of Tornado Cash — among crypto advocates and others, as they run up against thorny First Amendment questions and conflicting ideas about who, if anyone, is liable for running decentralized services.

Theme tags: Law

Users pull $150 million in funds from Balancer protocol within hours after reports of a critical vulnerability

Balancer, a popular Ethereum-based defi protocol, has warned users that they should withdraw funds from vulnerable pools on the project after receiving a report of a critical vulnerability. No funds have been lost thus far, and the project has pools that could be impacted, though not all pools can be paused. Because of the nature of crypto projects, Balancer can't simply patch the vulnerability, and is now having to urge users to withdraw their liquidity as soon as possible.

Balancer had around $850 million TVL prior to the announcement. Since revealing the issue, users have removed more than $150 million in assets from the project. Balancer has stated that "only 1.4% of the total TVL is at risk", though 1.4% of $850 million would still be a sizeable $12 million windfall for any potential exploiter.

Theme tags: Bug
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Victim loses $900,000 to Google Ad phishing

Screenshot of Google search results for "celer bridge", with annotations showing that the first result, a sponsored result, is a malicious result that eventually redirects to a phishing site(attribution)
Google Ad phishing is the practice of taking out a Google advertisement to promote a malicious website impersonating a legitimate project. By taking out the ad, the result is pushed to the top of the search results page, tricking unsuspecting victims into believing it's a legitimate search result.

On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.

Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

SEC cracks down on Titan crypto investment manager for advertising 2,700% returns

Titan Global Capital Management, an investment advisory firm, has been charged by the SEC for violations of securities laws, including misrepresenting potential investment performance, making misleading disclosures pertaining to crypto custody, failing to impose limits on employees' crypto trades, and more.

Titan advertised "annualized" performance results of up to 2,700% on its Titan Crypto trading strategy, which the SEC says was misleading because it failed to include material information about how the performance was calculated. Titan had based the calculation on three weeks of performance, assuming it would continue for a full year.

Titan has agreed to a cease-and-desist order, censure, and over a million in disgorgement and penalties.

Theme tags: Law

Harbor Protocol exploited

The "interchain stablecoin protocol" Harbor announced on August 19 that they had experienced an exploit that drained some of the funds in the project pools. They wrote on Twitter that they were "working hard to estimate the total losses incurred as well as investigate the exploiter(s) and trace the funds."

According to data on DefiLlama, TVL on the project dropped from around $370,000 to only $81,000. The TVL was already significantly down from the project's peak of almost $1.5 million.

Theme tags: Hack or scam
Tech tags: DeFi, stablecoins

Crypto founder loses over $250,000 to crypto scam

Bryan Lawrence, the leader of a crypto project called Glow Token, recently shared that he'd fallen victim to scammers impersonating employees of the Crypto.com exchange. Lawrence said that scammers promised to list Glow Token's FLARE token in exchange for more than $250,000 in "security deposits". Crypto.com later contacted Lawrence, asking him to stop falsely claiming that his token would be listed on Crypto.com, and alerting him to the apparent scam.

Lawrence is now suing Crypto.com, although this may be challenging given they apparently weren't behind the scam. Lawrence has also said that he has sold his house to pay for legal costs.

Theme tags:

Recur NFT platform shuts down after $50 million Series A

In September 2021, the Recur NFT platform announced it had raised $50 million in a Series A funding round that saw the startup valued at $333 million.

In December 2021, the company offered $300 "Recur Passes", which promised holders early access to NFT drops and other perks. One of them resold for $88,888 in February 2022.

Now, Recur has announced they will be closing up shop, and warned users to migrate their assets away from the platform in advance of a November shutdown. The company cited "unforeseen challenges and shifts in the business landscape".

As for the Recur Passes, they're currently selling for somewhere between $7 and $11.

Theme tags: Collapse
Tech tags: NFT

Terra website hijacked by phisher

Despite the catastrophic Terra/Luna collapse in May 2022, the Terra blockchain is still up and running. On August 19, the official Twitter account for the Terra project tweeted that the project's website had been hijacked, and was being used by a phisher to try to obtain access to users' wallets. When the website is opened, it prompts visitors to connect their wallets, which then allows the phishers to drain funds.

Despite a tweet on August 19 that "sites are coming back online", and a developer stating that they were "mostly back in control", the website apparently remained compromised for several days. The project reiterated via tweet on August 20 that the website was still not safe to use.

It's unclear how much was stolen as a result of the hijacking.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Terra

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.