A hacker was able to exploit a flaw in the smart contract for the project, stealing crypto notionally worth $3.8 million. The loss to the protocol was likely higher. XCarnival paused its smart contract after learning about the hack from a crypto watchdog.
On June 26, XCarnival announced that they had reached an agreement to give a 1,500 ETH "bug bounty" to the attacker, who agreed to return the remaining 1,587 ETH ($1.9 million) with an agreement that XCarnival would not pursue legal action.
The NFT went up for sale on June 20, with bidding scheduled to last for four days, and a starting bid of 206 ETH (around $240,000). Apparently collectors decided the NFT wasn't enough to justify dropping that kind of cash on a car that is expected to sell for around $90,000, because the auction received no bids.
SuperRare, the marketplace used for the auction, explained that users must have missed the opportunity to bid "due to the craziness of NFT NYC" (a cryptocurrency conference that ran from June 20–23), and the project extended the bidding time by 24 hours. After the 24 hours had elapsed, they still had zero bids.
The Times later updated the story, writing that the company's co-founder told them that the restaurant shuts off the payment system "'from time to time' for upgrades", but was still accepting crypto.
The menu lists prices in USD, not Ether or Apecoin, and most people buy their $13 hamburgers with plain old fiat.
- Inside the crypto restaurant after the crypto crash, Los Angeles Times
The company announced they would be "scal[ing] down to a target organisational size of about 730 people". The company seems to have had around 1,000 employees, which means they are laying off around a quarter of their workforce. They also announced they would be rescinding employment offers they had extended recently.
- "The Way Forward", BitPanda
On June 23, someone was able to steal assets from the bridge that they then converted to more than 85,800 ETH. The stolen funds are notionally valued at almost $100 million, assuming the thief can cash them out successfully. Hours after the attack, most of the funds remained in the thief's wallet and had not yet been laundered.
A June 29 analysis by blockchain research firm Ellipsis claimed that "there are strong indications that North Korea's Lazarus Group may be responsible for this theft". Lazarus was also behind the $625 million bridge hack in March, targeting the Axie Infinity game.
Senators Lummis and Gillibrand solicit feedback on their proposed crypto legislation via Github and it's off to a predictably chaotic start
As one might expect, apparently-unmoderated open comments from some of the most online people out there has been off to a chaotic start. The first comment on the proposal, by a user with a Pepe the Frog avatar, is titled "Taxation is theft!" and reads, "Why should we pay any taxes to a corrupt government that prints money out of thin air and gives it away for free! Eliminate the FED!!! BITCOIN FOREVER!"
Another comment thread begins, "Feds are not looking post floppa" and accumulated over 100 replies containing photos of caracals within half an hour.
A different person submitted a pull request replacing the entire text of the bill with "cryptocurrencies are banned lmao".
On July 13, the creators of the Github repository removed all the issues and archived the repository, apparently bringing the experiment to its end.
The company then posted an announcement that they would be "pausing all withdrawals" due to "extreme market conditions last week & continued uncertainty involving a counterparty". They were cagey about the identity of the counterparty, though the announcement explicitly stated it was not the underwater hedge fund Three Arrows Capital, which has been causing a domino effect throughout the crypto industry. They later alleged the counterparty was Roger Ver, though he denied the claim.
CoinFLEX began allowing customers to withdraw up to 10% of their funds on July 14, but the remaining 90% continued to be inaccessible to them.
- "Update on withdrawals", CoinFLEX
- "Hostess launches $TWINKcoin snack cakes", Food Business News
Bybit opted to settle with the OSC, disgorging about CA$2.5 million (US$1.9 million) and has begun working with the OSC to become compliant.
OSC accused KuCoin of not complying with the investigation, and permanently banned the exchange from operating in Ontario. The OSC also levied a CA$2 million (US$1.5 million) fine against the exchange.
- "Ontario Securities Commission Slaps Bybit and KuCoin With Penalties", CoinDesk
- "OSC holds global crypto asset trading platforms accountable", Ontario Securities Commission
Voyager Digital reduces withdrawal limit after reporting $660 million exposure to Three Arrows Capital
Later that day, Voyager reduced the daily withdrawal limit from $25,000 to $10,000, suggesting they were having trouble meeting customer demand for withdrawals.
The prior week, Voyager announced they had secured a line of credit from Alameda Research amounting to $200 million in cash and 15,000 Bitcoin. Alameda Research is a trading firm founded by Sam Bankman-Fried, who also runs the FTX crypto exchange.
Almost a year earlier, in June 2021, Vauld raised $25 million in a Series A round led by Peter Thiel's Valar Ventures, which was also joined by Coinbase and Pantera Capital.
The FTX loan represents the second bailout of a crypto firm by Sam Bankman-Fried's companies, after his Alameda Research trading firm extended credit equivalent to around $485 million to floundering crypto platform Voyager.
- "Crypto exchange FTX bails out lending platform BlockFi", Financial Times
According to Logically, the "vast majority" of people following the influencers' investment advice "lost anywhere between several hundred and tens of thousands of dollars". One man lost more than $100,000, resulting in him also losing his house and construction business. The man ultimately died by suicide.
He later clarified that he was willing to cooperate with the investigation against TFL, but was dismayed that employees who left long before the collapse were facing an exit ban, and that they weren't notified of the ban.
Terra is facing a class action lawsuit from Korean investors, and local news had previously reported that South Korean authorities had launched an investigation.
Since the last post about an NFT project having its Discord compromised, five days ago, we've seen at least fifteen more projects suffer the same: Clyde, Good Skellas, Duppies, Oak Paradise, Tasties, Yuko Clan, Mono Apes, ApeX Club, Anata, GREED, CITADEL, DegenIslands, Sphynx Underground Society, FUD Bois, and Uncanny Club.
- "Announcement of Withdrawl on Hoo", Hoo blog
Bancor wrote in their announcement that "Withdrawals performed during this unstable period will not be eligible for IL protection. Users who remain in the protocol will continue earning yields and be entitled to withdraw their fully-protected value when IL protection is reactivated." Many view this as Bancor holding their crypto hostage, because they would take a major loss if they withdrew while IL protection was paused.
The post goes on to say that "two large centralized entities" (likely Celsius and Three Arrows Capital) have rapidly liquidated their $BNT positions and withdrawn a large amount of liquidity; Bancor also wrote that another entity has opened a large short against $BNT.
- "Market Conditions Update — June 19, 2022", Bancor blog
Solend DAO passes proposal to take over the account of a large holder with a position that poses systemic risk
The proposal allows Solend to temporarily take over the whale's account to liquidate the position "gracefully", rather than allowing the liquidation to happen as it normally would. This stems from the concern that the partial liquidation (20%, or around $21 million) would "cause chaos" on both Solend and the Solana blockchain more broadly. The proposal outlined concerns around Solend potentially ending up with bad debt, and liquidators "spamming the liquidate function" and potentially taking down the Solana chain.
The proposal elicited strongly negative reactions from many in the crypto community, who feel that a project taking over a user's account flies in the face of the concept of defi and sets a dangerous precedent. Others blame Solend for allowing the position in the first place, given the level of systemic risk. Some have also pointed out that Solend may be exposing themselves to legal risk by retroactively changing the terms of the loan.
The proposal succeeded hours after it was proposed, with one whale providing 1 million votes out of the 1.15 million votes in favor.
- "SLND1: Mitigate Risk From Whale" proposal
On June 17, $MIM began to lose its $1 peg, and on June 18 it dropped below $0.91. Later on June 18, it returned above $0.95, but continued to be priced below its intended peg.
The supply of $MIM dropped precipitously in the wake of the Terra collapse, as traders lost confidence in algorithmic stablecoins more broadly. Amidst plummeting markets, rumors have surfaced that Abracadabra is "nearly insolvent" due to bad debt left over from the Terra crash. Sesta has refuted the claim, writing on Twitter that the "treasury has more money than the debt" and that the rumors were simply people "spread[ing] FUD [to] try to recover your losses from shorting a bit". The project announced that it would be implementing "peg stability measures", including increasing interest rates on one of their lending markets.
The same MakerDAO team member wrote in the forum that "Contagion risks in DeFi are increasing", and that the project wanted to "cut exposure" to projects that were in trouble. "We could be dealing with Lehman's moment in crypto," he wrote.
According to the WSJ, 3AC has hired legal and financial advisors to pursue solutions including asset selloffs or rescue by another firm, and is trying to extend the deadlines for outstanding debt repayments.
- "Crypto Hedge Fund Three Arrows Capital Considers Asset Sales, Bailout", Wall Street Journal
Some in the crypto space have been encouraging people to withdraw their funds from any type of staking or lending platform, as liquidations and failures to repay debt spreads through the tightly-interconnected ecosystem. On June 16, yield farming platform Finblox implemented a very low cap on the amount of funds customers could withdraw, citing exposure to the apparently insolvent Three Arrows Capital.
- "Babel Finance Suspends Withdrawals, Citing 'Unusual Liquidity Pressures'", CoinDesk
- Notice from Babel Finance
The exchange then announced they would be delaying the withdrawals of most popular cryptocurrencies for 36 hours "to avoid unnecessary panic withdrawal". A follow-up blog post the next day announced they would be allowing users to withdraw, but only up to $500 a day. They later adjusted the withdrawal limits to a more flexible model, but left them in place.
As an apology to their customers, AEX promised "AEX Shareholder Badges" to the people with the most funds in their platform. They also announced a Texas Hold'em Carnival to show their "appreciation" of their users, but they canceled it the same day. Perhaps focusing on the liquidity issue is the right choice...
Finblox announced that all users would only be able to withdraw up to $500 a day, up to a monthly maximum of $1,500 — quite a change from the $50,000/day withdrawal limit for some of their users. They also wrote that they would be pausing reward distributions, and delaying their referral program and deposit rewards, and preventing newly registered users from creating new crypto addresses.
Finblox ended the message to their users by saying they would "do everything in its power to protect our users' funds and reinstate our services in full", but such a dramatic move seems to suggest the platform is another domino to fall as companies collapse throughout the crypto ecosystem.
Hacker steals over $1.2 million from Inverse Finance, their second such exploit in under three months
Inverse Finance is a borrowing and lending protocol that was hit with a different oracle manipulation attack in early April, which resulted in a $15.6 million loss.
8 Blocks Capital calls on platforms to freeze Three Arrows Capital's funds after the firm goes silent
When 8BC contacted 3AC to make a withdrawal on June 13, they never received a reply. "We didn't think much of it at the time. After a while, the market stablized so we no longer needed the funds. We thought maybe they were just busy." The following day, 8BC noticed $1 million missing from their accounts. When they tried to contact 3AC, they again received no response.
According to Yuan, "What we learned is that they were leveraged long everywhere and were getting margin-called. Instead of answering the margin calls, they ghosted everyone." He called on platforms that still have assets from 3AC to freeze those assets, "so that those who 3AC owes can be paid back in the future after legal proceedings."
These internal values include requiring employees to believe in "The Mission", "to accelerate the worldwide adoption of cryptocurrency". Their culture explainer also includes various points (emphasis in the original):
- "We will engage in lobbying, as a single-issue donor, supporting controversial politicians and legislation that furthers The Mission, possibly to the detriment of other civil rights causes"
- We will advertise with and sponsor controversial television programs, podcasts, influencers and events, if it furthers The Mission
- We may incorporate firearm and self-defense training in to corporate retreats
- Should we aim to be exemplary in terms of stereotypical team diversity measurements? No.
The culture document goes on to say that "Someone Must be Offended, Some of the Time":
- "Krakenites are welcome to request (and deny) personal language and communication preferences of each other"
- Everyone is responsible for their own feelings
- Being offended doesn't necessarily make you right
- Being offended doesn't necessarily make you "harmed"
- Words nor silence are ever "violence"
- We do not call someone's words toxic, hateful, racist, x-phobic, unhelpful, etc.
Throughout the document are various notes to clarify that although some of what they're describing definitely sounds like they might be breaking the law, they're definitely not breaking the law: e.g., "Note: We are committed to eliminating all forms of discrimination against legally protected groups in every jurisdiction in which we operate."
Making matters worse, 3AC co-founder Su Zhu tweeted during the mass sell-off to promote stETH, which certainly gives the appearance that he was trying to pump the price to improve price or liquidity. BlockFi later confirmed that they had liquidated some positions that 3AC held with them.
Speculation about 3AC has swirled, with little comment from 3AC or its executives besides a June 14 tweet from Zhu: "We are in the process of communicating with relevant parties and fully committed to working this out". Meanwhile, other organizations including 8 Blocks Capital have reported that they've been unable to reach 3AC about money they're owed.
YGG pointed out that the seed investor agreement did not require investors to "provide any specific value add services", and "there is no provision for Merit... to unilaterally cancel the contract". The core team replied to say that, "We would like to honor all agreements, however... the DAO holds the ultimate power". One minority voice in the community argued, "You can not just look back 6 months later and be angry with someone who took an early bet on you and say 'here is a refund'. We must uphold trust in compensating those who take early risks."
Surprisingly, YGG ultimately accepted a deal with the DAO rather than take it to court. The final decision did not entirely eliminate their promised returns, but still only granted them around 30% of what they would have been owed with the original deal (which would have been over $5 million).
In a Twitter thread, CEO of the 101.xyz web3 platform detailed the saga and wrote, "it's hard to see this as anything other than a horrendous stain on the reputation of web3... Merit Circle DAO may not need outside support anymore, but many other projects do. And now they've made it harder for earlier projects to get the capital they need. Investors might rightfully ask 'what if your DAO decides to fuck us'".
Even without the $625 million hack in March, Axie's economy was in trouble. A November 2021 report from Naavik, titled "Infinite Opportunity or Infinite Peril?" wrote that the game's "economic policies are fundamentally unsustainable" and that "the value of new Axies and SLP is propped up by new players putting fresh money into the game".
As of May, even top-ranked players were making around $0.68 a day — certainly well below the $41.50 average daily wage in the Philippines that the game was once beating. Now, Axie Infinity downplays the financial promises of its game, with the company's head of product writing, "Axie Infinity first and foremost needs to be a game".
Coinbase broke the news to affected employees in a particularly cold way: by email, sent to employees' personal email accounts because they immediately cut access to employees' work accounts. "Given the number of employees who have access to sensitive customer information, it was unfortunately the only practical choice, to ensure not even a single person made a rash decision that harmed the business or themselves," wrote CEO Brian Armstrong in a message to employees that was subsequently published as a blog post.
- "A message from Coinbase CEO and Cofounder, Brian Armstrong", Coinbase blog
- "Crypto Exchange Coinbase to Lay Off 18% of Staff", Wall Street Journal
This is the latest in a long string of Discord compromises. Other hacked servers in recent days included those for Curiosities, Meta Hunters, Parallel, Goat Society, RFTP, and Gooniez.
It's hard to say why the collector accepted such a low offer. Some have speculated that they were tax loss harvesting to offset other gains, while others have wondered if the collector's account might have been compromised. It's also possible that the collector was cutting losses, not expecting the demand for their NFT to rebound anytime soon.
Rumors of a downturn across the tech industry more broadly have been swirling for several months, but crypto companies appear to be being hit particularly hard as they simultaneously endure "crypto winter".
- "Crypto crash wreaking havoc on DeFi protocols, CEXs", Cointelegraph
I love it when I go to my bank to grab some cash from the ATM and discover that I can't, because someone else's cash clogged up the pipe.
The pause occurred as Bitcoin was reaching record low prices not seen since 2020, contributing to the ongoing pattern of Binance suddenly pausing withdrawals or undergoing maintenance during periods of chaos in the crypto ecosystem.
The lawsuit argues that UST is an unregistered security, and that as a result, Binance.US was violating securities laws by listing it. The lawsuit also alleges that Binance.US misled investors, leading them to believe that UST was more stable than it actually was. More than 2,000 investors have joined the lawsuit.
The attackers have distributed the tampered applications through websites that clone the legitimate applications' websites. Through search engine poisoning, primarily via Chinese search engines like Baidu, the attackers have successfully gotten unsuspecting users to install the malicious programs.
- "Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto", BleepingComputer
Crypto researcher Small Cap Scientist suggested on June 9 that the sell-offs may have been triggered by a "canary in the coal mine": a 50,000 stETH (nominally worth $45.8 million) sell-off by Alameda Research, a trading firm founded by Sam Bankman-Fried. SCS also reported that Celsius Network was "quickly running out of liquid funds to pay back their investors", and "they are taking massive loans" against "billions in illiquid positions" to pay back customers.
There has been a lot of concern lately about Celsius' reserves and its ability to honor redemptions, with some speculating that the platform might be underwater and forced to default. Celsius released a blog post on June 7 titled, "Damn the Torpedoes, Full Speed Ahead" where they accused "vocal actors" of "spreading misinformation and confusion", and promised that "Celsius continues to process withdrawals without delay", and that "Celsius has the reserves (and more than enough ETH) to meet obligations".
Celsius' June 12 announcement did not include any details on what their plans would be, just that they hoped it would allow them to "stabilize liquidity and operations while we take steps to preserve and protect assets".
On June 14, the Wall Street Journal reported that Celsius had hired restructuring attorneys.
Anyway, a project called Offline Cash has sprung up. In a stunning example of Poe's Law, the project seeks to provide a physical form of that digital physical cash people have spent so much time working on.
Hear me out: imagine you had paper notes that you could transfer to people in lieu of making a Bitcoin transaction! And unlike regular cash, it has an expiration date to keep track of!
Scammers compromise verified, 5-million-follower Twitter account for Venezuelan newspaper El Universal, use it to promote fake Goblintown site
One of the wallets used by the scammers had stolen 64 NFTs, though most of them were low in value. The address had also pulled in 16.5 ETH (~$30,000). However, most scammers rotate wallets, and this likely doesn't reflect the total damage from the scam.
20 million Optimism tokens sent to nonexistent address, someone else snags them before they can be recovered
Wintermute published a blog post taking responsibility for the error, and announced that they would "proceed to buy OP every time the attacker sells it to make the protocol whole eventually". So far the attacker has sold 1 million $OP for about $1 million USD.
Wintermute wrote that they were "open to see this as a white hat exploit", but if the funds were not returned within a week, they were "100% committed to returning all the funds, tracking the person(s) responsible for the exploit, fully doxxing them and delivering them to the corresponding juridical system".
Remarkably, the attacker returned 17 million of the tokens two days later, keeping 2 million as a "bounty". Wintermute agreed to reimburse the Optimism Foundation for the remaining 2 million $OP.
Although the project team promised that "every single one of our holders will win something", the collectors were in for a lot of disappointment: players never showed up for events, and Zoom meetups were never scheduled despite repeated requests, and merchandise was never sent. One person who was promised a signed jersey instead received a t-shirt, apparently devoid of any signature.
In mid-May, two project creators announced they would be "stepping back on the project as [they] cannot seem to please the community". The announcement broadly blamed the project's failures on "lack of interest" in the project. They said they would no longer be providing physical items, and would focus on "athlete utility", though in the time since then the project has remained similarly stagnant.
Collectors minted Players Only NFTs in early December for 0.08 ETH each (~$144). One NFT from the project has been sold on the secondary market in the last month, for $0.001 ETH (less than $2).