Zcash continues to suffer from spam attack that started months ago

Zcash is a privacycoin which, unlike popular blockchains like Bitcoin and Ethereum, allows users to obscure who they are sending money to and how much. Since June or July, the network has been suffering from a spam attack in which attackers have been submitting massive transactions that quickly fill up block space. The chain has exploded in size, nearly tripling to more than 100GB since the attack began. Unlike other chains which are prohibitively expensive to attack, each spammed transaction costs less than a cent, and the attacker is estimated to be spending roughly $10 a day to execute the attack.

More than $1.1 million stolen from Sovryn defi protocol

Bitcoin-based defi protocol, Sovryn, lost $1 million to a price manipulation attack. An exploiter was able to use the project's legacy lend and borrow functionality to maliciously withdraw 44.93 RBTC (~$915,000) and 211,045 USDT.

According to the protocol, their developers "were able to identify and recover funds as the attacker was attempting to withdraw the funds". They have also announced that Exchequer, the project's treasury committee, would "reinject" the remaining stolen funds.

Buyer and seller of hacked account logins busted for $1 million tax fraud

A Floridian who was in the business of buying and selling hacked account logins on the dark web was busted for attempted income tax evasion when he tried to hide more than $1 million in crypto earnings from the IRS in 2014–2017. Despite using services like cryptocurrency mixers (or "tumblers"), the man was unable to successfully hide the money from the IRS. He faces up to five years in prison for the tax fraud. Remember, folks, always make sure to report your ill-gotten profits to the IRS!

Kim Kardashian pays $1.26 million fine for promoting a cryptocurrency without sufficient disclosure

Instagram story post from Kim Kardashian, which reads "Are you guys into crypto???? This is not financial advice but sharing what my friends just told me about the Ethereum Max token! A few minutes ago Ethereum Max burned 400 trillion tokens—literally 50% of their admin wallet giving back to the entire E-Max community. SWIPE UP"Kim Kardashian's Instagram post (attribution)
Kim Kardashian agreed to settle with the SEC over allegations that she had promoted a "crypto asset security" without disclosing how much she had been paid, or when. In June 2021, Kardashian posted an ad to her Instagram story where she claimed that she was "sharing what my friends just told me about the Ethereum Max token". Although she did include "#ad" in the post, she did not disclose to her 251 million followers that she was being paid $250,000 to post it—a requirement if they decide to post ads pertaining to securities investments. She will pay $1.26 million in the settlement.

SEC Chair Gary Gensler said, "Ms. Kardashian's case also serves as a reminder to celebrities and others that the law requires them to disclose to the public when and how much they are paid to promote investing in securities".

Kardashian is also named in an ongoing class action lawsuit pertaining to the EthereumMax project, along with Floyd Mayweather and Paul Pierce.

Coinbase experiences major outage related to U.S. bank accounts

The largest crypto exchange in the U.S., Coinbase, suffered a six-hour-long outage in which they couldn't take payments or make withdrawals involving U.S. bank accounts. They later narrowed down the problem to an issue creating ACH transfers, and tweeted "rest assured, your funds are safe". Six hours later, the company marked the incident as resolved.

Transit Swap hacked for $21 million, hacker returns large portion

Transit Swap is a multi-chain decentralized exchange aggregator. Users of the project were collectively exploited for approximately $21 million when an attacker took advantage of a bug in the project's smart contract that allows arbitrary external calls. The attacker used this vulnerability to steal tokens that had been approved for swap by Transit Swap users. Amusingly, the hacker lost about $1 million of their ill-gotten funds to a MEV bot that was able to successfully front-run the swap.

Multiple cryptocurrency security companies collaborated to investigate the hack shortly after it occurred. Transit Swap announced that "through the joint efforts of the SlowMist security team, the Bitrace security team, the PeckShield security team, the TokenPocket team and the TransitFinance technical team, we now have a lot of valid information such as hacker's IP, email address, and associated on-chain addresses." They subsequently announced that the attacker had returned around 70% of the stolen funds ($14–$15 million).

NFT trading fantasy league emerges to provide traders with the "sweet adrenaline" of flipping NFTs that they're missing in the bear market

"Most of us are too poor to be spending the [ether] we have left on huge sweeps, but we still want that sweet adrenaline rush of flipping JPEGs" said Brian Krogsgard, co-founder of the Flip NFT platform, in a statement you would think might have raised a red flag or two in his own mind. Evidently NFT traders are now being pitched NFT trading fantasy leagues, where they will be able to paper trade NFTs without risking their real-life fake money. Unfortunately for the traders, the app uses actual NFT price data, so the huge NFT project bull runs that some traders experienced during the NFT mania of 2021 will likely not emerge here, either.

One misconfigured node apparently takes the entire Solana network offline

In the latest illustration of our marvelous new decentralized, resilient blockchain future, one single Solana node apparently was able to take down the entire Solana network. Solana outages are nothing new, and tend to end (as this one did) with Solana issuing instructions to the people who run their validators, asking them all to turn them off and on again.

A validator operator reported that "It appears a misconfigured node caused an unrecoverable partition in the network." It's a bit startling that, in a supposedly decentralized network, one single node can bring the entire network offline.

Elon Musk's texts reveal his ideas for a blockchain-based Twitter

Texts exposed in the discovery process during the Elon Musk v. Twitter lawsuit have exposed not just a number of high-profile people embarrassingly simping for Musk, but also Musk's ideas about Twitter-but-on-the-blockchain.

In a text sent to his brother, Musk wrote, "I have an idea for a blockchain social media system that does both payments and short text messages/links like twitter. You have to pay a tiny amount to register your message on the chain, which will cut out the vast majority of spam and bots. There is no throat to choke, so free speech is guaranteed." In another message, to the president of his Boring Company, Musk narrowed in on an amount: 0.1 Doge per tweet or retweet. At today's prices, at 0.1 Doge per tweet, 1¢ would buy you about 160 tweets.

Musk's idea that there is some magical amount of money that ordinary people are willing to pay to send out a tweet or a retweet, but that spammers are not willing to pay to spam, seems preposterous. And given that "free speech is guaranteed" and blockchains are immutable, he would really need to hope that he finds this amount, because otherwise there's going to be a lot of spam permanently stored on Web3 Twitter.

As with many of Musk's ideas, the idea for a blockchain-based "free speech" social network is not new. On one of the more popular such services, BitClout, the home page shows posts such as "are there actually real ppl here, or only 'marketing' and ai-generated art?" It costs $0.01 to create a profile or to begin a tutorial on how to use the site. Out of the list of ten top-ranked creators on the site, the top two (Elon Musk and Naval Ravikant) haven't even signed up yet, and another five haven't posted in months.

Musk appeared to later toss out his blockchain social network idea, though not for spam reasons: "Blockchain twitter isn't possible, as the bandwidth and latency requirements cannot be supported by a peer to peer network, unless those 'peers' are absolutely gigantic, thus defeating the purpose of a decentralised network".

MEV bot earns over $1 million in profit, loses almost $1.5 million in hack an hour later

MEV bots are a controversial category of bots who frontrun transactions in ways that are often detrimental to users. One such bot, known as 0xbadc0de, earned a windfall when a trader tried to sell 1.8 million cUSDC (USDC on the Compound protocol) – notionally worth $1.85 million – but only received $500 in assets in return due to low liquidity. The MEV bot, however, profited 800 ETH (~$1 million) from arbitrage trades surrounding the sale.

One hour later, a hacker exploited a vulnerability in the bad code of 0xbadc0de, which allowed them to withdraw all of the ETH in the contract: not just the ETH they'd recently earned in the huge trade, but all 1,101 ETH (~$1.5 million).

The bot operator subsequently sent a message to the thief via an Ethereum transaction, writing that if the thief returned the funds, they would give them 20% as a "bounty". Otherwise, they wrote, "we will have no choice but to pursue accordingly with everything in our power with the appropriate authorities to retrieve our funds". The thief replied by mimicking the message, writing, "What about normal people who you have mev'ed and literally fucked them? Will you return them?" and suggesting that if they returned all of the funds they'd extracted, the thief would pay them 1%.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.