UwU Lend was founded by Michael Patryn, aka Omar Dhanani, aka "0xSifu" — a co-founder of the ill-fated QuadrigaCX exchange and ex-con. He also pseudonymously ran the defi cryptocurrency project Wonderland until his identity was revealed after the protocol suffered a meltdown.
UwU Lend suffers almost $20 million hack
The defi lending protocol UwU Lend was hacked for around $20 million. After various blockchain security firms observed suspicious outflows of funds, the protocol acknowledged there had been a "situation" on their Twitter account, and wrote that they had paused the protocol while they were investigating.
Loopring's "most secure" wallet hacked for at least $5 million
Although Loopring markets its wallet application as "Ethereum's most secure wallet", that's evidently a pretty low bar. They disclosed that they had suffered a breach in their wallet recovery service, which allows individuals to designate trusted entities to recover assets or freeze compromised accounts. An attacker was able to "recover" assets from wallets that had only designated a single Loopring guardian, pilfering at least $5 million.
Loopring announced that they had suspended their account recovery operations, and were working with law enforcement to trace the attackers.
New York Attorney General sues over $1 billion NovaTech and AWS Mining crypto pyramid schemes
The New York Attorney General’s office has sued Cynthia and Eddy Petion over two allegedly fraudulent cryptocurrency pyramid schemes called AWS Mining and NovaTech. They particularly targeted victims of Haitian descent, promoting their schemes in Creole, leveraging their victims’ religion, and promising them “financial freedom” and “freedom from the plantation”.
In reality, the schemes were pyramid schemes in which investors earned crypto for recruiting others to buy in. NovaTech also used the funds from newer investors to pay out the supposed “returns” from the investment scheme, in a classic Ponzi fashion. From August 2019 – April 2023, victims deposited more than $1 billion into NovaTech. Though it was described as a trading operation, only about $26 million ever went into crypto trading.
In June 2022, the couple secretly sold their Florida house and moved to Panama, while continuing to pretend they were in the state. Speaking to another operator of the scheme, Cynthia Petion advised: “leave the country…they can’t serve you if they can’t find you lol.”
Blockchain developer loses over $48,000 after posting private key to Github
A blockchain developer posted on Twitter that he had lost almost $50,000 after his cryptocurrency wallet was drained. He explained that he had been working on a software project on Github in a private repository that contained his wallet's private key. In order to apply for a funding grant from the Optimism project, he had to make the repository public. However, he forgot that the secret key was in the repository.
Generally, it is very bad practice to store sensitive secrets in Github, even when projects are set to private.
"Got drained of everything," he wrote on Twitter. A commenter asked how long it took for the attacker to steal the money after the private key became publicly visible. "2 min", he replied.
Lykke exchange hacked for over $23 million
The UK-based Lykke crypto exchange suffered an exploit that saw more than $23.6 million stolen from the platform. The platform shut down trading two days later, and some customers reported seeing balances of 0 in their accounts.
The theft was first noticed by outside researchers, who saw the suspicious outflows and accused the platform of not communicating the security breach to its customers. The following day, Lykke acknowledged the attack and informed customers via email.
DOJ indicts Epoch Times executive for crypto scam
Widong "Bill" Guan, Chief Financial Officer of the far-right Epoch Times media company, has been indicted on money laundering conspiracy and bank fraud charges for his alleged involvement in a cryptocurrency scam and money laundering operation. According to the Justice Department, Guan used cryptocurrency to purchase prepaid debit cards that were loaded with fraudulently obtained unemployment insurance benefits. Guan and others then laundered the funds through bank accounts they'd fraudulently opened using stolen personal information.
According to the DOJ, banks became suspicious when the revenue for the Epoch Times increased 410% — from around $15 million to around $62 million — from the previous year.
- "Chief Financial Officer Of Multinational Media Company Charged With Participating In Scheme To Launder At Least $67 Million In Fraud Proceeds", U.S. Attorney's Office, Southern District of New York [archive]
Velocore decentralized exchange exploited for $6.8 million, Linea blockchain halts in response
The Velocore DEX, built on the Linea Ethereum layer-2 blockchain, was exploited for around $6.8 million in ETH. The hacker was able to take advantage of a bug in the project's smart contract in the logic to calculate swap fees. Using a flash loan attack funded through Tornado Cash, the attacker drained most of the tokens from the pool, bridged the tokens back to the Ethereum mainnet, and then tumbled the stolen funds back through Tornado.
In an unusual move, the operators of the Linea layer-2 blockchain chose to unilaterally halt the chain in order to stop the outflow of stolen assets. Because Linea — like many layer-2 chains — is highly centralized, it was possible for the Linea team to unilaterally stop the production of blocks.
This was very controversial, as a single operator being able to unilaterally control the operation of a blockchain goes against much of the cryptocurrency ethos. Following their action, they tried to explain that "Linea's goal is to decentralize our network - including the sequencer. When our network matures to a decentralized, censorship-resistant environment, Linea's team will no longer have the ability to halt block production and censor addresses - this is a primary goal of our network".
Japanese crypto exchange DMM Bitcoin loses $308 million
A Japanese cryptocurrency exchange called DMM Bitcoin has announced that they suffered an "unauthorized leak" of 4,502.9 bitcoin (~$308 million) from a company wallet. They've provided very little in additional details around how the loss occurred, or who may have been involved. They have taken some of their services offline as they investigate the incident.
The company claims it will replace the lost funds with help from other companies in their group.
This is one of the largest cryptocurrency thefts in recent history, rivaling the roughly $320 million theft from the Wormhole bridge in February 2022 and the $477 million theft from FTX in November 2022.
FTX executive Ryan Salame sentenced to 7.5 years imprisonment
Ryan Salame was the CEO of FTX Digital Markets which was the Bahamian portion of the FTX business. In September 2023, just before Sam Bankman-Fried's trial began, Salame pleaded guilty to one count each of conspiracy to operate an unlicensed money transmitting business and conspiracy to make unlawful political contributions and defraud the Federal Election Commission. He was the only co-conspirator of four to not plead under a cooperation agreement, and he did not testify at Bankman-Fried's trial.
In his sentencing memo, Salame asked for a sentence of no more than 18 months imprisonment, claiming that "he was duped, as was everyone else, into believing that the companies were legitimate, solvent, and wildly profitable." Judge Kaplan didn't seem to agree, ultimately passing down a sentence greater than the five to seven years requested by prosecutors. He also will pay $6 million in forfeiture, $5 million in restitution, and spend three years on supervised release.
Salame is the first of Bankman-Fried's co-conspirators to be sentenced.
- "Former FTX Executive Ryan Salame Sentenced To 90 Months In Prison", U.S. Attorney's Office, Southern District of New York [archive]
Memecoin team accused of hacking influencer Twitter account to manipulate markets
According to crypto sleuth zachxbt, the team behind the Solana-based $CAT memecoin hacked the Twitter account of "Gigantic-Cassocked-Rebirth" (@GCRClassic) crypto influencer.
First, the team sniped their own $CAT token launch to obtain 63% of the token supply, ultimately selling a portion of it for around $5 million. Then, they took out $2.3 million and $1 million long positions on the ORDI and ETHFI tokens, respectively. Finally, they posted from the compromised influencer account to shill the ORDI and ETHFI tokens to his massive following. Ultimately, their gambit doesn't appear to have been incredibly successful: they made around $34,000 on the ORDI position, but lost $3,500 on the ETHFI position. However, as zachxbt noted, it's possible they also opened positions on centralized exchanges where the outcomes aren't publicly visible.