The project blamed the theft on a previous contractor who had the private key. They also explained that the attacker seemed to be a developer based on the fact that they had "specialized knowledge of ZERO's internal security systems".
Wilder World game suffers $1.8 million theft, blames contractor
Wilder World is a blockchain-based racing game that uses all the buzzwords: blockchains, artificial intelligence, and metaverse. On March 16, someone with access to the project deployer's private key upgraded legacy contracts and transfer the project's $WILD and $MEOW tokens to themselves. Altogether, the attacker profited 515 ETH (~$1.8 million), which they then laundered through the Tornado Cash cryptocurrency tumbler.
Phisher impersonating influential crypto trader in Twitter replies scams over $2.6 million
![Tweet by real Ansem account: i dont launch coins bros, but i can give allo to good stuff in other ways soon
Tweet by fake Ansem account closely resembling the one above it:
im about to launch my own token $BULL this weekend
link presale: [redacted link]
min 1 sol
max 3 sol
lets run it up yall](https://primary-cdn.web3isgoinggreat.com/entryImages/resized/ansem-impersonator_300.webp)
Someone impersonating Ansem, an influential crypto trader, was able to scam people out of more than $2.6 million simply by replying to the real Ansem's tweets. Using an account mimicking the real account, with only a slight difference in the username, a phisher convinced Ansem's followers that he was creating his own Solana memecoin and asked them to buy in.
In one of the real Ansem's tweets, Ansem wrote "i dont launch coins bros" — nevertheless, followers eager to get in early on a new memecoin clicked a link offering a presale and had their wallets drained.
Altogether, people lost $2.6 million to the scam. One individual lost $1.2 million.
Remilia Collective reports multi-million dollar hack
"Charlotte Fang", the leader of the controversial Remilia project (known for its Milady NFTs), claimed he was hacked and drained of ETH and NFTs potentially worth several million dollars. Although the project's treasury used a multi-signature model, the private keys were stored in one password manager, which Fang says was compromised.
The attacker stole around 490 ETH (~$1.8 million) and $58,000 USDC, along with more than 130 Milady NFTs, 320 Remilio NFTs, and hundreds of derivative tokens issued on the NFTX platform. Based on floor prices, the assets are valued at north of $6 million.
The mechanism of the attack is still uncertain, though Fang has said he suspects malware that could have intercepted credentials to his Bitwarden password manager. Some have expressed skepticism around the "hack", suggesting it could have been inside job. The Remilia group had suffered a separate $1 million loss in September 2023 — blamed on a rogue developer — and failed to implement many security safeguards after that incident.
NFPrompt discloses hack
A Binance-incubated platform called NFPrompt claims to be "the first Prompt Artist Platform in Web3" — with "prompt artist" referring to people who come up with prompts to feed into large language models. More succinctly, it's a platform to sell the NFTs you've made out of AI-generated images.
The platform announced on March 15 that it had suffered a "critical security incident" that it attributed to "a group of hackers" who were able to gain access to funds belonging both to the project's users and the project itself. They did not disclose how much was taken.
The project announced that it was working with the FBI, and had contacted centralized exchanges to ask them to freeze stolen funds.
Someone accidentally burns $1.36 million Tether
Someone accidentally threw away $1.36 million when they accidentally sent Tethers to the Tether contract address — making them permanently inaccessible in a process known as "burning". This is a rather common phenomenon in crypto, where it's easy to accidentally copy/paste the wrong address.
Most experienced crypto users have adopted the habit of sending small test transactions before transferring large amounts of tokens, to first check that they're using the correct address. Oddly, this person did so in this case, but then went right ahead and transferred the remaining tokens to the erroneous address.
The person may have lucked out that they were using a centralized stablecoin like Tether, whose operators hold a substantial amount of control over freezing, destroying, and creating new Tethers — and could feasibly replace the burned tokens.
Mozaic exploited for $2 million, recovers 90%
The "AI-optimized" defi project Mozaic Fi was exploited by an attacker who drained around $2 million in funds from the project.
According to MozaicFi, the theft had been perpetrated by a rogue developer who was able to gain access to a private key held by a core team member. They also claimed that a simultaneous large sale of the Mozaic token resulted in cascading liquidations.
In good news for the project, the attacker moved around 90% of the stolen funds to MEXC, a centralized cryptocurrency exchange that was able to freeze the thief's access to the funds.
MOBOX lending platform exploited for $750,000
The decentralized lending protocol, MOBOX, was exploited on March 14, 2024 after an attacker was able to take advantage of a bug in its referral program and borrowing functionality. By repeatedly borrowing funds and earning rewards, they were able to drain around $750,000 in USDT.
Massachusetts prosecutors seek to seize $2.3 million from crypto romance scam
The U.S. Attorney's Office in the District of Massachusetts announced that they had filed a civil forfeiture action to seize cryptocurrency priced at around $2.3 million from two Binance accounts. Those accounts had received cryptocurrency of various kinds from at least 37 American victims, one of whom was based in Massachusetts and who lost $400,000 in crypto assets to the scammers.
- "United States Files Forfeiture Action to Recover Cryptocurrency Traceable to Pig Butchering Romance Scam", United States Attorney's Office, District of Massachusetts [archive]
Phishing attack drains $2 million from one victim
An Ethereum holder who had been staking their ETH through a liquid restaking protocol called Ether.fi suffered a 501 ETH (~$2.025 million) loss when they fell victim to a phishing scam. They inadvertently signed a malicious transaction that granted the attacker "increase allowance" permissions, enabling them to siphon almost the entire sum of funds from the wallet. The individual was left with less than $1,500 in the wallet.
Incognito Market drug marketplace pulls multi-million dollar double scam
Since March 5, those who used the Incognito Market darkweb narcotics marketplace have found themselves unable to withdraw the Bitcoin and Monero they had on the platform. It appeared the platform had exit scammed for somewhere between $10 and $30 million.
Making matters worse, on March 10 the website posted a message reading, "Yes, this is an extortion !!" They wrote that, although the platform promised to "auto-encrypt" messages between buyers and sellers, and auto-delete after an expiry date, messages were not encrypted or deleted. They demanded that users pay an additional $100 to $20,000 to have their information removed from the dataset, which they promised to release at the end of May. "Whether or not you and your customers' info is on that list is totally up to you."
The tactic is reminiscent of that of ransomware groups, which often demand double fees: one from victims of hacks first to regain access to their systems, and another in exchange for a promise to destroy stolen data.
- Incognito Darknet Market Mass-Extorts Buyers, Sellers, Krebs on Security [archive]