Blockchain security researcher zachxbt responded to the hack by saying, "I do not feel bad for the team as this CEX processed a good bit of volume from pig butchering, romance, investment scams." Elsewhere he suggested that hacks of "sketchy offshore exchanges" would be a positive for the crypto industry, serving as a "natural cleanse".
BigONE hacked for over $27 million
The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's hot wallets after gaining access to the company's production network. BigONE stated they would fully cover the loss.
Arcadia Finance exploited for $3.5 million
The Arcadia Finance defi margin protocol was exploited for $3.5 million after an attacker found a vulnerability in a project smart contract. The attacker quickly swapped the stolen tokens and bridged them from Base to the Ethereum mainnet. The attacker stole the funds in two separate transactions that were more than four hours apart.
Arcadia is backed by Coinbase Ventures. The project acknowledged the hack, encouraging users to revoke permissions.
MoonPay apparently gets scammed out of a $250,000 donation to Trump inaugural fund
In a seizure request filed by the DC Attorney General, the Justice Department outlined how a Nigerian scammer used the classic "lowercase Ls look like uppercase Is" trick to steal $250,000 — apparently from the MoonPay crypto exchange. Using the email address steve_witkoff@t47lnaugural.com, the scammer directed "Ivan & Mouna" to deposit $250,000 in Tether to a specified wallet address. Mouna then replies to confirm the transaction, providing a link to a blockchain explorer. The FBI was only able to recover around 16% of the stolen funds, issuing seizure requests to Tether and Binance that regained control of $40,353.
As it happens, "Ivan & Mouna" match the names of MoonPay CEO Ivan Soto-Wright and CFO Mouna Siala. The crypto address used to send the transaction also appears to be one of MoonPay's company crypto wallets.
MoonPay had told Fox Business shortly before the transaction that they intended to contribute an undisclosed amount to the Trump inaugural fund.
Only weeks after the botched donation, MoonPay was selected as a payment processor for Trump's $TRUMP memecoin.
- "The DOJ Seemingly Outed Top Crypto Executives as Falling for a Nigerian Crypto Scam", NOTUS [archive]
- Complaint in US v. Approximately 40,353 USDT.ETH Cryptocurrency [archive]
Kinto token crashes; community claims rug pull, Kinto claims hack
The price of Kinto's $K token suddenly crashed 90%, sparking accusations of a rug pull. A tranche of investor tokens had just been unlocked recently, leading some to speculate that investors dumped their tokens on retail buyers.
However, Kinto blamed the token crash on the exploit that was recently disclosed by VennBuild, claiming on Twitter that "we got hacked by a state actor". Venn seemed to corroborate Kinto's explanation that the crash was related to the exploit, tweeting that although they had tried to warn all vulnerable projects before publicly disclosing the bug, "Sadly the Kinto token was not found despite being vulnerable, and exploited without time to mitigate."
Kinto has announced a plan to try to fundraise to cover a $1.4 million loss in liquidity, then create a new $K token based on a snapshot of previous token holdings.
$2.2 million in user funds stolen from Texture; hacker returns 90%
An attacker exploited the Solana-based lending protocol Texture, stealing $2.2 million in user funds from one of the project's vaults.
Shortly after the attack, Texture sent a message to the thief: "We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%. You made an opsec mistake, but it’s not too late to avoid escalating the situation."
The threat and "bounty" offer apparently worked, and the hacker returned $1.98 million, keeping $220,000 as a so-called "greyhat bounty". "As the hacker has fulfilled their side of the agreement, we will not pursue the matter further," wrote Texture.
Security researchers disclose exploit that put over $10 million across multiple protocols at risk
On July 9, security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of smart contracts, which one of the researchers said left "over $10,000,000 at risk for months". The researchers suggested that the backdoor was likely created by Lazarus, a North Korean state-sponsored hacking group.
According to the researchers, they found thousands of contracts affected by the exploit, and worked with multiple protocols to upgrade contracts or withdraw vulnerable funds. The researchers theorized that the attackers were "likely a sophisticated group waiting for a bigger target, not small wins."
GMX exchange hacked for $42 million
The decentralized perpetual exchange GMX has been exploited for $42 million. The exploit involved a vulnerability in one version of the exchange's price calculation smart contract. GMX paused some trading while they investigated the hack, and placed other temporary restrictions on the platform.
GMX offered a 10% "bug bounty" to the hacker if they returned the funds. The attacker later returned $40.5 million in stolen assets; unusually, this is more than the 90% return requested by GMX.
Resupply stablecoin lender exploited for $9.3 million
An attacker was able to exploit a vulnerability in a smart contract used by the Resupply stablecoin lender to extract about $9.3 million from the project. After depositing around $200,000, they were able to inflate the price of another token and borrow almost $10 million.
Resupply announced the theft shortly afterwards, and stated that they had paused the vulnerable contract.
Resupply is a fairly new project, having officially launched on March 20 — about three months before the exploit.
Self Chain fires founder after $50 million scam allegations
On June 19, a company called Aza Ventures published allegations on Telegram that they had been scammed by someone promising to facilitate OTC sales of steeply discounted tokens for projects like SUI and NEAR. They claimed they had discovered the whole scheme was a Ponzi.
Aza Ventures was initially hesitant to name the scammer, hoping they could pressure the scammer to return the stolen funds, but later reports quickly named Self Chain founder Ravindra Kumar as the alleged culprit. Kumar posted on June 19, "I've been accused of serious wrongdoing, which is completely false."
On June 23, Self Chain announced that they had terminated Kumar as CEO "due to recent developments that diverge from the founding vision".
New York scammer "daytwo" steals $4 million from Coinbase users, blows most of it gambling
Christian Nieves, a New York man who goes by the handles "daytwo" and "PawsOnHips", has reportedly stolen more than $4 million through a theft ring where he impersonates Coinbase customer support. An investigation by crypto sleuth zachxbt outlined thefts from multiple Coinbase users, including one elderly victim who lost $240,000.
zachxbt noted that Nieves seems to have a gambling problem, depositing much of the stolen funds into crypto gambling websites. "You’ll see onchain how casino deposits get smaller as he loses funds," wrote zachxbt. "Recently this escalated to the point where he started stealing cuts from accomplices." He also appears to have used some of the stolen funds on luxury goods, including a Corvette and expensive watches.
- Tweet thread by zachxbt [archive]