Inverse Finance is a borrowing and lending protocol that was hit with a different oracle manipulation attack in early April, which resulted in a $15.6 million loss.
Hacker steals over $1.2 million from Inverse Finance, their second such exploit in under three months
8 Blocks Capital calls on platforms to freeze Three Arrows Capital's funds after the firm goes silent
When 8BC contacted 3AC to make a withdrawal on June 13, they never received a reply. "We didn't think much of it at the time. After a while, the market stablized so we no longer needed the funds. We thought maybe they were just busy." The following day, 8BC noticed $1 million missing from their accounts. When they tried to contact 3AC, they again received no response.
According to Yuan, "What we learned is that they were leveraged long everywhere and were getting margin-called. Instead of answering the margin calls, they ghosted everyone." He called on platforms that still have assets from 3AC to freeze those assets, "so that those who 3AC owes can be paid back in the future after legal proceedings."
These internal values include requiring employees to believe in "The Mission", "to accelerate the worldwide adoption of cryptocurrency". Their culture explainer also includes various points (emphasis in the original):
- "We will engage in lobbying, as a single-issue donor, supporting controversial politicians and legislation that furthers The Mission, possibly to the detriment of other civil rights causes"
- We will advertise with and sponsor controversial television programs, podcasts, influencers and events, if it furthers The Mission
- We may incorporate firearm and self-defense training in to corporate retreats
- Should we aim to be exemplary in terms of stereotypical team diversity measurements? No.
The culture document goes on to say that "Someone Must be Offended, Some of the Time":
- "Krakenites are welcome to request (and deny) personal language and communication preferences of each other"
- Everyone is responsible for their own feelings
- Being offended doesn't necessarily make you right
- Being offended doesn't necessarily make you "harmed"
- Words nor silence are ever "violence"
- We do not call someone's words toxic, hateful, racist, x-phobic, unhelpful, etc.
Throughout the document are various notes to clarify that although some of what they're describing definitely sounds like they might be breaking the law, they're definitely not breaking the law: e.g., "Note: We are committed to eliminating all forms of discrimination against legally protected groups in every jurisdiction in which we operate."
Making matters worse, 3AC co-founder Su Zhu tweeted during the mass sell-off to promote stETH, which certainly gives the appearance that he was trying to pump the price to improve price or liquidity. BlockFi later confirmed that they had liquidated some positions that 3AC held with them.
Speculation about 3AC has swirled, with little comment from 3AC or its executives besides a June 14 tweet from Zhu: "We are in the process of communicating with relevant parties and fully committed to working this out". Meanwhile, other organizations including 8 Blocks Capital have reported that they've been unable to reach 3AC about money they're owed.
YGG pointed out that the seed investor agreement did not require investors to "provide any specific value add services", and "there is no provision for Merit... to unilaterally cancel the contract". The core team replied to say that, "We would like to honor all agreements, however... the DAO holds the ultimate power". One minority voice in the community argued, "You can not just look back 6 months later and be angry with someone who took an early bet on you and say 'here is a refund'. We must uphold trust in compensating those who take early risks."
Surprisingly, YGG ultimately accepted a deal with the DAO rather than take it to court. The final decision did not entirely eliminate their promised returns, but still only granted them around 30% of what they would have been owed with the original deal (which would have been over $5 million).
In a Twitter thread, CEO of the 101.xyz web3 platform detailed the saga and wrote, "it's hard to see this as anything other than a horrendous stain on the reputation of web3... Merit Circle DAO may not need outside support anymore, but many other projects do. And now they’ve made it harder for earlier projects to get the capital they need. Investors might rightfully ask 'what if your DAO decides to fuck us'".
Even without the $625 million hack in March, Axie's economy was in trouble. A November 2021 report from Naavik, titled "Infinite Opportunity or Infinite Peril?" wrote that the game's "economic policies are fundamentally unsustainable" and that "the value of new Axies and SLP is propped up by new players putting fresh money into the game".
As of May, even top-ranked players were making around $0.68 a day—certainly well below the $41.50 average daily wage in the Philippines that the game was once beating. Now, Axie Infinity downplays the financial promises of its game, with the company's head of product writing, "Axie Infinity first and foremost needs to be a game".
Coinbase broke the news to affected employees in a particularly cold way: by email, sent to employees' personal email accounts because they immediately cut access to employees' work accounts. "Given the number of employees who have access to sensitive customer information, it was unfortunately the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves," wrote CEO Brian Armstrong in a message to employees that was subsequently published as a blog post.
- "A message from Coinbase CEO and Cofounder, Brian Armstrong", Coinbase blog
- "Crypto Exchange Coinbase to Lay Off 18% of Staff", Wall Street Journal
This is the latest in a long string of Discord compromises. Other hacked servers in recent days included those for Curiosities, Meta Hunters, Parallel, Goat Society, RFTP, and Gooniez.
It's hard to say why the collector accepted such a low offer. Some have speculated that they were tax loss harvesting to offset other gains, while others have wondered if the collector's account might have been compromised. It's also possible that the collector was cutting losses, not expecting the demand for their NFT to rebound anytime soon.
Rumors of a downturn across the tech industry more broadly have been swirling for several months, but crypto companies appear to be being hit particularly hard as they simultaneously endure "crypto winter".
- "Crypto crash wreaking havoc on DeFi protocols, CEXs", Cointelegraph
I love it when I go to my bank to grab some cash from the ATM and discover that I can't, because someone else's cash clogged up the pipe.
The pause occurred as Bitcoin was reaching record low prices not seen since 2020, contributing to the ongoing pattern of Binance suddenly pausing withdrawals or undergoing maintenance during periods of chaos in the crypto ecosystem.
The lawsuit argues that UST is an unregistered security, and that as a result, Binance.US was violating securities laws by listing it. The lawsuit also alleges that Binance.US misled investors, leading them to believe that UST was more stable than it actually was. More than 2,000 investors have joined the lawsuit.
The attackers have distributed the tampered applications through websites that clone the legitimate applications' websites. Through search engine poisoning, primarily via Chinese search engines like Baidu, the attackers have successfully gotten unsuspecting users to install the malicious programs.
- "Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto", BleepingComputer
Crypto researcher Small Cap Scientist suggested on June 9 that the sell-offs may have been triggered by a "canary in the coal mine": a 50,000 stETH (nominally worth $45.8 million) sell-off by Alameda Research, a trading firm founded by Sam Bankman-Fried. SCS also reported that Celsius Network was "quickly running out of liquid funds to pay back their investors", and "they are taking massive loans" against "billions in illiquid positions" to pay back customers.
There has been a lot of concern lately about Celsius' reserves and its ability to honor redemptions, with some speculating that the platform might be underwater and forced to default. Celsius released a blog post on June 7 titled, "Damn the Torpedoes, Full Speed Ahead" where they accused "vocal actors" of "spreading misinformation and confusion", and promised that "Celsius continues to process withdrawals without delay", and that "Celsius has the reserves (and more than enough ETH) to meet obligations".
Celsius' June 12 announcement did not include any details on what their plans would be, just that they hoped it would allow them to "stabilize liquidity and operations while we take steps to preserve and protect assets".
On June 14, the Wall Street Journal reported that Celsius had hired restructuring attorneys.
Anyway, a project called Offline Cash has sprung up. In a stunning example of Poe's Law, the project seeks to provide a physical form of that digital physical cash people have spent so much time working on.
Hear me out: imagine you had paper notes that you could transfer to people in lieu of making a Bitcoin transaction! And unlike regular cash, it has an expiration date to keep track of!
Scammers compromise verified, 5-million-follower Twitter account for Venezuelan newspaper El Universal, use it to promote fake Goblintown site
One of the wallets used by the scammers had stolen 64 NFTs, though most of them were low in value. The address had also pulled in 16.5 ETH (~$30,000). However, most scammers rotate wallets, and this likely doesn't reflect the total damage from the scam.
20 million Optimism tokens sent to nonexistent address, someone else snags them before they can be recovered
Wintermute published a blog post taking responsibility for the error, and announced that they would "proceed to buy OP every time the attacker sells it to make the protocol whole eventually". So far the attacker has sold 1 million $OP for about $1 million USD.
Wintermute wrote that they were "open to see this as a white hat exploit", but if the funds were not returned within a week, they were "100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system".
Remarkably, the attacker returned 17 million of the tokens two days later, keeping 2 million as a "bounty". Wintermute agreed to reimburse the Optimism Foundation for the remaining 2 million $OP.
Although the project team promised that "every single one of our holders will win something", the collectors were in for a lot of disappointment: players never showed up for events, and Zoom meetups were never scheduled despite repeated requests, and merchandise was never sent. One person who was promised a signed jersey instead received a t-shirt, apparently devoid of any signature.
In mid-May, two project creators announced they would be "stepping back on the project as [they] cannot seem to please the community". The announcement broadly blamed the project's failures on "lack of interest" in the project. They said they would no longer be providing physical items, and would focus on "athlete utility", though in the time since then the project has remained similarly stagnant.
Collectors minted Players Only NFTs in early December for 0.08 ETH each (~$144). One NFT from the project has been sold on the secondary market in the last month, for $0.001 ETH (less than $2).
The exchange has announced to repurchase $APX to boost the price, so far spending $600,000 to do so.
Developers halted the chain before liquidity pools were fully drained, but estimated that about $5 million was lost. They wrote that they were working on recovery plan; perhaps they will also encourage their community to report bugs privately, rather than via public Reddit post.
GYM Network promised to use the entire project treasury to bolster the price of their token, which tanked as a result of the massive sell-off. "We can't promise that it will bring the price back to 0.20$ but we will use it All to recover this attack," they wrote on Telegram.
Representative Madison Cawthorn belatedly reports up to $950,000 in crypto trades, long past the STOCK Act deadline
On June 8, Cawthorn filed more reports of crypto trades he made in January to March, reflecting 24 purchases totaling between $290,000 to $950,000 in crypto projects including Kryll, Ethereum, Solana, Bitcoin, Let's Go Brandon, and Request.
Senators Lummis and Gillibrand work across the aisle to please cryptocurrency industry with their proposed legislation
Senator Lummis has long been a strong supporter of Bitcoin and crypto more generally, sporting a "laser eyes" profile picture on Twitter and speaking at Bitcoin Miami, where she was introduced as a "champion of Bitcoin".
- "Senators to Propose Industry-Friendly Cryptocurrency Bill", Wall Street Journal
- "Crypto industry scores a big win under long-anticipated Senate bill", Washington Post
- Press release from Senator Lummis
People get an anticlimactic sneak peek at one of the first NFT games to be released on Epic Games store
500 attendees of the "Galaverse" event (a gathering put on by Grit's creators, Gala Games) were airdropped "epic" rarity horse NFTs, which those with keen eyes were quick to observe are simply a premade asset the developers purchased from the Unreal Engine Marketplace.
The Apocalyptic Apes Discord attackers stole around 21 NFTs. Bubbleworld attackers stole 171 NFTs, with combined floor prices amounting to around $243,000.
Maiar's founder and CEO has claimed that "most exploited funds have been either recovered in full, or will be covered by the Elrond Foundation", though it's not clear how (or if) any of the funds were recovered.
The collector had bought or minted the NFTs at various points over the past year, spending a total of 84 ETH on the ten stolen NFTs (worth ~$312,000 based on ETH prices at the time of each purchase). The thief has so far flipped seven of the Cool Cats NFTs for a total of 34.5 ETH (~$62,000). This collector doesn't appear to be the phisher's only victim; their Ethereum wallet shows a total balance of $365,000.
The Bored Apes Discord was also compromised on April 1, along with those of several other big-name NFT projects.
Next, the bill will go to Governor Hochul to sign or veto.
The report also detailed that 25% of the monetary amount lost to fraud since the beginning of 2021 was lost via cryptocurrency, and that the median individual loss was around $2,600. Most of the crypto scams were investment frauds, followed by romance scammers and business and government impersonators.
- "Reports show scammers cashing in on crypto craze", Federal Trade Commission
- "Timechain et ses dirigeants font l’objet d’une enquête", La Presse (in French)
- "Dépouillés par une compagnie québécoise de cryptomonnaie", Le Journal de Montréal (in French)
Not only did their roadmap include play-to-earn game (of course), collaborations with a Swiss shoe and apparel store that would send them actual gear, and real-life trips, but they promised that 15 "legendary" cards would "automatically generate" their owners $2,500 each month, for life. The project was promoted by Jake Paul, an influencer whose crypto promotions don't have a great track record to say the least.
The project team began to grow more distant after launch, posting less frequently. Promised apparel shipments never arrived. The team changed the legendary rewards from $2,500 a month to "a percentage of incomes from the game", which they said "could be a lot more than $2500 monthly" despite no game actually existing. The project team eventually disappeared, took down the Twitter account and website, and disabled the general chat in their Discord project.
Personally, I'm looking forward to telling my landlord that I can only pay half my rent because I lost the money I'd set aside for it in the crypto markets.
Crypto companies are not the only tech companies that have been slowing down hiring or even laying off employees recently, though rescinding already accepted offers is extremely unusual. A would-be employee wrote on the anonymous employee message board app Blind that their offer had been rescinded, and that "this feels like a nightmare that I can’t wait to wake up from". A current Coinbase employee replied, "Dodged a bullet".
All my goblin asses gone.
The announcement came on the same day that the CFTC announced a lawsuit against Gemini for allegedly making false or misleading statements.
- "CFTC accuses Winklevoss-owned crypto exchange Gemini of misleading statements in new lawsuit", The Block
- Press release from the CFTC
- CFTC v. Gemini complaint
After the token plummeted, Hern received an email from the developers, who spun a story about how they were just fans of his, and that it was just an unfortunate mistake that people has mistaken their usage of his name and "Guardian" to mean he was involved.
It's not quite clear what happened, but it seems likely that it may have been a listing error. Onekiller had posted and then canceled listings for the ape several times in the past week and as recently as four hours before the sale, all between 250 and 145 ETH, suggesting that they had control of their account and made a mistake while entering the listing value.
Technologists draft an open letter to US lawmakers urging them to responsibly legislate crypto industry
The Financial Times writes, "While individuals have made similar warnings about the safety and reliability of digital assets, it marks a more organised effort to challenge the growing influence of crypto advocates who want to resist attempts to regulate the frothy sector."
However, Solana has been plagued with stability issues, and on June 1 it was taken offline by its developers for what CryptoWhale says was the eighth time this year. This occurred only days after an incident in which the Solana blockchain clock drifted significantly behind real-world time.
After leaving OpenSea in the wake of the allegations, Chastain began pitching a new NFT platform called "Oval" to investors, seeking $3 million in seed funding.
Chastain was arrested on June 1. The two charges he faces each carry a maximum sentence of twenty years in prison. The Attorney's Office described the charges as the first ever relating to insider trading of digital assets, and stated that, "today’s charges demonstrate the commitment of this Office to stamping out insider trading – whether it occurs on the stock market or the blockchain."
- Press release from the U.S. Attorney's Office of the Southern District of New York