Lacoste Discord among the latest to be hacked

So, apparently polo shirts have NFTs now. Fashion brand Lacoste's NFT project is titled "Undw3", which is apparently supposed to be pronounced "underwater" — I guess if you say the 3 in French it sort of sounds like the English... word... "underwater"... anyway. The Discord for that NFT project was one of the latest to be hacked in a string of Discord hacks so prolific that I've basically stopped reporting on them individually. Like many recent Discord hacks, this one was accomplished by compromising a moderator's account. The account was then used to post a fake mint link, and users who signed the transaction approval found their assets transferred to the attacker.

Since the last post about an NFT project having its Discord compromised, five days ago, we've seen at least fifteen more projects suffer the same: Clyde, Good Skellas, Duppies, Oak Paradise, Tasties, Yuko Clan, Mono Apes, ApeX Club, Anata, GREED, CITADEL, DegenIslands, Sphynx Underground Society, FUD Bois, and Uncanny Club.

Hoo exchange pauses withdrawals

The Hong Kong-based cryptocurrency exchange Hoo announced that they would be pausing withdrawals, after so many customers tried to withdraw their crypto that they began to run out of funds in their hot wallet. The company assured customers in a blog post that the pause was temporary and that withdrawals would resume in 24–72 hours once transfers from a "backup multi-signature wallet and other assets" were complete, leaving one to wonder what those other assets might be. The blog post finished by stating, "The platform is trying to reconfigure medium- and long-term assets in an orderly and reasonable manner. Please don't worry and there will be no loss of your assets."

Defi insurer Bancor pauses their impermanent loss protection due to "hostile market conditions"

The defi insurance protocol Bancor announced on June 19 that they would be suspending their impermanent loss protection due to "hostile market conditions". The feature sought to protect users from "impermanent loss", a risk when a person provides liquidity to a pool, the ratio of deposited assets changes, and the person winds up with more of the token that's worth less.

Bancor wrote in their announcement that "Withdrawals performed during this unstable period will not be eligible for IL protection. Users who remain in the protocol will continue earning yields and be entitled to withdraw their fully-protected value when IL protection is reactivated." Many view this as Bancor holding their crypto hostage, because they would take a major loss if they withdrew while IL protection was paused.

The post goes on to say that "two large centralized entities" (likely Celsius and Three Arrows Capital) have rapidly liquidated their $BNT positions and withdrawn a large amount of liquidity; Bancor also wrote that another entity has opened a large short against $BNT.

Solend DAO passes proposal to take over the account of a large holder with a position that poses systemic risk

Solend DAO, the DAO behind the Solend lending protocol on Solana, just passed its first ever governance proposal. A whale used their platform to take out an enormous margin position, depositing 5.7 million Solana (currently worth $170 million) to withdraw $108 million in stablecoins. Their position represents 95% of all Solana deposits on the platform, and the position risks partial liquidation if Solana drops in price to $22.30.

The proposal allows Solend to temporarily take over the whale's account to liquidate the position "gracefully", rather than allowing the liquidation to happen as it normally would. This stems from the concern that the partial liquidation (20%, or around $21 million) would "cause chaos" on both Solend and the Solana blockchain more broadly. The proposal outlined concerns around Solend potentially ending up with bad debt, and liquidators "spamming the liquidate function" and potentially taking down the Solana chain.

The proposal elicited strongly negative reactions from many in the crypto community, who feel that a project taking over a user's account flies in the face of the concept of defi and sets a dangerous precedent. Others blame Solend for allowing the position in the first place, given the level of systemic risk. Some have also pointed out that Solend may be exposing themselves to legal risk by retroactively changing the terms of the loan.

The proposal succeeded hours after it was proposed, with one whale providing 1 million votes out of the 1.15 million votes in favor.

Magic Internet Money stablecoin wobbles

A stablecoin called Magic Internet Money (yes, really) is one of the latest to have trouble maintaining its peg. The stablecoin is issued by the Abracadabra lending platform, which was founded by Daniele Sesta. Some may recognize the name from the Wonderland project failure in January, during which it was also discovered that the pseudonymous chief developer on the project was Michael Patryn, a shady character with a history of financial crimes.

On June 17, $MIM began to lose its $1 peg, and on June 18 it dropped below $0.91. Later on June 18, it returned above $0.95, but continued to be priced below its intended peg.

The supply of $MIM dropped precipitously in the wake of the Terra collapse, as traders lost confidence in algorithmic stablecoins more broadly. Amidst plummeting markets, rumors have surfaced that Abracadabra is "nearly insolvent" due to bad debt left over from the Terra crash. Sesta has refuted the claim, writing on Twitter that the "treasury has more money than the debt" and that the rumors were simply people "spread[ing] FUD [to] try to recover your losses from shorting a bit". The project announced that it would be implementing "peg stability measures", including increasing interest rates on one of their lending markets.

MakerDAO halts Aave–DAI direct deposit due to concerns over risk

MakerDAO voted to disable the Aave—DAI direct deposit module, which previously allowed users to mint DAI (MakerDAO's stablecoin) and deposit it into the Aave lending protocol. According to a MakerDAO team member, 100 million of the 200 million DAI borrowed on the Aave project is borrowed by Celsius and collateralized primarily by stETH. Celsius paused withdrawals several days before MakerDAO's decision, and is apparently underwater. stETH is Lido-staked Ether, which also has been encountering issues amidst the market downturn and heightened withdrawal pressures.

The same MakerDAO team member wrote in the forum that "Contagion risks in DeFi are increasing", and that the project wanted to "cut exposure" to projects that were in trouble. "We could be dealing with Lehman's moment in crypto," he wrote.

Three Arrows Capital looks for a bailout

The Wall Street Journal reported that Three Arrows Capital, a crypto hedge fund that was rumored to be insolvent several days earlier, was indeed pursuing last-ditch options to make good on their debts. 3AC had major exposure to Luna, a token that plunged in value during the collapse of the Terra ecosystem in May, and lost around $200 million in that catastrophe. The collapse of other projects and the plummeting prices of cryptocurrencies in general exacerbated 3AC's situation, causing them to take losses in other risky plays they had made, and ending with them unable to pay off debts to creditors.

According to the WSJ, 3AC has hired legal and financial advisors to pursue solutions including asset selloffs or rescue by another firm, and is trying to extend the deadlines for outstanding debt repayments.

Babel Finance suspends withdrawals and redemptions

Babel Finance is the latest crypto finance platform to suddenly limit customer withdrawals. Citing "unusual liquidity pressures" and "conductive risk events" to crypto institutions, Babel announced that they would be "temporarily suspending" redemptions and withdrawals for an indeterminate period. Babel Finance had just completed a $80 million Series B round, with a valuation of $2 billion, in May.

Some in the crypto space have been encouraging people to withdraw their funds from any type of staking or lending platform, as liquidations and failures to repay debt spreads through the tightly-interconnected ecosystem. On June 16, yield farming platform Finblox implemented a very low cap on the amount of funds customers could withdraw, citing exposure to the apparently insolvent Three Arrows Capital.

AEX crypto exchange limits withdrawals after a $1 billion "bank run"

The AEX crypto exchange is among a growing number of exchanges to limit customer withdrawals amidst a crypto downturn. In an announcement, AEX wrote that "we honestly admit that AEX Global platform has met some problems, which involve a bank run of more than 1 billion USD".

The exchange then announced they would be delaying the withdrawals of most popular cryptocurrencies for 36 hours "to avoid unnecessary panic withdrawal". A follow-up blog post the next day announced they would be allowing users to withdraw, but only up to $500 a day. They later adjusted the withdrawal limits to a more flexible model, but left them in place.

As an apology to their customers, AEX promised "AEX Shareholder Badges" to the people with the most funds in their platform. They also announced a Texas Hold'em Carnival to show their "appreciation" of their users, but they canceled it the same day. Perhaps focusing on the liquidity issue is the right choice...

Anna "Delvey" Sorokin announces she will "move away from the 'scammer persona'" and launch NFTs

Anna Sorokin, sitting with her chin on her hand in courtAnna Sorokin (attribution)
Anna Sorokin, the scammer who convinced people and companies to give her hundreds of thousands of dollars by pretending to be a German heiress, has decided to get into NFTs. After winding up with a "scammer persona", which she says is a result of the Netflix series about her and not a result of the scams that landed her in prison, she has announced her intentions to "move away from" it. Now she is focusing on an NFT collection, which she announced in an interview from a detention facility in New York.

Finblox implements withdrawal limits and pauses rewards due to exposure to Three Arrows Capital

Finblox is a crypto yield farming company that describes themselves as a "savings platform" and promises "up to 90% APY on your crypto!". They announced they would be preventing users from withdrawing more than $1,500 from the platform, or earning the rewards they were initially promised. In an announcement, Finblox wrote that they were making the changes due to "numerous media reports" about Three Arrows Capital, a hedge fund and investor in Finblox which is widely rumored to be insolvent amidst the crypto downturn.

Finblox announced that all users would only be able to withdraw up to $500 a day, up to a monthly maximum of $1,500 — quite a change from the $50,000/day withdrawal limit for some of their users. They also wrote that they would be pausing reward distributions, and delaying their referral program and deposit rewards, and preventing newly registered users from creating new crypto addresses.

Finblox ended the message to their users by saying they would "do everything in its power to protect our users' funds and reinstate our services in full", but such a dramatic move seems to suggest the platform is another domino to fall as companies collapse throughout the crypto ecosystem.

Hacker steals over $1.2 million from Inverse Finance, their second such exploit in under three months

A hacker was able to perform an oracle manipulation attack enabled by flash loans to siphon crypto worth around $1.26 million from Inverse Finance. The loss to the protocol was higher, at around $5.8 million. The attacker has already moved most of the stolen funds to the Tornado Cash cryptocurrency tumbler.

Inverse Finance is a borrowing and lending protocol that was hit with a different oracle manipulation attack in early April, which resulted in a $15.6 million loss.

8 Blocks Capital calls on platforms to freeze Three Arrows Capital's funds after the firm goes silent

8 Blocks Capital is a Hong Kong-based trading firm. In a Twitter thread, Danny Yuan explained that 8BC had been using 3AC's trading accounts to reduce their trading fees. He wrote, "We had known them since 2018, thought they were competent and didn't think they were degen enough to lose billions and not employ basic risk management."

When 8BC contacted 3AC to make a withdrawal on June 13, they never received a reply. "We didn't think much of it at the time. After a while, the market stablized so we no longer needed the funds. We thought maybe they were just busy." The following day, 8BC noticed $1 million missing from their accounts. When they tried to contact 3AC, they again received no response.

According to Yuan, "What we learned is that they were leveraged long everywhere and were getting margin-called. Instead of answering the margin calls, they ghosted everyone." He called on platforms that still have assets from 3AC to freeze those assets, "so that those who 3AC owes can be paid back in the future after legal proceedings."

Kraken crypto exchange announces 🚩 culture overhaul 🚩

The U.S.-based crypto exchange Kraken has announced that, despite the layoffs and hiring freezes among its competitors in the ongoing "crypto winter", they intend to keep hiring aggressively. They also took the opportunity to announce that they "believe bear markets are fantastic at weeding out the applicants chasing hype from the true believers in our mission", and that they had "taken this opportunity to align our internal culture around a set of shared values". They also make it clear that anyone who disagree with the changes can GTFO: "In commitment to these values, we also expanded our permanent benefits program to make moving on a bit easier for anyone who feels it's time for the next chapter in their career."

These internal values include requiring employees to believe in "The Mission", "to accelerate the worldwide adoption of cryptocurrency". Their culture explainer also includes various points (emphasis in the original):

  • "We will engage in lobbying, as a single-issue donor, supporting controversial politicians and legislation that furthers The Mission, possibly to the detriment of other civil rights causes"
  • We will advertise with and sponsor controversial television programs, podcasts, influencers and events, if it furthers The Mission
  • We may incorporate firearm and self-defense training in to corporate retreats
  • Should we aim to be exemplary in terms of stereotypical team diversity measurements? No.

The culture document goes on to say that "Someone Must be Offended, Some of the Time":

  • "Krakenites are welcome to request (and deny) personal language and communication preferences of each other"
  • Everyone is responsible for their own feelings
  • Being offended doesn't necessarily make you right
  • Being offended doesn't necessarily make you "harmed"
  • Words nor silence are ever "violence"
  • We do not call someone's words toxic, hateful, racist, x-phobic, unhelpful, etc.

Throughout the document are various notes to clarify that although some of what they're describing definitely sounds like they might be breaking the law, they're definitely not breaking the law: e.g., "Note: We are committed to eliminating all forms of discrimination against legally protected groups in every jurisdiction in which we operate."

BlockFi fined almost $1 million by Iowa regulators for offering unregistered securities

The Iowa Insurance Division announced that they had levied a $943,000 fine against BlockFi for failing to register securities they offered on their platform. The regulator also accused BlockFi of making "misrepresentations and omissions about the level of risk in its loan portfolio", particularly pertaining to statements that their loans were "typically" overcollateralized when in reality only around 16–17% were.

SEC reportedly begins probe into insider trading at crypto exchanges

According to FOX Business, the SEC has sent an inquiry to at least one "major crypto exchange", in what their source said they believed was an investigation spanning several exchanges. It's not clear whether this is a targeted probe spurred by specific instances of alleged malfeasance that might be a harbinger of impending enforcement action, or a broader examination pertaining to broad regulatory interest.

Three Arrows Capital crypto hedge fund may be insolvent

Blockchain data showed that Three Arrows Capital (3AC), a crypto-focused hedge fund based in Singapore, appeared to be dumping stETH as quickly as possible. stETH is Lido-staked Ethereum, a project that is facing liquidity issues and deviating from its peg as of late. The sales appear to be 3AC selling off stETH to pay off debts, presumably due to margin calls as the crypto ecosystem as a whole fell dramatically.

Making matters worse, 3AC co-founder Su Zhu tweeted during the mass sell-off to promote stETH, which certainly gives the appearance that he was trying to pump the price to improve price or liquidity. BlockFi later confirmed that they had liquidated some positions that 3AC held with them.

Speculation about 3AC has swirled, with little comment from 3AC or its executives besides a June 14 tweet from Zhu: "We are in the process of communicating with relevant parties and fully committed to working this out". Meanwhile, other organizations including 8 Blocks Capital have reported that they've been unable to reach 3AC about money they're owed.

Merit Circle DAO votes to renege on deal with investor, provide 30% of what was owed

Members of the Merit DAO, a DAO operating in the play-to-earn space, voted on proposals renege on a deal signed with an early investor to the DAO, Yield Guild Games (YGG). The proposal argued that YGG had not "added value" to Merit (besides monetarily, of course).

YGG pointed out that the seed investor agreement did not require investors to "provide any specific value add services", and "there is no provision for Merit... to unilaterally cancel the contract". The core team replied to say that, "We would like to honor all agreements, however... the DAO holds the ultimate power". One minority voice in the community argued, "You can not just look back 6 months later and be angry with someone who took an early bet on you and say 'here is a refund'. We must uphold trust in compensating those who take early risks."

Surprisingly, YGG ultimately accepted a deal with the DAO rather than take it to court. The final decision did not entirely eliminate their promised returns, but still only granted them around 30% of what they would have been owed with the original deal (which would have been over $5 million).

In a Twitter thread, CEO of the 101.xyz web3 platform detailed the saga and wrote, "it's hard to see this as anything other than a horrendous stain on the reputation of web3... Merit Circle DAO may not need outside support anymore, but many other projects do. And now they've made it harder for earlier projects to get the capital they need. Investors might rightfully ask 'what if your DAO decides to fuck us'".

Axie Infinity says it was never about the money after describing their game as a job-creator

After playing up how Axie Infinity had "created hundreds of thousands of jobs in the Philippines" and other locations where salaries are low, Axie Infinity has crumbled. Some players had quit their traditional jobs to become full-time Axie players, and for a few months in 2021, some skilled players could make more than the average wage in the Philippines by playing the game.

Even without the $625 million hack in March, Axie's economy was in trouble. A November 2021 report from Naavik, titled "Infinite Opportunity or Infinite Peril?" wrote that the game's "economic policies are fundamentally unsustainable" and that "the value of new Axies and SLP is propped up by new players putting fresh money into the game".

As of May, even top-ranked players were making around $0.68 a day — certainly well below the $41.50 average daily wage in the Philippines that the game was once beating. Now, Axie Infinity downplays the financial promises of its game, with the company's head of product writing, "Axie Infinity first and foremost needs to be a game".

Coinbase lays off 1,100 employees in 18% cut

Coinbase announced that they would be cutting 18% of their employees, amounting to 1,100 people. This announcement came only two weeks after they rescinded already-accepted job offers from some new employees, a move that itself came only two weeks after the company announced a hiring freeze. Coinbase has attributed their decisions to "current market conditions" and "crypto winter".

Coinbase broke the news to affected employees in a particularly cold way: by email, sent to employees' personal email accounts because they immediately cut access to employees' work accounts. "Given the number of employees who have access to sensitive customer information, it was unfortunately the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves," wrote CEO Brian Armstrong in a message to employees that was subsequently published as a blog post.

Known Origin is the latest project to have their Discord compromised

The Discord server for Known Origin, a fairly major NFT platform, was compromised. The scammer used their access to advertise a fake free NFT mint, which actually would steal NFTs if a user tried to connect their wallet.

This is the latest in a long string of Discord compromises. Other hacked servers in recent days included those for Curiosities, Meta Hunters, Parallel, Goat Society, RFTP, and Gooniez.

NFT collector sells pixel art toad at a $1 million loss

A bright blue pixel art toad skeleton with bright yellow eyes and a yellow watch, on a bright blue background that is almost the same color as the skeletonCrypToadz #2155 (attribution)
In October 2021, an NFT collector dropped 300 ETH (then $1.05 million) on CrypToadz #2155, a pixel art image of a blue toad skeleton on a blue background. On June 13, they sold the NFT for 6.9 ETH (~$8,300), a $1.02 million loss.

It's hard to say why the collector accepted such a low offer. Some have speculated that they were tax loss harvesting to offset other gains, while others have wondered if the collector's account might have been compromised. It's also possible that the collector was cutting losses, not expecting the demand for their NFT to rebound anytime soon.

Tron's algorithmic stablecoin (USDD) wobbles

USDD, the algorithmic stablecoin belonging to the Tron network, dipped as low as $0.91 from its $1 peg on June 13 amidst a day of turmoil elsewhere in the crypto ecosystem. Blockchain analytics firm Nansen observed that Oapital, one of the funds that successfully profited off the Terra de-peg, had started to move large amounts of USDD (as well as other stablecoins). "Doesn't look great", Nansen tweeted.

Tron founder Justin Sun tweeted that the Tron DAO would deploy $2 billion (with a B) in capital to fight short sellers, writing: "Short squeeze is coming".

Crypto.com and BlockFi announce layoffs

On June 10, Crypto.com announced they would be "making targeted reductions" of 260 people, amounting to around 5% of their workforce. On June 13, BlockFi announced that they were in "the gut wrenching position of needing to reduce our headcount" by around 20%. BlockFi has around 850 staff, suggesting they plan to lay off 170 people.

These announcements followed a June 2 layoff announcement by Gemini and the announcement by Coinbase that same day that they would be rescinding already-accepted job offers.

Rumors of a downturn across the tech industry more broadly have been swirling for several months, but crypto companies appear to be being hit particularly hard as they simultaneously endure "crypto winter".

Binance pauses Bitcoin withdrawals for 3 hours due to "stuck" transactions

Binance paused Bitcoin withdrawals for three hours on June 13, explaining that some network maintenance resulted in transactions becoming "stuck and not able to be processed successfully". Although founder and CEO Changpeng Zhao predicted the pause would only take thirty minutes, the issue took closer to three hours to resolve.

I love it when I go to my bank to grab some cash from the ATM and discover that I can't, because someone else's cash clogged up the pipe.

The pause occurred as Bitcoin was reaching record low prices not seen since 2020, contributing to the ongoing pattern of Binance suddenly pausing withdrawals or undergoing maintenance during periods of chaos in the crypto ecosystem.

Terra investors file class action lawsuit against Binance.US

A group of people who put money into Terra (UST), the stablecoin that collapsed in May, have filed a class action lawsuit against Binance.US. Binance.US is a crypto exchange that operates within the US, managed independently from Binance, which is not available to US customers due to fears that it would run afoul of US securities regulations.

The lawsuit argues that UST is an unregistered security, and that as a result, Binance.US was violating securities laws by listing it. The lawsuit also alleges that Binance.US misled investors, leading them to believe that UST was more stable than it actually was. More than 2,000 investors have joined the lawsuit.

"SeaFlower" hacks target crypto users via backdoored iOS and Android crypto wallets

The Confiant security research group has discovered a group that is backdooring and distributing versions of legitimate crypto wallets including Coinbase Wallet, MetaMask, TokenPocket, and imToken. The hackers have created reverse-engineered versions of the crypto wallets that operate as designed, but also steal the user's seed phrase, later using it to drain the users' cryptocurrency.

The attackers have distributed the tampered applications through websites that clone the legitimate applications' websites. Through search engine poisoning, primarily via Chinese search engines like Baidu, the attackers have successfully gotten unsuspecting users to install the malicious programs.

Lido-staked Ether (stETH) loses peg

Lido-staked ETH, a project that offers to allow users to stake ETH for the purposes of securing it after the Ethereum "merge" — that is, the ever-delayed move to proof-of-stake. Although stETH is backed 1:1 with ETH, it's not very liquid aside from the primary liquidity on Curve. Huge sell-offs of stETH for ETH have been causing slippage in the Curve pool, which was off peg by around 5% and heavily imbalanced on June 12.

Crypto researcher Small Cap Scientist suggested on June 9 that the sell-offs may have been triggered by a "canary in the coal mine": a 50,000 stETH (nominally worth $45.8 million) sell-off by Alameda Research, a trading firm founded by Sam Bankman-Fried. SCS also reported that Celsius Network was "quickly running out of liquid funds to pay back their investors", and "they are taking massive loans" against "billions in illiquid positions" to pay back customers.

Celsius pauses all withdrawals

The Celsius platform announced that they would be pausing all withdrawals, swaps, and transfers due to "extreme market conditions".

There has been a lot of concern lately about Celsius' reserves and its ability to honor redemptions, with some speculating that the platform might be underwater and forced to default. Celsius released a blog post on June 7 titled, "Damn the Torpedoes, Full Speed Ahead" where they accused "vocal actors" of "spreading misinformation and confusion", and promised that "Celsius continues to process withdrawals without delay", and that "Celsius has the reserves (and more than enough ETH) to meet obligations".

Celsius' June 12 announcement did not include any details on what their plans would be, just that they hoped it would allow them to "stabilize liquidity and operations while we take steps to preserve and protect assets".

On June 14, the Wall Street Journal reported that Celsius had hired restructuring attorneys.

Offline Cash project finally gives the world what it really needs: physical digital physical cash

Photo of hands holding colorful banknotes denominated in 10 (blue), 5 (red), 2 (green), and 1 (orange).Offline Cash's Bitcoin Notes (attribution)
Some crypto advocates have long promoted crypto as a proper digital equivalent to cash. Physical dollars have a lot of benefits, including that you don't need a bank account to use them and they provide a lot of privacy. Although bank transfers and apps like Venmo offer digital ways to transfer money, they typically require a bank account to use, and they leave a digital record of the transaction. Crypto advocates have long promised that crypto is a proper digital equivalent to cash, despite its own accessibility and privacy concerns.

Anyway, a project called Offline Cash has sprung up. In a stunning example of Poe's Law, the project seeks to provide a physical form of that digital physical cash people have spent so much time working on.

Hear me out: imagine you had paper notes that you could transfer to people in lieu of making a Bitcoin transaction! And unlike regular cash, it has an expiration date to keep track of!

Scammers compromise verified, 5-million-follower Twitter account for Venezuelan newspaper El Universal, use it to promote fake Goblintown site

Verified Twitter account showing the display name "goblintown.wtf", but a username of ElUniversalCompromised Twitter account (attribution)
Scammers successfully compromised the Twitter account for El Universal, a Venezuelan newspaper. The account is verified, and has five million followers. The scammers used the account to promote "goblintowm" (note the m on the end), a fake website pretending to be the recently-popular Goblintown project. Users who connected their wallets to try to mint the free NFTs instead saw their wallets drained of their cryptocurrency and NFTs.

One of the wallets used by the scammers had stolen 64 NFTs, though most of them were low in value. The address had also pulled in 16.5 ETH (~$30,000). However, most scammers rotate wallets, and this likely doesn't reflect the total damage from the scam.

20 million Optimism tokens sent to nonexistent address, someone else snags them before they can be recovered

As the Ethereum scaling project Optimism worked to create the $OP token, a token they launched in a move towards decentralizing the project's governance, they decided to obtain a loan from a third party, Wintermute, to provide initial liquidity, in exchange for 20 million $OP. However, Wintermute mistakenly provided the wrong multi-sig wallet address to Optimism, and the 20 million tokens were sent to an address that had not yet been created. The teams attempted to deploy the multi-sig wallet address to retrieve the tokens, but another person noticed the blunder and was able to do so first.

Wintermute published a blog post taking responsibility for the error, and announced that they would "proceed to buy OP every time the attacker sells it to make the protocol whole eventually". So far the attacker has sold 1 million $OP for about $1 million USD.

Wintermute wrote that they were "open to see this as a white hat exploit", but if the funds were not returned within a week, they were "100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system".

Remarkably, the attacker returned 17 million of the tokens two days later, keeping 2 million as a "bounty". Wintermute agreed to reimburse the Optimism Foundation for the remaining 2 million $OP.

Players Only NFT project, founded by NBA players, rug pulls for $1.4 million

A 3D rendering of a football player running with a football, wearing a red uniform showing the number 13. He has a bald head and his tongue is sticking out.Player #4820 (attribution)
Crypto-sleuth zachxbt reported on June 8 that Players Only, and NFT project created by a group of NBA players including Michael Carter-Williams and Jerami Grant, appears to be a rug pull. The players used their star power to drum up interest in the project and its somewhat unsettling NFTs of various bobblehead-esque sports players. The project promised close involvement from the athletes who founded it, with a roadmap advertising autographed merchandise, real life and metaverse meetups with the players, and other giveaways.

Although the project team promised that "every single one of our holders will win something", the collectors were in for a lot of disappointment: players never showed up for events, and Zoom meetups were never scheduled despite repeated requests, and merchandise was never sent. One person who was promised a signed jersey instead received a t-shirt, apparently devoid of any signature.

In mid-May, two project creators announced they would be "stepping back on the project as [they] cannot seem to please the community". The announcement broadly blamed the project's failures on "lack of interest" in the project. They said they would no longer be providing physical items, and would focus on "athlete utility", though in the time since then the project has remained similarly stagnant.

Collectors minted Players Only NFTs in early December for 0.08 ETH each (~$144). One NFT from the project has been sold on the secondary market in the last month, for $0.001 ETH (less than $2).

Baby Elon coin rug pulls for $179,000

The Baby Elon project on BNBChain rug pulled on June 8, with the token price plummeting 98% as the team withdrew 623 BNB (~$179,000) from the project. They quickly moved the funds to the Tornado Cash cryptocurrency tumbler.

The Baby Elon token is of course not to be confused with Baby Musk, a different BNB Chain-based, baby Elon Musk-themed memecoin that rug pulled in February after a $2 million ICO.

ApolloX exchange exploited for $1.5 million

The ApolloX exchange suffered an exploit where an attacker was able to withdraw around 40 million $APX, which they were able to swap for around $1.5 million. This also caused the $APX price to drop by more than 50%.

The exchange has announced plans to repurchase $APX to boost the price, so far spending $600,000 to do so.

Osmosis chain halted after bug leads to $5 million loss

The Osmosis chain was halted on June 8 after users discovered a bug where people could deposit money into Osmosis pools and receive 3x the amount when they withdrew. The bug was first reported in a public Reddit post where a user posted, "Bug on Osmosis There is a serious problem with osmosis. If you add liquidity to a pool and then remove it, it grows by 50%! How can we fix this!?!? Pools empty by morning!"

Developers halted the chain before liquidity pools were fully drained, but estimated that about $5 million was lost. They wrote that they were working on recovery plan; perhaps they will also encourage their community to report bugs privately, rather than via public Reddit post.

GYM Network exploited for $2.1 million

Attackers stole around $2.1 million from the GYM Network defi project after exploiting a bug in a recently-deployed contract that failed to check the identity of the caller. The attackers quickly transferred the stolen funds to the Tornado Cash cryptocurrency tumbler to cover their tracks.

GYM Network promised to use the entire project treasury to bolster the price of their token, which tanked as a result of the massive sell-off. "We can't promise that it will bring the price back to 0.20$ but we will use it All to recover this attack," they wrote on Telegram.

Representative Madison Cawthorn belatedly reports up to $950,000 in crypto trades, long past the STOCK Act deadline

Official portrait of Madison CawthornMadison Cawthorn (attribution)
Representative Madison Cawthorn (R-NC) is facing an ethics investigation pertaining to his involvement with the Let's Go Brandon coin, which includes allegations of insider trading as well as not disclosing his cryptocurrency trades as is required by the STOCK Act. After the investigation was announced in May, Cawthorn disclosed purchases of LGB and ETH, far past the 45-day deadline imposed by the Act.

On June 8, Cawthorn filed more reports of crypto trades he made in January to March, reflecting 24 purchases totaling between $290,000 to $950,000 in crypto projects including Kryll, Ethereum, Solana, Bitcoin, Let's Go Brandon, and Request.

Senators Lummis and Gillibrand work across the aisle to please cryptocurrency industry with their proposed legislation

Senators Lummis (R-WY) and Gillibrand (D-NY) introduced the "Responsible Financial Innovation Act", the first major proposal for cryptocurrency regulation in the US. A press release from Lummis included statements of support from Kraken, Coinbase, FTX, crypto lobbyists, and various other major players in the cryptocurrency industry — unsurprising support for a bill that is incredibly friendly to the sector. Notably, the bill broadly avoids classifying cryptocurrencies as securities, which would be regulated by the SEC and provide some consumer protections. Instead, the Senators create a foggy definition for sufficiently "decentralized" cryptocurrencies that would treat them as commodities and place them under the purview of the CFTC — the much smaller and less aggressive regulator that has been the preference of most in the cryptocurrency industry.

Senator Lummis has long been a strong supporter of Bitcoin and crypto more generally, sporting a "laser eyes" profile picture on Twitter and speaking at Bitcoin Miami, where she was introduced as a "champion of Bitcoin".

People get an anticlimactic sneak peek at one of the first NFT games to be released on Epic Games store

A screenshot from a video game, showing a cowboy character holding a pistol in a grey roomGrit gameplay (attribution)
You might think that, since Epic Games has decided to distinguish itself from its major competitor Steam by welcoming blockchain games to its platform, they might try to make a splash with a few flashy titles to be the first listed on the platform. Alas, it is not to be, as the first known game that will be offered, Grit, has been described by Kotaku as "gimmicky" and "remarkably beige". The trailer mostly looks like a worse version of Red Dead Redemption, featuring horses that appear to hover through grassland. A gameplay teaser posted by an NFT games enthusiast to Twitter features him narrating that the game "is looking insane in the membrane", as he does nothing other than fire a gun into an empty room and spin.

500 attendees of the "Galaverse" event (a gathering put on by Grit's creators, Gala Games) were airdropped "epic" rarity horse NFTs, which those with keen eyes were quick to observe are simply a premade asset the developers purchased from the Unreal Engine Marketplace.

SEC reportedly reviewing whether Binance's BNB token broke securities laws

The same day that Reuters released an investigation implicating Binance in helping to launder billions of dollars of illicit funds, Bloomberg reported that the U.S. Securities and Exchange Commission had opened an investigation into whether Binance had broken securities laws when they launched their BNB initial coin offering. Bloomberg based its reports on conversations with anonymous sources, as the SEC has not publicly disclosed the existence of such a probe into Binance.

Reuters reports that Binance facilitated $2.35 billion in illicit transfers from 2017–2021

A Reuters investigation alleged that Binance "served as a conduit for the laundering of at least $2.35 billion in illicit funds" between 2017 and 2021. Binance is the largest cryptocurrency exchange in the world. Reuters tracked hundreds of millions in funds passing through a Russian darknet drugs market called Hydra thanks to Binance, and pointed to Binance as facilitating the laundering of money from German investment fraud schemes and North Korean cybercrime groups.

A wave of Discord moderator account hacks impacts multiple NFT-related servers

The June 4 compromise of the Bored Apes Discord was only one of several Discord hacks in a several-day period. All the attacks appeared to involve user accounts of individual moderators being compromised and used to post fake announcements that lured users of the server to phishing sites that stole NFTs. Discord servers for Yung Ape Squad, Apocalyptic Apes, Bubbleworld, and Aiternate were among the projects affected.

The Apocalyptic Apes Discord attackers stole around 21 NFTs. Bubbleworld attackers stole 171 NFTs, with combined floor prices amounting to around $243,000.

Decentralized exchange Maiar exploited for $113 million

Hackers were able to discover and exploit a bug in the decentralized exchange Maiar, stealing assets notionally worth $113 million. Maiar developers took the exchange offline soon after discovering the exploit, but not before the hackers made off with 1.65 million EGLD (the native token of the Elrond blockchain, on which Maiar is built). The sale of around $54 million of the pilfered EGLD caused the token to plummet from $76 to $5 on the Maiar exchange.

Maiar's founder and CEO has claimed that "most exploited funds have been either recovered in full, or will be covered by the Elrond Foundation", though it's not clear how (or if) any of the funds were recovered.

Collector loses ten pricey NFTs to phishing scam

An illustration of a mummified grey cat wearing a fluffy white bathrobe and a crown encased in flamesCool Cat #2941 (attribution)
An NFT collector hoping to claim NFTs from the Goblintown collection was phished, resulting in ten of their NFTs being stolen from them. The scammers took two Mutant Ape NFTs and eight Cool Cats. "They stole everything from me," the collector wrote. "I'm devastated".

The collector had bought or minted the NFTs at various points over the past year, spending a total of 84 ETH on the ten stolen NFTs (worth ~$312,000 based on ETH prices at the time of each purchase). The thief has so far flipped seven of the Cool Cats NFTs for a total of 34.5 ETH (~$62,000). This collector doesn't appear to be the phisher's only victim; their Ethereum wallet shows a total balance of $365,000.

Bored Apes Discord compromised again, 32 NFTs stolen and flipped for $360,000

Phishing message from Bored Apes DiscordPhishing message from Bored Apes Discord (attribution)
Scammers were able to compromise the Discord account of a Bored Apes community manager, then use it to post an announcement of an "exclusive giveaway" to anyone who held a Bored Ape, Mutant Ape, or Otherside NFT. When users went to mint their free NFT, the scammers were able to steal their pricey NFTs. The scammer quickly flipped the stolen NFTs for a total of around 200 ETH (about $360,000), then began transferring funds to Tornado Cash.

The Bored Apes Discord was also compromised on April 1, along with those of several other big-name NFT projects.

New York legislators pass moratorium on permits for fossil fuel powered crypto mining operations

The New York state Senate passed a bill putting a two-year halt on issuing new or renewing existing permits for crypto mining at fossil fuel plants — a practice that has been happening near Seneca Lake and elsewhere in the state. The bill will also begin an environmental impact study on such facilities.

Next, the bill will go to Governor Hochul to sign or veto.

FTC reports $329 million lost to crypto scams in Q1 2022

The U.S. Federal Trade Commission (FTC) reported that "Although it's yet to become a mainstream payment method, reports to the FTC show [crypto is] an alarmingly common method for scammers to get peoples' money." They found that consumers have reported $329 million in fraud only in the first quarter of 2022: already half as much as was lost in the entire prior year.

The report also detailed that 25% of the monetary amount lost to fraud since the beginning of 2021 was lost via cryptocurrency, and that the median individual loss was around $2,600. Most of the crypto scams were investment frauds, followed by romance scammers and business and government impersonators.

Timechain allegedly attempts to falsely blame missing money on Terra collapse

The Canadian firm Timechain claimed that they lost around $4 million to the Terra collapse, a loss they said destroyed the company. Timechain claimed that a stop-loss mechanism that should have triggered in Binance to avoid such devastating losses never actually fired, resulting in a loss of more than 95%. However, Binance has reported that Timechain almost completely emptied their account before the Terra collapse.

Forest Tiger Pro rug pulls for tokens notionally worth more than $4.5 million

The TIGER project was supposed to be a DAO aiming to "support global technical teams" and protect wild animals and the environment. The project was broad-ranging, and had NFT, gaming, and defi components. Beginning on June 2, the project rug pulled 64,171 TIGER tokens notionally worth around $4.52 million. The TIGER token dropped by more than 50% following the first rug pull transaction, and transactions continued for another 20 days.