Short of finding a vulnerability in Renzo, the trader's only real choice is to plead with Renzo to change their smart contract in such a way as to release the funds. While this is technically possible, Renzo has told the trader they could not grant his request due to "regulatory limitations".
Trader reveals he lost $28 million to bad copy-paste
After apparently exhausting all his other options, a trader has put out a call to "all skilled hackers and white hats out there" to help him recover 7,912 Renzo staked ETH (ezETH) he inadvertently sent to an inaccessible address back in June. The tokens were priced at a little over $28 million at the time, and are currently priced at a little less than $26 million. According to the trader, he copied the wrong address to his clipboard before making the trade, which rendered his funds permanently inaccessible.
Kujira token tanks as team's leveraged bets melt down
The team behind the Kujira project wound up with around $2 million in bad debt after taking some of their operational funds and using it to make leveraged bets on their own platform. They blamed "a series of events over the last few months, including exploits, socially engineered attacks and fallouts within the ecosystem" for causing the positions to be liquidated. The $KUJI token price crashed by more than 60% as a result of the team's poor risk management.
The Kujira team apologized for the fiasco, and announced a plan to create a DAO to take over the project treasury.
Blockchain developer loses over $48,000 after posting private key to Github
A blockchain developer posted on Twitter that he had lost almost $50,000 after his cryptocurrency wallet was drained. He explained that he had been working on a software project on Github in a private repository that contained his wallet's private key. In order to apply for a funding grant from the Optimism project, he had to make the repository public. However, he forgot that the secret key was in the repository.
Generally, it is very bad practice to store sensitive secrets in Github, even when projects are set to private.
"Got drained of everything," he wrote on Twitter. A commenter asked how long it took for the attacker to steal the money after the private key became publicly visible. "2 min", he replied.
Someone accidentally burns $1.36 million Tether
Someone accidentally threw away $1.36 million when they accidentally sent Tethers to the Tether contract address — making them permanently inaccessible in a process known as "burning". This is a rather common phenomenon in crypto, where it's easy to accidentally copy/paste the wrong address.
Most experienced crypto users have adopted the habit of sending small test transactions before transferring large amounts of tokens, to first check that they're using the correct address. Oddly, this person did so in this case, but then went right ahead and transferred the remaining tokens to the erroneous address.
The person may have lucked out that they were using a centralized stablecoin like Tether, whose operators hold a substantial amount of control over freezing, destroying, and creating new Tethers — and could feasibly replace the burned tokens.
Euler Finance cofounder loses private key and, with it, $3.8 million
As Euler Finance tried to recover from a massive hack in March 2023, and as founder co-founder Michael Bentley was dealing with matters in his personal life, he "made an error and it turns out that one of the private keys [to his personal crypto wallet] is no longer recoverable". The private key would have allowed him to recover assets from his hardware wallet, which had made his assets inaccessible after a malfunction.
With the malfunctioning hardware wallet and no recovery key, Bentley has lost access to assets including 1.2 million EUL tokens — over 4% of the total EUL token supply. These tokens are priced at about $3.8 million today, though at other times the tokens would have been worth up to about $15 million.
"I've now lost a substantial percentage of the crypto assets I held in cold storage, accumulated over more than seven years, including the majority of the EUL allocated to me for participating in Euler governance," said Bentley.
Yearn Finance accidentally swaps its entire Ip-yCRVv2 treasury, asks nicely for the money back
Periodically, Yearn Finance converts a small quantity of its treasury tokens into stablecoins to spend on operations. However, something went terribly wrong during this process when they went to perform the swap and erroneously converted the entire amount — nearly 3.8 million Ip-yCRVv2 tokens — into a stablecoin. According to one Yearn Finance employee, this pool of tokens comprised around 3% of the project's treasury.
Because there was not sufficient liquidity for such a large trade at the going price, the trade was ultimately fulfilled, but at a 63% loss. Before the trade, that quantity of tokens was priced at around $2.28 million; however, Yearn received only around $780,000 in stablecoins because of the slippage.
Yearn quickly identified the issue and embarked on a campaign to ask nicely for the counterparties in the trade to please give some of their profits back. In on-chain messages, Yearn wrote: "one of yearns multisigs made a costly mistake last night that affected a critical source of yCRVs liquidity. we identified you as having made a profit off of this and are kindly requesting that you return as much as you see reasonable to yearns main multisig: ychad.eth. sorry we have to ask this, but hope you can understand." Doesn't hurt to ask, I guess. So far, only one wallet has taken them up on the offer, returning 2 ETH (~$4,400).
- "Incident disclosure - 2023-12-11", Yearn Finance Github [archive]
- On-chain message from Yearn Finance [archive]
Bitcoiner spends $3 million on transaction fee
A Bitcoiner making a large transaction ended up spending 83.64 BTC (~$3 million) of the 139.42 BTC (~$5.1 million) transaction on transaction fees, effectively spending $3 million to send what ended up being a $2 million transfer. This apparent error has become the largest transaction fee in Bitcoin history.
A person then claimed on Twitter to be the owner of the wallet, verifying the claim by signing a message from the wallet that paid the fee. They claimed that they had been hacked, and that an error on the attacker's part led to the huge fee payment. AntPool, the mining pool that mined that block and earned the huge fee, later agreed to return the fee, though it's not clear if or how they verified that the person to whom they're returning the fee wasn't in fact the attacker who had obtained control of the wallet.
A similar fee overpayment incident occurred in September, when the Paxos crypto firm erroneously paid a $500,000 fee to send $1,865. They attributed the huge fee to a bug in their software, and the F2Pool mining pool (who had mined the block and received the fee) opted to return the overpayment.
Raft exploited for $3.3 million, then hacker screws up
An attacker exploited the Raft defi project after finding a vulnerability that allowed them to mint 6.7 million of Raft's R stablecoin without any backing.
The attacker then went to convert the R into ETH, which they would then be able to launder and cash out. However, an error in the attacker's code caused 1,570 ETH ($3.25 million) to be sent to the burn address, rendering it permanently inaccessible to everyone including the hacker. Only 7 ETH remained. However, because they had to spend ETH to fund the attack, the hack ultimately resulted in a loss of 4 ETH (~$8,000) for the perpetrator. Oops.
As a result of the hack, the R stablecoin lost its dollar peg, plummeting down to around $0.70. Raft acknowledged the attack and announced that they had paused minting.
Bored Ape collectors experience searing eye pain after "ApeFest" party
Bored Ape collectors attending an ApeFest party in Hong Kong have now been subjected to the kind of eye pain the rest of us have felt for years having to look at their hideous, pricey JPEGs.
The going theory is that event organizers skimped on lighting costs by using UV lights intended for sanitization, not for entertainment, causing burns to the eyes and skin. The eye condition, photokeratitis, is better known as "snow blindness" or "welder's flash", as it more typically affects people who haven't worn proper eye protection while welding or while exposed to sunlight reflected from ice and snow.
Several attendees reported having to seek emergency medical treatment after experiencing excruciating eye pain and vision problems, and tweet threads began circulating giving various other ApeFest attendees advice on recovering from the painful condition.
Bored Ape creator Yuga Labs belatedly issued a tweet two days after the incident, claiming only a small fraction of attendees had experienced "eye-related issues", but encouraging anyone with symptoms to "seek medical attention just in case".
Gitcoin loses $500,000 in transfer SNAFU
After agreeing to allocate $500,000 to "MMM" (merchandise, memes, and marketing — no, really), Gitcoin screwed up sending the money so badly that it's gone forever. Whoever was in charge of making the transfer accidentally pasted the Gitcoin contract address into the recipient field, rendering the tokens permanently inaccessible. Such mistakes can be devastating, and yet are very common in the crypto world, where transfers are irreversible.