Prior to these attacks, FEG had earned some notoriety from a May 2021 Vanity Fair article outlining an alleged pump-and-dump scheme, titled "Inside the Rise and Fall (and Rise and Fall) of Shit Coins". Despite the bad press, much of the FEG community maintained that the article was a smear and nothing more than an attempt by the author to create FUD. "You could literally take every token and this would apply to everyone..." wrote a moderator of the official FEG subreddit.
Flash loan attacks on "Feed Every Gorilla" token take $1.9 million
People continue to wait for a public accounting of what happened to Terra's $3.5 billion in Bitcoin reserves
Terraform Labs CEO Do Kwon tweeted on May 13 that "We are currently working on documenting the use of the LFG BTC reserves during the depegging event. Please be patient with us as our teams are juggling multiple tasks at the same time." It's not clear when this documentation will be released. Binance CEO Changpeng Zhao joined the group of people asking about the BTC reserves, tweeting, "I would like to see more transparency from them. Much more! Including specific on-chain transactions (txids) of all the funds. Relying on 3rd party analysis is not sufficient or accurate."
Blockchain insurance company InsurAce shortens their claims window for Terra holders to just a week
Altogether, InsurAce says they paid out about $11 million to around 173 claimants as a result of the depeg. Evidently there were 61 others who did not submit their claims within the deadline.
SpiritSwap is the latest victim of a domain hijacking attack
The hacker only managed to exfiltrate around $18,000 before being discovered, and SpiritSwap shut down their swapping through their router to prevent the attack from continuing.
MM.Finance suffered a similar attack earlier in the month, losing $2 million after an attacker gained control of the domain and swapped in their own address to siphon funds.
Phishing attack targets users of sites including Etherscan and CoinGecko
Crypto.com reverses some Luna trades, offers $10 consolation prize
On May 13, the company announced it would be reversing transactions made during an hour-long period on May 12 when "users who traded LUNA were quoted an incorrect price". Some users were able to profit off the discrepancy, but later were told that their transactions were being reversed. Crypto.com offered $10 in CRO, their cryptocurrency token, "for the inconvenience caused". Crypto.com halted Luna trading after discovering the issue, and it remains halted as of May 13.
The issue sounds quite similar to issues that affected various defi projects around the same time. Several projects who failed to account for unexpected Luna price data coming from blockchain oracles including Chainlink suffered major attacks.
- "LUNA Trading Incident on Crypto.com App", Crypto.com
Unexpected oracle data in the wake of Terra blockchain halt enables multiple attacks on other platforms
$13.5 million was fraudulently borrowed from the Venus protocol on BSC. Blizz Finance on Avalanche reported their protocol had been entirely drained, amounting to around $8.3 million. Blizz subsequently announced in a post-mortem that "Blizz has no treasury or development fund and a significant portion of the stolen assets belonged to our team. As such we regret to announce the protocol has been paused and we do not intend to resume operations."
FBI charges EminiFX CEO with fraud
Alexandre was sentenced to nine years in prison on July 18, 2023 and ordered to pay $249 million in forfeiture and $214 million in restitution.
Terra blockchain is halted after token crash increases threat of governance attacks
Terra only announced this after halting the network, giving their users no opportunity to try to withdraw funds. They have made no announcement about whether or when they intend to bring the network back online, although it seems safe to assume that the enormous loss of confidence in Terra would make any restart short-lived.
Tether loses peg, drops below $0.95
Tether began to recover somewhat as the day progressed, gradually returning to above $0.99. However, the de-peg has clearly shaken the cryptocurrency ecosystem. The heavy reliance on Tether means that a substantial or protracted loss of its peg would be devastating, and the open secret that Tether does not have the backing assets it once claimed has intensified fears about a possible run on Tether.
BitPrime exchange forced to pause trading due to lack of liquidity
- "Important Notice For All Customers", BitPrime
CoinDesk reports that Terra's Do Kwon was behind another failed algorithmic stablecoin project
Do Kwon has never disclosed his involvement with this failed project. CoinDesk wrote that although their "default position is to respect the privacy of pseudonymous actors with established reputations under their well-known handles unless there is an overwhelming public interest in revealing their real-world identities", there was now "such public interest as Kwon's UST stablecoin death spirals, wreaking havoc across the broader cryptocurrency market. Amid this precarious situation, investors deserve to know that UST was not Kwon's sole attempt at making an algorithmic stablecoin work." It was not made clear in the article when CoinDesk first learned of Kwon's connection to Basis Cash, though the authors later stated they'd learned of it the night before they published.
Terra $LUNA token drops in price by 98% amidst ongoing TerraUSD stablecoin collapse
Such a dramatic crash in a cryptocurrency that was in the top ten by market cap has been devastating to some. Some members of the Terra/Luna community on Reddit have spoken of being massively over-invested in Luna, with some describing losing their life savings and appearing to be in crisis.
- Luna/USD on CoinMarketCap
- National Helpline numbers
"Cryptoqueen" Ruja Ignatova added to Europol's most wanted list in connection to OneCoin ponzi scheme
OneCoin was a Bulgarian ponzi scheme in which investors bought packages of "tokens" with which they would supposedly "mine" cryptocurrency. Despite advertising as a decentralized cryptocurrency, OneCoin in reality was centralized on the company's servers. The scheme attracted around $4 billion in investments since its creation in 2014, and several people associated with the project have pled guilty to money laundering and fraud charges.
Coinbase adds new language regarding bankruptcy to its latest quarterly report
This serves as a stark reminder to users who keep their cryptocurrency on exchanges, that although it is often a more user-friendly way to keep crypto (compared to self-custodying), it exposes users to risk like this.
Some members of the crypto community expressed shock, with Swan Bitcoin CEO Cory Klippsten tweeting, "Is this real?!?"
Former footballer Michael Owen claims his NFTs "will be the first ever that can't lose their initial value"
It appeared that Owen might have meant that there would be a lower bound on resale price of the NFTs, which is neither a new concept in NFTs (see Kaiju Kongz or Rich Bulls Club), nor does it mean the NFTs "can't lose their initial value". It just means that when the NFTs do lose their initial value, collectors can't recoup even a portion of their investment.
- "Michael Owen mocked after making bold claim that his NFTs can't lose value", Manchester Evening News
G.O.A.T. token developer rug pulls for $260,000
The remaining project developers have tried to remain positive and restore faith in the community, accusing the developer who sold of "gluttony" and "greed". The project also implemented a steep 50% tax on remaining holders to discourage them from trying to sell.
Founder of popular Azuki project admits to past rug pulls
This news came as a shock to many lovers of Azuki NFTs, pricey NFTs which regularly trade for 20–30 ETH (~$45,000–$70,000). Azuki is not without its own controversies, recently facing accusations of insider trading.
- "A Builder’s Journey", by Zagabond
- Tweet by zachxbt
TerraUSD (UST) stablecoin dramatically loses its peg
The incentives that should keep TerraUSD trading at $1 have been put to the test lately, with a combination of spiraling cryptocurrency prices across the board and some apparent large sell-offs by those holding UST. The coin dipped down to $0.992 on May 7 before some large buys returned it close to its peg. It dipped again by a smaller amount the following day, reaching a low of around $0.994. These values may seem like small changes on the micro scale, but when major stablecoins diverge from their peg by even fractions of a cent they have major effects throughout the cryptocurrency ecosystem.
On May 9, UST saw its most extreme de-peg, plunging to $0.95, then again to $0.84 later that day, despite Luna Foundation Guard liquidating $1.3 billion in Bitcoin reserves to try to restore the peg.
Do Kwon, cofounder of Terraform Labs, initially seemed to be doing his best to portray confidence on Twitter by tweeting things that give the exact opposite impression. "If yall girls are gonna fud, try to do it during my waking hours pls," he wrote on May 7. "You could listen to [crypto Twitter] influensooors about UST depegging for the 69th time. Or you could remember they're all now poor, and go for a run instead", he tweeted, somewhat blithely acknowledging UST's repeated history of losing its peg. His tweets seemed to take a more serious turn beginning the evening of May 8, as the situation grew more dire.
Attacker steals $3 million from Fortress Protocol
The exploit caused the $FTS token to drop 42%. The creators of Fortress urged people not to supply any assets to the pool as the attack was ongoing, and tweeted "we need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds!"
Cashera makes off with $90,000
Despite all this, the project deployer suddenly minted 23 million CSR tokens, which they swapped for almost $90,000 in other assets, crashing the token value in the process by about 70%. The development team also took the project website offline.
Hunter defi project rug pulls for $1.2 million
The rug pull was first noticed by CertiK, a blockchain security firm that had also audited the project. "We pointed out these major centralization issues in their audit," CertiK wrote on Twitter.
Fury of the Fur rug pulls for $300,000
However, the NFT launch went poorly — fewer than 2,800 NFTs were minted out of the total supply of 9,671 NFTs. The project tried to relaunch but failed to drum up much more interest, so the creators apparently decided to call it quits — while keeping the money, of course. The project founder left a long message to the community, in which they said that they would be shutting the project and spoke at length about how difficult it had been for them.
Coinbase's new NFT marketplace hasn't had more than 200 transactions in a day since its public launch
Although the company claimed to have 3 million users on its waitlist, the public marketplace release has gone shockingly poorly given Coinbase's existing reputation. The platform has yet to see more than 200 transactions in a given day (compared to OpenSea, which regularly sees more than 100,000 transactions a day, or its smaller competitor LooksRare which sees more than 1,000 daily). Furthermore, the platform has only broken $50,000 in volume traded on five of the days it's been publicly available, with some days seeing only a few thousand dollars traded. OpenSea has been doing over $150 million in daily volume in that same time frame, and LooksRare around $100 million (though it should be noted that the prevalence of wash trading, particularly on LooksRare, makes these numbers hard to evaluate).
U.S. Treasury sanctions cryptocurrency tumbler Blender, the first sanction of its kind
The U.S. began sanctioning various wallet addresses belonging to the hackers in mid-April, though have faced obstacles given that it is trivial for the hackers to create new wallets. The use of cryptocurrency tumblers (also called "mixers") has also stymied the government's attempts to limit the DPRK's access to the ill-gotten funds. Blender is not the primary tumbler that Lazarus has been using — that would be Tornado Cash, which they have used to tumble more than $213 million from the hack. Tornado has taken perfunctory steps to comply with sanctions, but nothing that would meaningfully impact Lazarus' ability to use the service.
- "U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats", U.S. Department of the Treasury
Someone hijacks a Ferrari domain to host scam NFT mint
Sadly for the scammer, the scam was discovered and shut down when they had only managed to scam one person. The unsuspecting collector sent 0.3 ETH ($800), which the scammer transferred to Tornado Cash.
- "Ferrari subdomain hijacked to push fake Ferrari NFT collection", BleepingComputer
Day of Defeat project rug pulls for $1.35 million
The project's website is one of the most absurd I've seen, promising that "all final holders will get 10,000,000x gains". Their project roadmap includes a "mystery plan" that results in a 1,000,000x price increase. Their FAQ states, "First of all, we promise that the team will not redeem the fund pool." Apparently projects based on pinky swears aren't great investments.
After the funds were drained, the project claimed that they had been compromised by an external actor, and had "reported to Binance and local authorities".
OpenSea Discord hacked
Given OpenSea's prominence, it's surprising that the hacker managed to obtain relatively few NFTs of much value. The wallet appeared to have successfully stolen only 13 NFTs, none of which were from high-value collections, that are worth a collective $20,000 if resold at the collections' floor prices.
OpenSea tweeted several messages acknowledging the hack and urging users not to click any links. They have not yet confirmed that they've conclusively re-secured their server.
"Double your money" scam using an old livestream of Elon Musk, Jack Dorsey, and Cathie Wood earns crypto scammers $1.3 million in 24 hours
McAfee identified 26 scam websites that were linked from the YouTube livestreams, which altogether took in $1.3 million in Bitcoin and Ether in a 24 hour period.
Mining Capital Coin CEO indicted for $62 million investment fraud scheme
Capuci was charged with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering. If convicted on all counts, he could be sentenced to up to 45 years in prison.
- "CEO of Mining Capital Coin Indicted in $62 Million Cryptocurrency Fraud Scheme", U.S. Department of Justice
Pragma defi protocol developers rug pull for $1.5 million
The rug pull appeared to have been perpetrated by one team member, although several other team members had to sign off on the transaction in order for it to go through.
The team had had their real-life identities verified by Obsidian, and remaining team members said they were working with Obsidian to try to investigate those behind the theft. Third-party KYC verification like the service Obsidian provides is often used by crypto projects to increase trust, though Pragma is hardly the first project with this kind of verification that stole funds anyway.
Juno accidentally transfers $36 million in seized funds to inaccessible wallet address
Juno intended to transfer the seized tokens from the individual whale's wallet to a community-controlled wallet. However, the person making the transfer accidentally copied and pasted the wrong value, resulting in the funds being sent to a wallet address that no one can access — effectively burning the tokens.
Daniel Hwang, who helps run one of the Juno validators, said to CoinDesk, "We fucked up big time". He also offered an unusual opinion: "Validators should have due diligenced for ourselves to actually check the code we're executing and running".
Shortly after the botched transaction, the Juno community began voting on a proposal to hard fork a second time to fix their mistake.
Attacker compromises MM.Finance to redirect $2 million in crypto assets to their own wallet
"Please do not perform any transactions or your funds will be sent to the exploiter wallet," MM.Finance tweeted shortly before taking the website offline. Three days earlier, MM.Finance had published a blog post to address "FUD" in their ecosystem stemming from a popular Reddit post that described MMF as an "inverse pyramid of derivatives" that the author believed would "topple", and outlined the project's "rosy future".
The project promised to try to compensate users, with its developers foregoing 45 days of trading fees to reimburse users. They also appealed to the OKC crypto exchange to intervene to help recover funds from someone they believed to be the attacker, and threatened the attacker with the FBI. "With all these information, we have more than what we need to bring this information to the FBI," they wrote on Twitter. "So here's the deal, return 90% of the funds you stole and we will let this go, no questions asked. You have 48 hours to return these funds."
- Tweet by MM.Finance
- "Mm Finance — The road ahead", MM.Finance blog
- "Personal Take on Events and Existing Tokenomics", post from r/MMFinance
- "DNS Hi-Jacking Post Mortem & Compensation", MM.Finance blog
ape holders can use multiple slurp juices on a single ape
ape holders can use multiple slurp juices on a single ape
so if you have 1 astro ape and 3 slurp juices you can create 3 new apes
Tonight's slurp juice mint event is essentially a minting event for both Lab Monkes and Special Forces
Video game company Square Enix agrees to sell much of their Western IP so they can go into the blockchain market
The sale agreement announcement came at a tough time for Square Enix, as it was published the same day as a report from the Wall Street Journal that "NFT Sales are Flatlining".
NFT sales drop 92% from peak, says Wall Street Journal
However, the article must be taken with a grain of salt. It's very difficult to determine in the moment what's simply a temporary lull rather than a death spiral, and notoriously inconsistent NFT and crypto data sources can tell wildly different stories.
- "NFT Sales Are Flatlining", Wall Street Journal
The Vatican plans a metaverse NFT gallery
For now it sounds like the project doesn't involve selling NFTs, which raises the question of why NFTs are required at all when the goal seems to just be to display artwork online — something the Vatican already does. Personally, until I can own the Popemobile in the metaverse, I'm not interested.
Juno whale threatens to sue network validators if community confiscates his tokens
The whale has repeatedly appealed to the community not to revoke his tokens, even trying to claim that the Juno developers had been secretly selling off $JUNO and damaging the community. Unfortunately for him, he didn't succeed in swaying the community, who voted on April 29 to confiscate his tokens.
The whale has threatened to take "legal action against each validator" if the community burns or locks the tokens that previously belonged to him, and which he claims to have been managing on behalf of clients in an investment scheme.
Wikimedia Foundation stops accepting cryptocurrency donations
The Wikimedia Foundation has accepted cryptocurrency donations since 2014, accepting donations in cryptocurrencies including Bitcoin, Bitcoin Cash, Ether, Ripple (XRP), Litecoin, Dogecoin, and the DAI and USDC stablecoins. However, it has made up a small portion of the non-profit's donation revenue — they received only $130,000 worth of crypto donations in the last fiscal year, which made up 0.08% of their revenue.
There has been strong pressure from crypto advocates on the WMF to accept crypto donations — both in 2014 when it was initially implemented, but also via brigading of the recent community discussion.
- Announcement from the Wikimedia Foundation
- Community discussion culminating in the request
Phishing sites appearing to be the "Otherside" Bored Ape land project steal NFTs valued at $6 million
Blockchain sleuth zachxbt found one such address that had netted around $1 million in NFTs just today, and tracing its transactions led to two other scammer wallets containing $5.1 million of other stolen NFTs.
Popular NFT mint spikes Ethereum gas prices; OpenSea transaction fees exceed $3,500
Most trading on OpenSea during this period was for the much-anticipated Otherside land deeds, which sell for around 5 ETH ($13,500) plus gas. However, some people oddly continued to buy and sell cheaper NFTs, including one person who bought a 0.1 ETH ($275) NFT and paid $3,850 in transaction fees.
- Tweet thread by Molly White
- "Goat Soup #3672" sale on Etherscan
- Archived gas fee page showing high prices
Solana goes down again
This is hardly the first instability the network has demonstrated, much to the chagrin of its users. Transaction flooding is an issue on Solana in part because of the low transaction fees compared to networks like Bitcoin and Ethereum, which have relatively high gas fees that would make flooding extremely expensive.
"Official" Teenage Mutant Ninja Turtles NFT project buys a fake IP rights contract
In late April, the Twitter account was suddenly suspended. On April 30, the TMNT project announced in their Discord that they had discovered that they had been sold a "fake IP rights contract", which they learned after communication from Paramount. They, probably overly optimistically, wrote that they would be pausing the project but they were hoping to "continue the project hand in hand" with Paramount.
Saddle Finance loses more than $11 million to hack
Saddle Finance had lost money once before, hours after it launched in January 2021. An individual was able to arbitrage Saddle Finance pools for a profit of around $275,000.
- Tweet thread by PeckShield
- "Update on Saddle’s Launch", Saddle Medium
$80 million stolen from Fei Protocol and Rari
Fei Protocol tweeted that they had paused borrowing to avoid further thefts, and offered a $10 million bug bounty if the hacker returned the money.
SEC files fraud complaint against NASGO organizers
- "SEC Alleges Fraud in Digital Asset Securities Offerings", U.S. Securities and Exchange Commission
Deus Finance exploited for $13.4 million in the second hack in two months
Deus had suffered a similar attack in March, with an attacker using a flash loan attack to steal more than $3.1 million. Deus reimbursed users who were liquidated in the incident.
According to Deus' CEO, the exploit in this incident was not the same one used in the previous attack. He wrote on Twitter that the exploit was "the first of its kind, a zero-day exploit on Solidly [decentralized crypto exchange] swaps".
Central African Republic adopts Bitcoin as legal tender
The Bank of Central African States (BEAC) has expressed surprise at the CAR's choice, saying that they only learned about it along with the rest of the public. Two former prime ministers of the CAR co-authored a letter stating that adopting Bitcoin as legal tender without guidance from the BEAC was a "serious offence".
Scammers create fake Louis Vuitton NFT project
The project airdropped these NFTs to NFT whales, causing some trackers used by people who follow and imitate whales' behavior to believe the whales themselves had minted the NFTs. The site then used a random counter to make it appear that the NFTs were quickly selling out, causing people to quickly mint their NFTs in fear of missing out. One NFT collector recounted her experience falling for the scam, buying five of the NFTs for a total of 0.6 ETH (~$1700) in hopes of striking it rich on a newly-launched project before it became widely known.
An examination of the website source code shows that the project is reusing code from a different scam based around World Cup themed NFTs.