FatMan discovered one instance where a person deposited $10,000 and later withdrew $4.3 million. According to FatMan, they found repeated exploits of this type that earned attackers "well over $30 million". Another researcher on Terra forums estimated about $88 million had been exfiltrated from the project in this way, over the many months the bug went undiscovered and unpatched by Mirror developers.
Researcher discovers vulnerability in the Terra Mirror Protocol that allowed attackers to siphon tens of millions from the project
Blockchain timekeeping is also selling point of Solana, which talks up its "proof of history" algorithm in a blog post where Solana Labs co-founder Anatoly Yakovenko says, "our clocks never drift".
Terra decides to release "Terra 2.0", because apparently the way to fix a crypto catastrophe is with more crypto
Billy Markus, one of the original creators of the Dogecoin cryptocurrency (both of whom have since left the project), tweeted, "luna 2.0 will show the world just how truly dumb crypto gamblers really are".
The highly exclusive group of NFT collectors known as Proof Collective, of which this trader was a member, was reportedly preparing a report for the FBI and police. Because the attacker used an exchange that requires KYC there may be some possibility that their identity could be traced, although falsified KYC is also increasingly common.
The WeWork founders are starting a carbon credit crypto company and they already raised $70 million in funding
The company has already raised $70 million in token sales and a Series A funding round led by Andreessen Horowitz (aka a16z), which seems like a startling amount of money to give to someone who resigned from his previous company amidst accusations of some serious self-dealing and the creation of toxic corporate culture.
On May 26, Cawthorn filed a disclosure to say he had bought between $100,000 and $250,000 of the "Let's Go Brandon" ($LGB) coin on December 21 — eight days before posting that the coin would "go to the moon" just before a deal with NASCAR was announced. The coin then went up in price and Cawthorn sold at least $100,000 of his holdings. This timing led to accusations that Cawthorn had advance knowledge of the partnership.
Cawthorn also disclosed in the same May 26 filing that he bought between $101,000 and $265,000 of Ethereum in late December. Although Congressmembers are required by the STOCK Act to disclose purchases of various assets (including cryptocurrencies) within 45 days of the transaction, Cawthorn's disclosure came five months after the purchase. Cawthorn recently lost his primary, ending his chances of re-election, but his current term isn't slated to end until January 2023.
- Statement of the Chairman and Ranking Member of the Committee on Ethics Regarding Representative Madison Cawthorn
- "Rep. Madison Cawthorn discloses 2021 ‘Let’s Go Brandon’ cryptocurrency purchase days after ethics probe announced", CNBC
- "GOP Rep. Madison Cawthorn failed to properly disclose 'Let's Go Brandon' and Ethereum cryptocurrency purchases", Business Insider
Reid traced the stolen funds until they disappeared into the crypto exchange "Fixed Float". Reid contacted the exchange, who told him they couldn't supply him with server logs without a law enforcement request. Reid wrote that he was "angry [with] the fact they cant provide me with any details to help me follow the trace" and urged crypto Twitter to try to pressure the exchange to release more information to him.
Founder of Milady NFT project revealed to have horrifying history involving a 4chan suicide cult, white supremacist cult, and pro-anorexia grooming
"Charlotte Fang" originally tried to deny the connection, attempting to cover up the connections between their online aliases and encouraging others to lie and also cover up any mentions of the alter ego. However, they eventually admitted to their past, writing that it was "toxic baggage that's hurting Milady community & poisoning the vibe". They apologized for trying to hide the account, attempted to brush off their past actions as "trolling" that didn't reflect their "real views", announced they would be leaving the project team, and finished by saying they were "more bullish than ever for Milady".
Various commenters replied to Beeple's tweet to say they'd been scammed, and to ask if he could help them recover their funds or NFTs. Some blamed him and his poor security practices for their losses, asking if he would repay those who were scammed. He has not suggested he intends to do so.
- "又一算稳项目被攻击，bDollar损失约73万美元", DefiDaoNews
HUMBL stock has dropped from a high of $6.84 per share to a low of $0.11. Similarly the BLOCK ETX asset has dropped more than 87% from its high.
- HUMBL lawsuit website
After the Balloonsville rug pull, which used the Magic Eden NFT marketplace, Magic Eden announced they would no longer be accepting anonymous projects on their platform. Despite that, this person was able to launch Reptilian Renegades on Magic Eden, where they were able to get their account verified.
Following the unmasking, the Reptilian Renegades Twitter account posted a slew of tweets supposedly exposing various NFT influencers for shady behavior including undisclosed promotions. "I'm literally the Batman. I stop crime whilst committing crimes," they wrote in response to a person who tweeted, "The balloonsville guy is back and he's ready to tell you how corrupt NFTs are while he steals from you. The lack of self awareness is truly next level."
Users threaten to sue after yield generation project Stablegains loses $44 million in Terra collapse
Unfortunately for their customers, it turned out that Stablegains was heavily invested in the Terra project's Anchor protocol, which collapsed along with the rest of the Terra ecosystem last week. Stablegains' website had stated they primarily generated yields through the asset-backed stablecoin USDC. However, after the collapse of Terra, Stablegains admitted that "All users' holdings are in UST" — which lost over 90% of its value.
QAN describes itself as a blockchain that helps "resist quantum attacks", though apparently not the types of bridge attacks that have become fairly common in the past year or so.
Another Korean group, calling themselves "Victims of Luna, UST coins", has amassed 1,500 members and reportedly plans to file a lawsuit against Kwon and Terraform Labs' other cofounder, Shin Hyun-Seong (who is also known as Daniel Shin, and is no longer with Terraform Labs).
This development may be particularly inconvenient for Kwon and Shin, given Terra's legal team quit the company the previous day.
On June 17, another investor filed a separate lawsuit against Terraform Labs, Kwon, and various others in a US court.
The project advertised on its website its plans to "Create Feminist economics in the form of a DAO to balance the male-dominated world." The project's whitepaper explains how the metaverse will apparently "greatly reduce the impacts on women's normal work and inequality in wages brought by their physiological differences and pregnancy. As a consequence, it helps eliminating a number of unresolved problems in the real world like gender discrimination, inequality in wages, sexual harassments, sexual assaults, trafficking of women and child marriage." It's not clear what specifically the "Feminist Metaverse" project was hoping to achieve.
Bot compromises have emerged as a wide attack vector in crypto and web3 communities, as widely-used bots can have elevated permissions across Discord channels used as official information sources across many communities.
The theft occurred on May 8, though Green only seemed to notice on May 17 when he tweeted, "Well frens it happened to me. Got phished and had 4NFT stolen."
The loss of the Bored Ape was later revealed to have put Green in a bit of a pickle, when he released the trailer for a new animated series he was developing that starred his pilfered primate. Given that BAYC ownership grants commercial usage rights (which are presumably transferred to the new owners when the NFT changes hands), the person who bought the NFT flipped by the phisher could have possibly brought a lawsuit against Green if he moved forward with the series.
Green ultimately spent about $300,000 to buy his ape back from the hacker.
American running "untraceable" service "designed to evade US sanctions" is charged after being traced
Though the country is as yet unnamed, the limited number of countries sanctioned in the way described in the decision allow us to deduce that it was either Cuba, Iran, North Korea, Syria, or Russia. This case marked the D.O.J.'s first criminal prosecution involving alleged use of crypto to evade sanctions.
U.S. Magistrate Judge Zia M. Faruqui wrote in the opinion: "Virtual currency is traceable. Yet like Jason Voorhees the myth of virtual currency's anonymity refuses to die. See Friday the 13th (Paramount Pictures 1980)."
Scream lending protocol racks up $35 million in bad debt after hardcoding not-so-stablecoin prices to $1
The following day, CZ tweeted, "Binance received 15,000,000 LUNA (at peak worth $1.6 billion USD, now not much) as part of the original ($3m) invest. 560x return at peak." In this tweet, "not much" glossed over the fact that these LUNA, obtained in return for a $3 million investment and at one point nominally worth $1.6 billion, are now worth $2,900.
He also wrote that Binance had 12,000,000 UST — worth $12 million when UST was properly pegged, and now worth $1.16 million (assuming liquidity exists to sell it at all).
More than a few people were unsatisfied with this reporting, asking more transparency around who these "counterparties" were. Ultimately, this action benefited the "counterparties", providing liquidity to these whales who were able to exit their now risky UST positions for a good price, and did not help most of the individuals holding UST.
Prior to these attacks, FEG had earned some notoriety from a May 2021 Vanity Fair article outlining an alleged pump-and-dump scheme, titled "Inside the Rise and Fall (and Rise and Fall) of Shit Coins". Despite the bad press, much of the FEG community maintained that the article was a smear and nothing more than an attempt by the author to create FUD. "You could literally take every token and this would apply to everyone..." wrote a moderator of the official FEG subreddit.
People continue to wait for a public accounting of what happened to Terra's $3.5 billion in Bitcoin reserves
Terraform Labs CEO Do Kwon tweeted on May 13 that "We are currently working on documenting the use of the LFG BTC reserves during the depegging event. Please be patient with us as our teams are juggling multiple tasks at the same time." It's not clear when this documentation will be released. Binance CEO Changpeng Zhao joined the group of people asking about the BTC reserves, tweeting, "I would like to see more transparency from them. Much more! Including specific on-chain transactions (txids) of all the funds. Relying on 3rd party analysis is not sufficient or accurate."
Altogether, InsurAce says they paid out about $11 million to around 173 claimants as a result of the depeg. Evidently there were 61 others who did not submit their claims within the deadline.
The hacker only managed to exfiltrate around $18,000 before being discovered, and SpiritSwap shut down their swapping through their router to prevent the attack from continuing.
MM.Finance suffered a similar attack earlier in the month, losing $2 million after an attacker gained control of the domain and swapped in their own address to siphon funds.
On May 13, the company announced it would be reversing transactions made during an hour-long period on May 12 when "users who traded LUNA were quoted an incorrect price". Some users were able to profit off the discrepancy, but later were told that their transactions were being reversed. Crypto.com offered $10 in CRO, their cryptocurrency token, "for the inconvenience caused". Crypto.com halted Luna trading after discovering the issue, and it remains halted as of May 13.
The issue sounds quite similar to issues that affected various defi projects around the same time. Several projects who failed to account for unexpected Luna price data coming from blockchain oracles including Chainlink suffered major attacks.
- "LUNA Trading Incident on Crypto.com App", Crypto.com
Unexpected oracle data in the wake of Terra blockchain halt enables multiple attacks on other platforms
$13.5 million was fraudulently borrowed from the Venus protocol on BSC. Blizz Finance on Avalanche reported their protocol had been entirely drained, amounting to around $8.3 million. Blizz subsequently announced in a post-mortem that "Blizz has no treasury or development fund and a significant portion of the stolen assets belonged to our team. As such we regret to announce the protocol has been paused and we do not intend to resume operations."
The two fraud charges carry maximum sentences of 10 and 20 years.
Terra only announced this after halting the network, giving their users no opportunity to try to withdraw funds. They have made no announcement about whether or when they intend to bring the network back online, although it seems safe to assume that the enormous loss of confidence in Terra would make any restart short-lived.
Tether began to recover somewhat as the day progressed, gradually returning to above $0.99. However, the de-peg has clearly shaken the cryptocurrency ecosystem. The heavy reliance on Tether means that a substantial or protracted loss of its peg would be devastating, and the open secret that Tether does not have the backing assets it once claimed has intensified fears about a possible run on Tether.
- "Important Notice For All Customers", BitPrime
Do Kwon has never disclosed his involvement with this failed project. CoinDesk wrote that although their "default position is to respect the privacy of pseudonymous actors with established reputations under their well-known handles unless there is an overwhelming public interest in revealing their real-world identities", there was now "such public interest as Kwon's UST stablecoin death spirals, wreaking havoc across the broader cryptocurrency market. Amid this precarious situation, investors deserve to know that UST was not Kwon's sole attempt at making an algorithmic stablecoin work." It was not made clear in the article when CoinDesk first learned of Kwon's connection to Basis Cash, though the authors later stated they'd learned of it the night before they published.
Such a dramatic crash in a cryptocurrency that was in the top ten by market cap has been devastating to some. Some members of the Terra/Luna community on Reddit have spoken of being massively over-invested in Luna, with some describing losing their life savings and appearing to be in crisis.
"Cryptoqueen" Ruja Ignatova added to Europol's most wanted list in connection to OneCoin ponzi scheme
OneCoin was a Bulgarian ponzi scheme in which investors bought packages of "tokens" with which they would supposedly "mine" cryptocurrency. Despite advertising as a decentralized cryptocurrency, OneCoin in reality was centralized on the company's servers. The scheme attracted around $4 billion in investments since its creation in 2014, and several people associated with the project have pled guilty to money laundering and fraud charges.
This serves as a stark reminder to users who keep their cryptocurrency on exchanges, that although it is often a more user-friendly way to keep crypto (compared to self-custodying), it exposes users to risk like this.
Some members of the crypto community expressed shock, with Swan Bitcoin CEO Cory Klippsten tweeting, "Is this real?!?"
Former footballer Michael Owen claims his NFTs "will be the first ever that can't lose their initial value"
It appeared that Owen might have meant that there would be a lower bound on resale price of the NFTs, which is neither a new concept in NFTs (see Kaiju Kongz or Rich Bulls Club), nor does it mean the NFTs "can't lose their initial value". It just means that when the NFTs do lose their initial value, collectors can't recoup even a portion of their investment.
- "Michael Owen mocked after making bold claim that his NFTs can't lose value", Manchester Evening News
The remaining project developers have tried to remain positive and restore faith in the community, accusing the developer who sold of "gluttony" and "greed". The project also implemented a steep 50% tax on remaining holders to discourage them from trying to sell.
This news came as a shock to many lovers of Azuki NFTs, pricey NFTs which regularly trade for 20–30 ETH (~$45,000–$70,000). Azuki is not without its own controversies, recently facing accusations of insider trading.
The incentives that should keep TerraUSD trading at $1 have been put to the test lately, with a combination of spiraling cryptocurrency prices across the board and some apparent large sell-offs by those holding UST. The coin dipped down to $0.992 on May 7 before some large buys returned it close to its peg. It dipped again by a smaller amount the following day, reaching a low of around $0.994. These values may seem like small changes on the micro scale, but when major stablecoins diverge from their peg by even fractions of a cent they have major effects throughout the cryptocurrency ecosystem.
On May 9, UST saw its most extreme de-peg, plunging to $0.95, then again to $0.84 later that day, despite Luna Foundation Guard liquidating $1.3 billion in Bitcoin reserves to try to restore the peg.
Do Kwon, cofounder of Terraform Labs, initially seemed to be doing his best to portray confidence on Twitter by tweeting things that give the exact opposite impression. "If yall girls are gonna fud, try to do it during my waking hours pls," he wrote on May 7. "You could listen to [crypto Twitter] influensooors about UST depegging for the 69th time. Or you could remember they're all now poor, and go for a run instead", he tweeted, somewhat blithely acknowledging UST's repeated history of losing its peg. His tweets seemed to take a more serious turn beginning the evening of May 8, as the situation grew more dire.
The exploit caused the $FTS token to drop 42%. The creators of Fortress urged people not to supply any assets to the pool as the attack was ongoing, and tweeted "we need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds!"
Despite all this, the project deployer suddenly minted 23 million CSR tokens, which they swapped for almost $90,000 in other assets, crashing the token value in the process by about 70%. The development team also took the project website offline.
However, the NFT launch went poorly — fewer than 2,800 NFTs were minted out of the total supply of 9,671 NFTs. The project tried to relaunch but failed to drum up much more interest, so the creators apparently decided to call it quits — while keeping the money, of course. The project founder left a long message to the community, in which they said that they would be shutting the project and spoke at length about how difficult it had been for them.
Coinbase's new NFT marketplace hasn't had more than 200 transactions in a day since its public launch
Although the company claimed to have 3 million users on its waitlist, the public marketplace release has gone shockingly poorly given Coinbase's existing reputation. The platform has yet to see more than 200 transactions in a given day (compared to OpenSea, which regularly sees more than 100,000 transactions a day, or its smaller competitor LooksRare which sees more than 1,000 daily). Furthermore, the platform has only broken $50,000 in volume traded on five of the days it's been publicly available, with some days seeing only a few thousand dollars traded. OpenSea has been doing over $150 million in daily volume in that same time frame, and LooksRare around $100 million (though it should be noted that the prevalence of wash trading, particularly on LooksRare, makes these numbers hard to evaluate).
The U.S. began sanctioning various wallet addresses belonging to the hackers in mid-April, though have faced obstacles given that it is trivial for the hackers to create new wallets. The use of cryptocurrency tumblers (also called "mixers") has also stymied the government's attempts to limit the DPRK's access to the ill-gotten funds. Blender is not the primary tumbler that Lazarus has been using — that would be Tornado Cash, which they have used to tumble more than $213 million from the hack. Tornado has taken perfunctory steps to comply with sanctions, but nothing that would meaningfully impact Lazarus' ability to use the service.
- "U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats", U.S. Department of the Treasury