On January 6, the project's creators drained the tokens that had been put into the project, then deleted their website and social media accounts. Altogether, they withdrew 558.3 ETH (~$1.25 million).
xKingdom rug pulls for $1.25 million
CoinsPaid hacked again
In July 2023, an attacker stole $37.3 million from the CoinsPaid platform. CoinsPaid said at the time that they suspected the attacker was the North Korean Lazarus hacking group, which has been a prolific perpetrator of cryptocurrency thefts.
Blockchain security firm CertiK suffers compromise of their own
CertiK quickly regained control of the account and deleted the tweets, later explaining that an employee had been contacted by a "verified account, associated with well-known media". The journalist's account, apparently compromised, successfully phished the CertiK employee by sending what looked like a Calendly meeting scheduling link, but what was in fact a malicious link used to take over the CertiK Twitter account.
Blockchain sleuth zachxbt criticized CertiK, which describes itself as a leading blockchain security firm, for not protecting against the attack, and asked if they would be reimbursing phishing victims.
Gamma Strategies exploited for $6.2 million
Gamma has contacted the hacker to try to negotiate a return of some of the assets, and also says they have engaged law enforcement. Although they have promised to try to repay some of the stolen assets, they are estimating between 25% and 40% recoveries for various categories of users.
- "Post-Mortem & Remediation Plan", Gamma Strategies [archive]
- "DeFi protocol Gamma Strategies suffers an estimated $3.4 million exploit", The Block [archive]
Radiant Capital lending protocol hacked for $4.5 million
Radiant Capital sent an on-chain message to the attacker, offering to negotiate a bounty.
- Tweet thread by Radiant Capital [archive]
- Tweet thread by PeckShield [archive]
- On-chain message from Radiant Capital to the exploiter [archive]
Wallet security startup founder scammed out of $125,000
"I just got scammed out of $125k of stEth while trying to claim the $LFG airdrop. And I'm a fking founder of a wallet startup that's trying to improve wallet security..." wrote Lou on Twitter. "This is the first time I've been scammed. I always read about others but you never think it could happen to you..." he wrote.
If the founder of a wallet security project can't avoid scams in the crypto world, what hope do the rest of us have?
Orbit Bridge hacked for $81 million
Orbit began sending the attacker on-chain messages, writing that "we will track you down and restore the damage you incurred to the ecosystem. And we will not stop." Orbit also wrote on Twitter that they were working with various law enforcement agencies.
Wallet gets phished for $4.4 million
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorizing the malicious drainer. It's not clear if that's how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.
UST and LUNA deemed securities in court
This is a major decision in the crypto world, which recently celebrated a decision in the SEC v. Ripple case, which found that some sales of Ripple's XRP token did not constitute unregistered securities offerings.
The SEC has maintained a position that the majority of crypto asset offerings are securities offerings, which has been an unpopular opinion among those in the cryptocurrency industry — which broadly does not wish to be regulated by the SEC.
- Memorandum & Opinion in SEC v. Terraform Labs [archive]
Levana Protocol loses over $1.1 million in slow motion
The attack was unusual in that it lasted almost two weeks, going unnoticed because it was draining pools slowly enough that the Levana team assumed it was organic activity. However, when the network became congested, the attack suddenly became more profitable — and more noticeable.
- "Levana exploit postmortem", Medium [archive]