Sam Bankman-Fried sentenced to 25 years in prison

Sam Bankman-FriedSam Bankman-Fried (attribution)
Sixteen months after the collapse of his FTX cryptocurrency exchange, Sam Bankman-Fried has been sentenced to 25 years in prison. He has also been ordered to pay an $11 billion monetary judgment.

The sentence follows his conviction on all seven felony charges in November 2022 — a decision reached by the jury within hours of beginning their deliberations.

Bankman-Fried intends to appeal the conviction.

  • Minute Entry for proceedings held before Judge Lewis A. Kaplan: Sentencing held on 3/28/2024 for Samuel Bankman-Fried [archive]

KuCoin and founders criminally charged

The cryptocurrency exchange KuCoin and two of its founders, Chun Gan and Ke Tang, were indicted in the Southern District of New York on charges of conspiring to operate an unlicensed money transmitting business and conspiring to violate the Bank Secrecy Act. Both founders are Chinese citizens, and neither has been located or arrested.

According to prosecutors, they tried to conceal that the exchange had customers from the United States in order to claim that they were exempt from US anti-money laundering laws. They also marketed KuCoin as a KYC-optional exchange where customers from the US could operate unverified accounts.

The charges against the founders carry maximum sentences of five years in prison.

"Munchables" crypto game exploited for $62.5 million

A small round furry shape with big blue eyes and thin legs, somewhat resembling a soot spriteA Munchable (attribution)
The "Munchables" crypto game explains: "Schnibbles grow on every realm across the Munchable's world. Each realm has their own unique and distinctive schniblet, and the Munchables react differently based on their compatibility to the schniblets fed to them. When creating an account for the Munchables, you must choose the location of your snuggery." Right then.

Things went awry in the land of the schnibbles and snuggeries when an attacker siphoned around 17,400 ETH ($62.5 million). Various descriptions of the attack circulated, with blockchain sleuth zachxbt attributing it to a recently hired developer, and crypto developer 0xQuit claiming the theft appeared to have been "planned since deploy".

Some began discussing the possibility that the Blast layer-2 blockchain might forcibly roll back the chain to "undo" the hack. Some have argued this is contra to the crypto ethos or would set a bad precedent, while others have argued that as a blockchain focused more on gaming and experimentation and less on decentralization and other facets of crypto ideology, it would be a reasonable step.

Solana memecoin frenzy sparks trend of incredibly racist meme tokens

A screenshot of many Solana tokens on DEXScreener, including:
JEWS "Jews did 911"
卐 "NAZI"
N*** TRUMP "N*** Trump"
N***OLAS "N***OLAS CAGE"
COVID "chinadidcovid"
N***Butt "N*** Butt Token"
APERAH "aperah wenfree"
BDN "Big Dick N***"
CHIGGA "Chinese N***"
HITLER "I was right"
BOJE "Book of J***ers"
WODNDOR "AuschwitzWoodenDoor"
LIBTARD "Go Woke Go Broke"
BULLJEW "BULL JEW"
wifcancer "kate wif cancer"
N*** TRUMP "N*** TRUMP 2024"
GayPedo "Gays Are Pedos"
J*** "J*** Buice"Racist Solana tokens on DEXScreener (attribution)
Solana memecoin trading has been booming lately, with people making money by speculating on tokens themed around various memes and jokes. Amid an explosion in trading innocuously-named meme tokens like dogwifhat has also been a rise in blatantly racist tokens, named after racial slurs, featuring racist caricatures, or named after antisemitic conspiracy theories.

The tokens became so popular that projects showing newly-released tokens, like DEXScreener, became full of such tokens. DEXScreener released a statement on Twitter to say that "We'll be reviewing our token profile moderation policy in the coming days. We won't be the gatekeepers of what happens on-chain, but we're definitely not here to spread hate." The replies to the tweet were, predictably, full of people accusing DEXScreener of "censorship" and "going woke".

Previously rug-pulled Lucky Star Currency project somehow rugs again

The astrology-based Lucky Star Currency project rug-pulled for $1.1 million in October 2023. You'd think that might be the end of it, but on March 22, 2024, ownership of the project was transferred to a malicious smart contract that then drained tokens priced at almost $300,000 from those who still held them.

You almost have to admire the tenacity.

Rob Robb robs victims of $1.2 million

If you're named Rob Robb, do you have any choice but go into a life of thievery?

Robb, also known as "pokerbrat2019", convinced at least 11 people to give him a total of $1.2 million, which he said he would use to develop various MEV bots. Instead of doing so, he pocketed the money, offering a litany of excuses for why the project was continually delayed.

Robb had previously been convicted of a $4 million scam in 2002 after soliciting funds for an online gambling platform, instead using the money to buy a car and fund his own gambling.

TICKER project developer steals $900,000

Tweet by MIDA (@brgMIDA): "im not sorry for any of you, tbh
you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich, you were expecting to receive 10,100,1000x money for that donation or wtf, "they dont tell us it gonna 1000x when they are down the streets tho", cuz you would have otherwise mfer? go touch grass anon, and apply donating from hands to hands to people in needs in your closest physical community and turn the world a better place instead, i love you
social contracts do not have a place on the blockchain anons, i don't know why it is not much more evident for all of you"Tweet by TICKER thief (attribution)
A developer brought on to run a presale for the $TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.

After the thief was identified by blockchain sleuth zachxbt, they posted a long message on Twitter, writing, "im not sorry for any of you, tbh. you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich". The thief later spent some of the money on Milady NFTs and memecoins.

zachxbt stated that he had identified the developer, including his full name, location, and other details. He encouraged those who were scammed to contact him if they were interested in pursuing legal action.

Super Sushi Samurai exploited by whitehat for $4.6 million

Super Sushi Samurai, a new blockchain game on the Blast layer-2 blockchain was exploited for $4.6 million when an attacker discovered a vulnerability in its smart contract. A bug in the mint functionality caused users who transferred their $SSS balance to themselves to receive twice as many tokens. An attacker took advantage of this to drain $4.6 million from the project, causing the $SSS token to plummet by 99%.

The attacker contacted the project shortly after the theft, claiming to be a whitehat. They wrote, "Hi team, this is a whitehat rescue hack. Let's work on reimbursing the users." Super Sushi Samurai later confirmed that the funds had been returned, minus a 5% "bounty". The team also gave the whitehat an additional 2.5% in SSS tokens and land, and brought them on to the project team as a tech adviser.

AirDAO exploited via social engineering attack

An attacker used social engineering techniques to gain access to the AirDAO project's liquidity pool. They then were able to drain 126.5 ETH (~$551,540) and 41.6 million AMB (notionally priced at around $500,000, but not very liquid). The thief then transferred the stolen tokens through various exchanges.

AirDAO announced the theft the following day, and stated that they were working to track and freeze stolen funds. They also offered the attacker a 10% "bounty" if they chose to return the stolen assets.

Dolomite exchange exploited for $1.8 million

The Dolomite DEX suffered a $1.8 million theft as an exploiter was able to take advantage of a vulnerability in a smart contract that had been deployed in 2019. Although most contemporary users of the exchange use a version deployed on the Arbitrum layer-2 network, the old contracts were still usable on Ethereum.

An attacker apparently discovered a reentrancy bug allowing them to drain user funds from those who had approved the old contract. Altogether, around $1.8 million was taken before the team disabled the contract. The attacker quickly tumbled the stolen funds through Tornado Cash.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.