The blunder was likely due to the authorities' lack of knowledge about cryptocurrency. The move was somewhat akin to authorities publicly posting a username and password for a criminal's bank account — though that would likely be an easier mistake to unwind.
Crypto stolen from Korean authorities after they post wallet seed phrase
When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were proudly arranged on the table next to Ledger hardware wallets for the photo op. Because it only takes a seed phrase to gain control of a crypto wallet, someone who saw the press release quickly acted to move around 4 million PRTG tokens from the wallet. The tokens are notionally worth $4.9 million, although the token is not highly liquid.
- "$4.8M in crypto stolen after Korean tax agency exposes wallet seed", Bleeping Computer [archive]
South Korean prosecutors lose $22 million of seized crypto to the wallet inspector, later recover it
Staff members working for South Korean prosecutors, for some reason, decided to use a "wallet checking tool" during an August 2025 audit of seized crypto assets. The tool they selected turned out to be a phishing tool, and five wallets were drained of 320 BTC.
On February 19, the office announced they had recovered the stolen assets and identified the thief.
Cardano founder calls the FBI on a user who says his AI mistake caused a chainsplit
On November 21, the Cardano blockchain suffered a major chainsplit after someone created a transaction that exploited an old bug in Cardano node software, causing the chain to split. The person who submitted the transaction fessed up on Twitter, writing, "It started off as a 'let's see if I can reproduce the bad transaction' personal challenge and then I was dumb enough to rely on AI's instructions on how to block all traffic in/out of my Linux server without properly testing it on testnet first, and then watched in horror as the last block time on explorers froze."
Charles Hoskinson, the founder of Cardano, responded with a tweet boasting about how quickly the chain recovered from the catastrophic split, then accused the person of acting maliciously. "It was absolutely personal", Hoskinson wrote, adding that the person's public version of events was merely him "trying to walk it back because he knows the FBI is already involved". Hoskinson added, "There was a premeditated attack from a disgruntled [single pool operator] who spent months in the Fake Fred discord actively looking at ways to harm the brand and reputation of IOG. He targeted my personal pool and it resulted in disruption of the entire cardano network."
Hoskinson's decision to involve the FBI horrified some onlookers, including one other engineer at the company who publicly quit after the incident. They wrote, "I've fucked up pen testing in a major way once. I've seen my colleagues do the same. I didn't realize there was a risk of getting raided by the authorities because of that + saying mean things on the Internet."
Cryptomus fined $127 million for compliance failures
The Canadian cryptocurrency exchange Cryptomus has been fined CA$177 million (US$127 million) by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) for failing to report more than 1,000 suspicious transactions linked to darknet markets, distribution of child sex abuse material, fraud, ransomware, and sanctions evasion. It additionally failed to report more than 7,500 transactions originating from Iran, and more than 1,500 high-value transactions.
Cryptomus was temporarily banned from trading in British Columbia in May. The CA$177 million fine smashes Canada's previous record for the largest penalty they've ever imposed. That honor previously went to KuCoin, another crypto exchange fined CA$20 million (US$14.3 million) in September.
Bitget accuses "professional arbitrage" group of profiting $20 million from VOXEL market manipulation
After trading — and prices — surged in Bitget's market for the thinly traded video game token VOXEL, the company has accused a "professional arbitrage" group of "improperly" profiting $20 million from manipulating the market. A Bitget executive stated on Twitter that they had issued legal demands to eight accounts they said were responsible for "instigating" the unusual trading activity.
Galaxy Digital agrees to $200 million settlement over alleged LUNA manipulation
While many crypto firms have escaped enforcement actions from federal regulators thanks to massive industry lobbying, state enforcers are still on the beat. Crypto investment firm Galaxy Digital, headed by Mike Novogratz, has agreed to pay $200 million to settle market manipulation charges from the New York Attorney General, which accused Novogratz and his firm of promoting the token without disclosing they had acquired discounted tokens they were selling off at substantial profit.
In addition to promoting the token through the usual means, Novogratz got a large tattoo on his shoulder representing the token. Sadly for him, although the LUNA token would later fade away after crashing in spectacular (and fraudulent) fashion, tattoos are forever.
- "Galaxy Digital Settles with NYAG for $200 Million Over Luna Ties", Wall Street Journal [archive]
Trader accidentally sends 2,000 SOL to bankrupt FTX
A former FTX customer made an expensive mistake in October 2023 when he transferred 2,000 SOL (~$64,000 at the time, almost $400,000 today) to an old FTX account, about a year after the company went bankrupt. Unlike you might expect with an attempt to wire traditional funds to a bank account that's been closed, the funds didn't bounce back. Instead, they've been sitting around under control of the FTX bankruptcy estate, requiring the former customer to seek a court order to get his funds back.
All in all, this customer is actually pretty lucky as far as erroneous transfers go. FTX's bankruptcy team still has access to FTX wallets, and are still actively working on recovering and disbursing assets to creditors. In some cases in the crypto world, erroneous transfers are lost forever.
KuCoin pleads guilty, pays nearly $300 million fine in criminal case
The KuCoin cryptocurrency exchange has pleaded guilty to a charge filed against them in March that they were operating an unlicensed money transmitting business. Since at least 2019, the company willingly ignored US laws requiring them to implement anti-money laundering and know-your-customer programs. Since its founding in 2017, the business permitted around 1.5 million users based in the US to use the platform, despite its lack of registration or compliance with US laws.
According to US prosecutors, "KuCoin was used to transmit billions in suspicious transactions and potentially criminal proceeds, including proceeds from darknet markets and malware, ransomware, and fraud schemes."
KuCoin has agreed to pay $297 million in penalties, and will leave the US market for at least two years. Furthermore, two company founders who were also charged will no longer work for the company. Prosecutors reached a deferred prosecution agreement with the two founders, who will also forfeit around $2.7 million each.
- "Kucoin Pleads Guilty To Unlicensed Money Transmission Charge And Agrees To Pay Penalties Totaling Nearly $300 Million", U.S. Attorney's Office, Southern District of New York [archive]
Digital Currency Group settles with the SEC for $38 million over misleading statements surrounding Genesis collapse
The Digital Currency Group has agreed to settle with the SEC for $38 million over charges that its Genesis subsidiary misled investors. When the hedge fund Three Arrows Capital blew up and defaulted on a margin call in June 2022, DCG publicly downplayed the fact that their entire business was at risk, and overstated its ability to bail out the Genesis subsidiary by taking on its liabilities and doing some weird accounting maneuvering involving a $1.1 billion promissory note. In November, with further crypto market turmoil, Genesis could no longer meet withdrawal requests and collapsed. The company filed for bankruptcy the following January.
- Order from the SEC
BitMEX fined additional $100 million for regulatory violations
Although BitMEX had previously tried to argue that they should not face additional penalties after being fined $110 million in 2024 for Bank Secrecy Act violations, a judge has disagreed. BitMEX pleaded guilty to failing to implement an adequate anti-money laundering program, as required by US regulations. During the five-year period of "willful" non-compliance, the firm allegedly drew $1.3 billion in revenues.
BitMEX was not supposed to serve US customers, yet Americans made up around 11.5% of their customers. "BITMEX policies nominally in place to prevent such trading were toothless or easily overridden to serve BITMEX's bottom line goal of obtaining revenue through the U.S. market without regard to U.S. criminal laws," alleged a press release by the US Attorney's Office of the Southern District of New York. They added: "Corporate executives took affirmative steps purportedly designed to exempt BITMEX from the application of U.S. laws like AML and KYC requirements, despite knowing of BITMEX's obligation to implement such programs by operating in the U.S. As part of BITMEX's willful evasion of U.S. AML laws, the company lied to a bank about the purpose and nature of a subsidiary to allow BITMEX to pump millions of dollars through the U.S. financial system."
- "Global Cryptocurrency Exchange BitMEX Fined $100 Million For Violating Bank Secrecy Act", press release by the U.S. Attorney's Office, Southern District of New York [archive]
- "BitMEX hit with additional $100 million fine over Bank Secrecy Act violations: report", The Block [archive]