Robinhood fined $30 million over lackluster cybersecurity and anti-money laundering protections in their crypto offering

The New York Department of Financial Services levied a $30 million fine against Robinhood, an app used for stock trading that has also branched into crypto. According to the DFS, Robinhood Crypto demonstrated "significant failures" in its anti-money laundering and cybersecurity obligations.

Robinhood Crypto had certified to the DFS in 2019 that they were in compliance with those regulations, despite the fact that they were not. The DFS imposed a $30 million fine to the company, and also ordered them to hire an outside party to evaluate their regulatory compliance and efforts to remediate the problems with their platform.

Reaper Farm exploited for around $1.7 million

Yield farming project Reaper Farm suffered an exploit that resulted in a $1.7 million loss. The attackers discovered a vulnerability that allowed them to withdraw anyone else's funds. They then bridged funds to Ethereum, then laundered them through Tornado Cash. After discovering the exploit, Reaper Farms used the same vulnerability to remove funds from the remaining vulnerable vaults to prevent the attacker from stealing more.

Shortly after the exploit, Reaper Farms announced they plained to raise capital via "the sale of vested $OATH tokens from our treasury with desirable terms", which would then be used alongside other assets in their treasury to compensate users.

Operators of Dropil crypto scam sentenced to federal prison

Two men who ran an "investment management service" called Dropil were sentenced to 2½ and 3 years in prison after stealing around $1.9 million from more than 2,000 people. They convinced people to buy DROP tokens, which they said would provide access to an automated trading bot that would return up to 63% in annual returns. In reality, there was no functional trading bot. When the SEC inquired, the two men forged profitability reports and lied under oath about the project.

SEC charges perpetrators of $300 million Forsage crypto pyramid scheme

The SEC charged eleven people who helped to create and promote the crypto pyramid and Ponzi scheme Forsage. The scam operated from January 2020 into 2021, despite multiple cease and desist actions from regulators in the US and the Philippines.

Users deposited their money into projects running on the Ethereum, Tron, and Binance blockchains, and earned rewards for recruiting others to the scheme. The project also used payments from newer investors to pay out earlier investors — a Ponzi scheme.

Players in the National Women's Soccer League may be "out money" after Voyager bankruptcy

Half of the money in a large deal between the crypto platform Voyager Digital and the National Women's Soccer League was supposed to be distributed to players in cryptocurrency accounts. According to a press release from Voyager, this was intended to "provide NWSL players with financial education on crypto, including key lessons and tools, to help develop long-term financial growth opportunities for players potentially well after their competitive playing careers have ended."

Those players have certainly learned something about crypto, as the league informed them that they're not likely to get the funds they were promised after Voyager Digital filed for bankruptcy in early July.

People rush to steal some of the $190 million in the Nomad bridge after an exploit is discovered

After an attacker began exploiting a vulnerability in the Nomad bridge, many people rushed to replicate the attack and steal some of the roughly $190 million of various cryptocurrencies in the bridge. Some didn't seem to think through the consequences of using wallets tied to their real-life identities to exploit the vulnerability, which should be interesting to watch.

Nomad posted on Discord and tweeted that they were "aware of the incident" and "investigating", but the attack was ongoing over an hour after the acknowledgement.

Four days before the attack, Nomad announced that they'd raised a $22.4 million seed round from investors including Coinbase, OpenSea, and Crypto.com.

CoinFLEX cuts "significant number" of staff

CoinFLEX, a yield farming platform that stopped withdrawals in late June, announced they had made major staff cuts to reduce their cost base by 50–60%. "The intention is to remain right-sized for any entity considering a potential acquisition of or partnership opportunity with CoinFLEX," they wrote in a blog post.

Restructuring plans reveal Babel Finance's $225 million losses during crypto market dip

Babel Finance, a crypto lender that suspended withdrawals in mid June, sustained "massive losses" thanks to its proprietary trading desk, which was trading with customer funds. According to a restructuring plan viewed by Bloomberg, Babel's prop desk lost around 8,000 BTC and 56,000 ETH, valued at around $225 million at the time of the loss. The trading team was not using risk controls, and their unhedged position led to forced liquidations that made Babel's lending and trading departments unable to meet its margin calls from counterparties like Zipmex.

Helium caught lying that Lime and Salesforce use their network

A graphic from Helium's website, with the header "Helium is used by:" and then a collage of logos including Lime and SalesforceScreenshot of Helium's website (attribution)
Helium, a network of wireless hotspots for low-power devices whose operators are incentivized by a crypto token, has been lying about its relationship with scooter rideshare company Lime. According to an investigation by Matt Binder in Mashable, Helium has been boasting that Helium is used by Lime on their website and describing them in press coverage as a prominent user of the network despite the fact that Helium and Lime never had a formal relationship. "Helium has been making this claim for years and it is a false claim", said a Lime spokesperson.

Helium is a common name that comes up when people are pressed to provide examples of web3 use cases. The New York Times ran a feature on the company in February 2022, titled "Maybe There's a Use for Crypto After All", where Kevin Roose lavished praise on the company and wrote that they had "largely avoided the hype and inflated claims that surround many crypto projects" (oops) and repeated the false claim about a Lime partnership (double oops). Lime said that the Times never contacted them to fact-check the claim; meanwhile, Helium founder Amir Haleem prominently points people to the article with a pinned tweet.

However, a recent Twitter thread by Liron Shapira drew attention to the fact that the company's total monthly revenue from network usage is only $6,500 — raising questions about the feasibility of hotspot operators actually earning much in the way of rewards (as the rewards are distributed based on network usage).

Following the publication of Binder's article, Helium quietly removed Lime's logo from their website, along with that of Salesforce, a CRM software company. Salesforce also confirmed to The Verge that they had no partnership with Helium, and that the graphic on the Helium website where Salesforce's logo was displayed as a user of Helium was "not accurate".

Regulators order Voyager to stop saying they're FDIC insured

One of the ways Voyager Digital drew in customers was by promising that their funds in USD were protected from a collapse of the company by FDIC deposit insurance, which normally applies to bank accounts. When Voyager declared bankruptcy earlier this month, some of their customers were horrified to discover this was not the case.

The Federal Reserve and the FDIC sent a cease-and-desist to Voyager, asking them to remove the misleading statements about deposit insurance. It would have been nice if this had come a bit earlier — perhaps before people had deposited money into accounts with the company and could no longer get it out.

Nirvana Finance drained of $3.5 million

The Solana-based yield farming project, Nirvana Finance, was exploited by an attacker who used flash loans to drain the project of just under $3.5 million. The attacker took out a $10 million loan from the Solend project, used it to mint ANA tokens, swapped the ANA for $13.5 million, and then repaid the loan. The attack was similar to the attack on Crema Finance earlier in the month.

The attack caused the project's ANA token to plunge in value by 80%, and the project's NIRV stablecoin to lose its dollar peg, falling to $0.08. Nirvana Finance tweeted, "Please be advised: ANA has lost its collateral, and NIRV has lost its peg. Until the thief restores funds, these tokens will not have exchange value. Be very careful with trading NIRV & ANA, as they currently have no guaranteed value."

They also tweeted at the hacker, promising to stop investigating the hacker's identity and to pay a $300,000 "bounty" in exchange for the funds back. They wrote, "You have not taken money from VCs or large funds — the treasury you have taken represents the collective hopes of everyday people."

The project had promised its users over 60% APY, and its Twitter account described ANA as "the balanced risk investment with adaptive yield".

No more Dune or DAO for the Dune DAO

Photograph of the Dune storyboard bookDune script bible (attribution)
"DAO delusion was at its peak when the community went into this journey together", wrote SpiceDAO founder Soban "Soby" Saqib. SpiceDAO (named for the Dune drug) won an auction to buy a copy of the Dune script bible in January — at $3 million, far above its usual selling price, likely because it was public knowledge how much the DAO had raised. DAO members celebrated afterwards, excitedly anticipating an animated television series based on the book, apparently not realizing that buying a book (even for a very high price) does not confer rights to publish derivative works.

The DAO has stumbled along somewhat since its January victory, encountering issues with making the bible viewable to DAO members without breaking copyright laws, a diminishing treasury due to declining crypto prices, and controversy after Soby was linked to the Remilia Collective.

After all that, the project leader suddenly and apparently unilaterally announced a plan where members could redeem their SPICE for ETH, and stated that they would be removing project leaders, converting the DAO to a private company, and selling the Dune bible (likely at a major loss). It was nice knowing you, SpiceDAO.

KuCoin announces "Anti-FUD Fund" to track down and sue critics

Those in the crypto ecosystem have long claimed to embrace the principles of censorship resistance and freedom of speech, but apparently some of them draw the line at speech that's critical of them. Johnny Lyu, CEO of the KuCoin crypto exchange, announced on Twitter that the company would be creating an "Anti-FUD Fund" to combat "FUD" — an acronym for "fear, uncertainty, and doubt" that has come to be used to describe any criticism or tough questions directed at crypto projects.

In his Twitter thread, Lyu outlines how the fund will "implement Anti-FUD education", "motivate and acclaim industry leaders and influencers who are always responsible, delivering trusted information", and "effectively trace FUDers who intentionally spread FUD and take legal actions against them if needed".

Something tells me his list of "industry leaders and influencers" to "acclaim" won't include those who are rightfully skeptical of crypto.

OFAC has been investigating Kraken over suspected sanctions violations

The New York Times reported on July 26 that the Treasury Department's Office of Foreign Assets Control (OFAC) has been investigating major US-based crypto exchange Kraken for suspected sanctions violations. They reportedly believe that Kraken has been providing services to people in Iran and other sanctioned countries. The Times' sources have said that OFAC is likely to impose a fine on the company, which would make Kraken the largest crypto company to face enforcement from OFAC relating to the Iranian sanctions.

CEO of Titanium Blockchain Infrastructure Services pleads guilty to securities fraud

CEO Michael Stollery of Titanium Blockchain Infrastructure Services (TBIS) pled guilty to securities fraud in connection to a $21 million cryptocurrency scam. The company promoted its BAR token during 2017–2018, and did not register with the SEC for its ICO. TBIS made false claims including that they had ties to companies including Apple, Boeing, and IBM, and offered various services that did not actually exist. At least 75 people participated in the ICO, giving TBIS a combined $21 million, some of which went directly to Stollery's bank account and personal expenses like a condo in Hawaii.

Crypto platform Immutable lays off 17% of its gaming division staff

Screenshot of gameplay of a digital trading card game. There is a streamer overlaid in the bottom left corner.Gods Unchained gameplay (attribution)
The Australian crypto company Immutable fired 17% of staff from its gaming division. Immutable has said this amounted to 18 workers, though the Games Workers Australia union disputed the number and said that 30 roles were cut. The fired employees all worked on the Gods Unchained blockchain-based trading card game, and were given 24–48 hours notice of their firing.

The fired employees quickly began preparing a legal fight against immutable, questioning whether their firing was legitimate when many of the people who were sacked were about to reach the vesting date for more than $1 million in stock options.

Brazilian authorities challenge NFT company Nemus after it claims ownership to land in the Amazon, allegedly pressures Indigenous people to sign documents they could not read

Aman in a polo shirt stands in the rainforest with a sign reading "NFT"Image from Nemus's "Non-Fungible Territory" press release (attribution)
Nemus is an NFT project already described in W3IGG for its plans to become "Guardians" of the Amazon rainforest and saviors of its Indigenous populations by selling Ethereum NFTs and reopening a Brazil nut plantation.

On July 20, they issued a press release claiming that "the World's First Non-Fungible Territory has been officially renamed by indigenous people in Brazil in coalition with Nemus". The company claims to own 41,000 hectares (~100,000 acres) of land in the Amazon.

On July 25, Brazil's Federal Prosecution Office (MPF) issued a statement that they had demanded Nemus provide proof of ownership of the areas they claim, clarification on the projects they've been promising online they would undertake, and proof that they've received authorization by the National Indian Foundation (FUNAI) or any other public body that would allow them to operate in the area and engage with various Indigenous groups.

According to the MPF, members of Indigenous groups in the area reported the company had violated their rights. They also explained that Nemus had expressed to them their plans to use heavy machinery to open an airstrip and build a road in order to access Brazil nut groves in the area. Apurinã leaders alleged that company representatives had pressured Indigenous people who do not read well to sign documents, and did not provide them with copies.

After five years in prison for a Ponzi scheme and a lifetime ban from the pharmaceutical industry, Martin Shkreli announces his new venture: a web3 drug discovery platform

Martin Shkreli sits at a table, arms crossed and smirkingMartin Shkreli (attribution)
Martin Shkreli, sometimes known as "Pharma Bro", earned notoriety after obtaining the patent for an anti-parasitic drug and hiking the price from $13.50 a pill to $750. An FTC lawsuit ordered Shkreli in January 2022 to return almost $65 million in wrongfully obtained profits, and banned him for life from the pharmaceutical industry.

In 2018, he was sentenced to federal prison for unrelated securities fraud; a U.S. Attorney stated he "essentially ran his company like a Ponzi scheme". He spent five years in prison, and was released in May 2022.

Shkreli is also banned from the securities industry, and from serving as an officer or director of any publicly traded company.

If this was anyone other than Martin Shkreli, I might have been surprised to hear that, only a little over two months out of prison and while still staying in a halfway house, Shkreli is launching a "web3 drug discovery software platform".

$4.5 million taken from Teddy Doge project in apparent rug pull

The Teddy Doge defi project saw its token price plummet over 99% as 30 billion TEDDY were transferred from the project's deployer and distributed to various wallets, which then converted the TEDDY to over 10,000 BNB ($2.56 million) and 2 million BUSD, a dollar-pegged stablecoin.

Although the project admins blamed the theft on an outside attacker, writing on Telegram that they were "not certain whether it is a bug in our cross-chain bridge or a leaked developer wallet", that is a common refrain by developers who rug pull their own projects.

Attacker makes off with $1.1 million after successful governance attack on the Audius web3 music platform

An attacker was able to create and pass a governance proposal to transfer out 18.5 million AUDIO tokens from the community treasury. They then successfully swapped these for 705 ETH (~$1.1 million).

Audius halted the token and smart contracts while they patched the bug, and brought the network back online shortly afterward. The attacker had found and exploited a vulnerability in the way the contracts were written which allowed them to rewrite the governance voting rules and delegate 10 trillion AUDIO tokens to themselves for voting purposes. They then used those tokens to pass the malicious proposal. The contracts had been audited by OpenZeppelin and Kudelski, but neither group caught the vulnerability. Audius stated that a plan for dealing with the loss of community funds was still under discussion.

GameStop's new NFT platform features an NFT mimicking a victim of 9/11

A rendering resembling the famous "The Falling Man" photo. A man in an astronaut suit falls headfirst, with a striped background resembling a tall office tower.Falling Man NFT (attribution)
GameStop's brand new NFT platform, which launched on July 12, is off to a less than promising start. Unlike some other NFT platforms like OpenSea, Gamestop does not allow just anyone to create and list NFTs — creators have to apply and be approved individually.

One of their artists, "Jules", created an NFT clearly modeled after The Falling Man, a well-known photograph of a man falling from the upper floors of the World Trade Center during the September 11 attacks in New York City. The NFT is also titled Falling Man, and pictures a model in the same position, but wearing an astronaut suit.

Not only is GameStop selling an NFT of the victim of a tragedy, it's a featured image when Googling "GameStop".

Celsius customers send letters to the judge in the bankruptcy case

Correspondences of my email sent to support on 15 Jun 2022:  To: support@celsius.network Cc: ceo@celsius.network  Dear Alex and Celcius support, I am writing this email to ask for your special consideration to allow me to make a small withdrawal on my BTC held in Celcius. I understand that Celsius made the decision to pause withdrawals in a volatile market condition, but do hope that you review my case and give me special permission.  I am 5.5 months pregnant with my third child. I am expecting to give birth in early October and I do need the fund to pay for the hospital, doctor and baby items such as cot, clothes, nappies etc. I also need the fund to pay for school fees for my two other schools aged children.  I have attached a recent scan of my baby and a letter from my obstetrician confirming my pregnancy and planning for admission into the hospital.  Scan of my baby that am carrying: [ultrasound photo of a fetus]Email to Alex Mashinsky and Celsius support (attribution)
Celsius customers have begun to send letters to the judge presiding over Celsius Network's bankruptcy case in the Southern District of New York. More than fifty letters have been entered into the docket since July 15, and new letters are continually being added.

Many customers write of being convinced by Alex Mashinsky personally, particularly in his weekly "AMA"s where he regularly claimed that Celsius was a safe platform with substantial reserves that could cover any potential losses. Mashinsky often denigrated traditional banks, referring to Celsius as a better and safer option.

Some of the letters are particularly heartbreaking, with customers referring to suicidal ideation or saying that they've been too ashamed to share the news of their financial losses with their family. One woman included a copy of an email she sent to Mashinsky and Celsius support, pleading for them to allow her access to her crypto, and including an ultrasound photo of a baby. "I do need the fund to pay for the hospital, doctor and baby items such as cot, clothes, nappies etc. I also need the fund to pay for school fees for my two other school aged children," she wrote.

Founder of My Big Coin convicted of $6 million crypto fraud

Randall Crater, founder of the cryptocurrency company My Big Coin, was convicted of multiple charges including wire fraud for a crypto scheme in which he stole more than $6 million from investors. Crater falsely marketed his business, which he operated between 2014 and 2017, as operating "a fully functioning cryptocurrency backed by $300 million in gold, oil and other valuable assets", which he fraudulently stated was partnered with MasterCard. According to the U.S. Attorney's Office, Crater used the $6 million in stolen funds "for his own personal gain and spending on goods, including hundreds of thousands of dollars' worth of expenses on antiques, artwork and jewelry".

Former Coinbase product manager charged with tipping off co-conspirators about tokens that were about to be listed on the exchange

Ishan Wahi, a former product manager for Coinbase, was indicted on two charges of wire fraud and two charges of wire fraud conspiracy for allegedly tipping off his brother and friend to make trades based on his insider knowledge.

Wahi allegedly used his access to highly confidential information around which cryptocurrency tokens would be listed and when the news would be announced to tip off his brother and friend, who would then use multiple anonymous Ethereum wallets to purchase large quantities of the token before the prices spiked on the news. According to the press release, the two took positions in at least six tokens before Coinbase announced in April 2022 that they would be listing them on the exchange. The DoJ said that the scheme had generated approximately $1.5 million in gains. The DoJ acknowledged a "Twitter account that is well known in the crypto community", likely referring to Cobie, who identified the suspicious activity.

The DoJ also reported that when Coinbase's director of security operations contacted Wahi in May asking him to attend a meeting regarding the suspicious activity, Wahi purchased a one-way flight to India in an attempt to flee the country. He was stopped by law enforcement.

The U.S. Attorney for the Southern District of New York stated in the press release, "Today's charges are a further reminder that Web3 is not a law-free zone... fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street."

Each of the charges (four against Wahi, two each against his brother and friend) carried a maximum sentence of 20 years. In May 2023, Ishan Wahi was sentenced to two years in prison; Nikhil was sentenced to ten months in prison.

Blockchain.com lays off 25% of its employees

The cryptocurrency exchange Blockchain.com announced they would be cutting 25% of their employees, or around 150 people. They attributed the decision to the crypto market conditions, as well as the need to compensate for financial losses — likely alluding to the $270 million loss they're facing due to a loan to the now-insolvent Three Arrows Capital crypto hedge fund.

Blockchain.com also announced that they would close their Argentina-based offices, cancel plans to hire in several countries, and cut executive salaries.

Blockchain-powered carbon offset company Land Life starts 35,000-acre forest fire in Spain

Still frame from a video of the Ateca fireStill frame from a video of the Ateca fire (attribution)
Five villages were evacuated and a rail line was closed as a wildfire has burned 14,000 hectares (~35,000 acres) near Ateca in northwestern Spain. The fire was reportedly sparked by equipment used by a contractor to dig trees for Land Life. Land Life is a carbon offset company that focuses on reforestation, and speaks about its "autonomous planting, remote monitoring and blockchain verification". The Dutch company raised €3.5 million in a Series A round in October 2018.

The wildfire is reportedly the second fire in that same location attributed to the company in the last month. Spain has been facing devastating fires brought on by record-breaking temperatures and drought, and Land Life acknowledged that contractors should not have been working during the heat wave due to the extreme fire risk.

NFT collector Franklin loses 100 ETH (~$150,000) in a joke gone wrong

The image representing the ENS domain for stop-doing-fake-bids-its-honestly-lame-my-guy.eth, with the default blue gradient background.A pricey joke (attribution)
Bored Ape aficionado franklinisbored has apparently found a new source of entertainment by placing high bids on his own ENS domains with amusing names, causing a Twitter bot that announces ENS domain offers to tweet about it. After amusing himself by placing 100 ETH bids on joebiden.eth, elonmusk.eth, barackhusseinobama.eth, and donaldjtrumpjr.eth, he solicited suggestions on Twitter for what ENS domain he should create and then place a fake bid on next.

Based on a follower's suggestion, he created the ENS domain stop-doing-fake-bids-its-honestly-lame-my-guy.eth and placed a 100 ETH bid on it. To his surprise, another person came along and offered him 1.9 ETH (~$2,900). Apparently excited to receive a sizeable offer for a gag NFT, franklinisbored accepted the offer and took to Twitter to write about his good fortune: "Well this is the most surprising 1.891 ETH I have ever made. I owe it all to #ENS and @gweiman_eth's creative idea. #Marketing101".

Meanwhile, he had forgotten to cancel his joke 100 ETH offer, which remained active. The new buyer accepted the offer and sold the NFT back to him, pocketing 98 ETH in the process. Franklinisbored wrote on Twitter, "I was celebrating my joke of a domain sale, sharing the spoils, but in a dream of greed, forgot to cancel my own bid of 100 ETH to buy it back. This will be the joke and bag fumble of the century. I deserve all of the jokes and criticism." He also sent the 1.9 ETH back to the other person, with a message asking them to reverse the transaction. The other person replied, "No, thank you for the money though."

Tesla announces they sold 75% of their Bitcoin

Tesla announced in their Q2 financial report that they had sold about 75% of the Bitcoin they had been holding. The company first bought $1.5 billion of Bitcoin in January 2021, at between $30,000 and $40,000, but sold 10% of that shortly after.

In their report, Tesla stated that "Conversions in Q2 added $936M to our balance sheet." Assuming this is all Bitcoin, this suggests Tesla sold at around $28,900 — a 7–10% decrease from their buy price. The company stated in a shareholder presentation that the "Bitcoin impairment" had damaged the company's Q2 profitability.

This is grim news for some crypto enthusiasts, a group that overlaps considerably with Tesla and Musk superfans. Musk's Bitcoin purchases helped to convince many new people to buy in, and the news of Tesla's decision caused a sharp 2.5% decrease in Bitcoin prices.

Zipmex indefinitely halts withdrawals

Singapore-based crypto exchange Zipmex is the latest in a long string of crypto platforms to suspend customer withdrawals. "Due to a combination of circumstances beyond our control including volatile market conditions, and the resulting financial difficulties of our key business partners, to maintain the integrity of our platform, we would be pausing withdrawals until further notice," they wrote on Twitter.

According to CoinDesk, Zipmex faces an enormous loss on a loan of $100 million worth of assets to Babel Finance, an exchange that suspended withdrawals in mid-June and is now hiring restructuring attorneys.

On July 21, the Thai Securities and Exchange Commission sent a letter to Zipmex asking them to explain their decision, requesting details on customer assets under custody and where they were invested — particularly around any assets deposited in Celsius or Babel Finance.

Minecraft announces they will not support or allow NFTs

Cover of the video game Minecraft, showing a group of blocky characters standing on grassy ledgesMinecraft cover art (attribution)
Minecraft is a massively popular sandbox-style video game that had almost 140 million monthly active users as of 2021. Its developer, Mojang Studios, published a blog post detailing upcoming guidelines to clarify their position on NFTs and blockchain more generally. They wrote that "NFTs ... can create models of scarcity and exclusion that conflict with our Guidelines and the spirit of Minecraft." They announced that "blockchain technologies are not permitted to be integrated inside our client and server applications, nor may Minecraft in-game content such as worlds, skins, persona items, or other mods, be utilized by blockchain technology to create a scarce digital asset."

Korean authorities raid seven cryptocurrency exchanges in relation to Terra investigation

Korean police cars parked outside an office building at nighttime. A lit "Upbit" sign is visible.Korean police executing one of the raids (attribution)
Prosecutors working on the fraud case around the May Terra/Luna collapse raided seven cryptocurrency exchanges in South Korea including Bithumb, Upbit, and Coinone. They also raided eight other offices and residences in connection to the investigation. The investigators are reportedly looking for evidence to determine whether Terra founder and CEO Do Kwon may have intentionally spurred the collapse of the ecosystem.

$20 million taken from Raccoon Network and Freedom Protocol in likely rug pull

20.8 million BUSD, a dollar-pegged stablecoin on BNB Chain, was transferred from Raccoon Network and the Freedom Protocol on July 19. Security firm PeckShield identified the incident as a scam perpetrated by the people running the projects, although Raccoon Network has tried to claim the transfers were the result of a hack.

Raccoon Network is a metaverse project. Freedom Protocol invested in the project in late June, and announced they would be working together. Freedom Protocol is a defi project that advertises an 183,394.2% APY "compounded by scientific calculations".

$7,500–$300,000 NFT-holders-only club set to open in SF, holders still have to pay for their food

Artist rendering of a building with curved Japanese-temple-like roofs, amidst a park surrounded by skyscrapersArtist's rendering of the Sho Restaurant (attribution)
Salesforce Park, a suspended park area underneath the Salesforce Tower, has been described as intentionally unwelcoming to the many unhoused San Franciscans it looms atop. Parts of the new restaurant intended to loom over Salesforce Park were even more ostentatious and exclusive — people would need to pay between $7,500–$300,000 to gain access to the members-only Sho Club at the Sho Restaurant, which was set to open in autumn 2023.

The Sho Restaurant said they planned to allow members of the public as well as NFT holders, and even the holders would still have to pay for their food. NFT holders were also promised access to the exclusive Sho Club, and things like "Access to all future Sho Club lounges" (no such lounges appeared to be in planning). Those who paid $15,000 or $300,000 for the top two tiers of NFTs were told they would receive access to perks including a "Monthly curated omakase members dinner (food & beverage not included).

None of this ever came to pass, though, because the project fell silent and then was confirmed to have been abandoned in September 2023 — around the time it was supposed to open.

FBI warns of fraudulent crypto apps that have stolen an estimated $42.7 million

The FBI's Cyber Division issued a notification about fraudulent cryptocurrency investment apps that are successfully being used to defraud American investors. The scammers typically claim to offer cryptocurrency investment services to their targets, then convince them to download mobile apps that resemble genuine crypto trading apps (sometimes mimicking actual exchanges). The apps typically show the users' accounts increasing in value, but when users try to withdraw funds they find they're unable. Sometimes the apps defraud their victims even further by claiming they need to pay an additional "tax" before they can withdraw.

The FBI stated they had identified 244 victims, and estimated the total loss associated with these fraudulent apps to be around $42.7 million.

Bexplus crypto exchange closes, gives users only 24 hours to withdraw funds

The cryptocurrency exchange Bexplus announced that "due to force majeure, Bexplus will stop service from now on". Users were told to close their open positions and withdraw any funds within only a 24-hour period, before positions would be automatically closed and the withdrawal service would become unavailable.

Only four days prior, on July 14, Bexplus had published a press release offering "rewards worth up to $5,000 to new users who sign up and make their first deposit". The project also promised its users up to 21% interest on bitcoin kept with the exchange. Bexplus had also promised a 100% match on deposits to the platform, up to 10 BTC (currently priced at $235,550).

BlockFi offers employee buyouts to further reduce headcount one month after cutting 20% of staff

The cryptocurrency lender BlockFi is reportedly offering employees buyouts — sorry, a "voluntary separation program" — in an effort to reduce their headcount even further. Those employees receive 10 weeks of paid leave, 10 weeks of continued health insurance, and unemployment eligibility if they resign.

The move came only a month after BlockFi laid off 20% of their employees, or around 170 people. The company appears to be struggling to stay afloat, soliciting $400 million in loans from Sam Bankman-Fried's FTX crypto exchange and signing a deal with FTX that gives the exchange the opportunity to acquire them.

Gemini lays off second round of employees in less than two months

After laying off 10% of its workforce in the first week of June, Gemini has performed a second round of layoffs. The layoffs have not been announced externally, nor were they widely communicated internally, according to employees who spoke to TechCrunch. One employee said that 68 members, or 7% of the employee base, were no longer in the company Slack channel on Monday morning.

The week prior, an internal operating plan document was shared to the anonymous employee platform Blind, which outlined a plan that would reduce company headcount to around 800 — a 15% reduction. The plan was taken down shortly after. Gemini co-founder Cameron Winklevoss wrote in a Slack message that the leak was "super lame", and wrote that "friendly reminder that Karma is the blockchain of the universe — an immutable ledger that keeps track of positive and negative behavior."

Anthony Scaramucci's SkyBridge Capital suspends redemptions from crypto-exposed fund

SkyBridge Capital, an investment firm founded by Anthony Scaramucci, reportedly suspended redemptions from its "Legion Strategies" fund. Around 18% of the $230 million fund is allocated to crypto-related investments, including Bitcoin and Sam Bankman-Fried's private FTX crypto exchange.

The fund is down 30% YTD. According to Scaramucci, the suspension was to avoid "damag[ing] investors that want to stay in the funds" if many investors decide to exit in a less than "orderly" fashion.

Binance faces €3.3 million fine for operating in the Netherlands without registering

Binance, the world's largest crypto exchange, was fined €3.3 million ($3.35 million) by De Nederlandsche Bank (DNB) for operating in the Netherlands without the required registration. According to NOS, the fine was higher than most fines imposed for this type of infraction, partly due to Binance's enormous size. The regulators had issued a public warning about Binance operating without registration in August 2021.

The fine was imposed on April 25, 2022, and Binance filed an appeal in June. This is not Binance's first time playing fast and loose with regulatory bodies — in February, Binance halted activities in Israel due to being unlicensed. In December 2021, the Ontario Securities Commission released a statement to say that Binance wasn't registered in the province, but Binance continued to operate there anyway for several more months.

Police shut down the AEX crypto exchange

The AEX crypto exchange paused all withdrawals on June 16, estimating a 36-hour outage "to avoid unnecessary panic withdrawal". Then, instead of re-enabling all withdrawals, they re-enabled them in a piecemeal fashion, with several announcements each day that withdrawals were enabled for some extremely minor altcoins, but never for the more popular cryptocurrencies.

Then, on July 17, the exchange released a new announcement: "Due to cooperation with the police investigation, the platform has suspended related services... Please wait for the police announcement." They also wrote in the post, "AEX reserves the right of final interpretation of this announcement", and below the signature wrote, "The closer you look, the further you see."

PREMINT NFT tool hacked, user wallets drained

PREMINT is an NFT service intended to help project creators build access lists for new NFT projects based on various qualifications. The project was compromised on July 17, and users were asked to sign transactions that allowed hackers to drain all assets from their wallets. 314 NFTs were stolen, including from pricey collections such as Bored Ape Yacht Club, Otherside, Moonbirds Oddities, and Goblintown. The thiefs were able to flip the stolen NFTs for 270 ETH ($375,000), which they then tumbled through Tornado Cash.

On July 20, PREMINT's CEO announced they would be compensating all users affected by the hack by sending them ETH equivalent to the floor price of the stolen NFTs. "I realize that the NFTs stolen were not all floor NFTs... You might feel like this compensation isn't enough. But I don't think there's any other scalable and objective way to do this," he said. The total repayment will amount to about 340 ETH ($525,000). PREMINT also bought the two most expensive stolen NFTs from their new owners for the prices they had paid to buy them from the hacker — 92 ETH ($138,000) for a Bored Ape and 12 ETH ($17,800) for an Azuki. Those NFTs were returned to their original owners.

NFTs valued at $150,000 stolen via phishing link posted to the hacked Twitter account of NFT artist DeeKay

A colorful illustration of a conveyer belt ziz-zagging upwards. On the bottom level is a small boy with a butterfly over his head, amidst houses and trees. The second level has a larger town. The third level has an illustration of New York, with skyscrapers and the Statue of Liberty. The fourth level has San Francisco, with the Golden Gate Bridge. The fifth and final level has hills and a gravestone, with a ghostly angel next to it.Frame from the animated "Life and Death" NFT sold to Snoop Dogg (attribution)
On July 16, hackers compromised the Twitter account belonging to the well-known NFT artist DeeKay, who sold an NFT for 310 ETH (then $1 million) to Snoop Dogg in April. The 180,000 followers of DeeKay's compromised Twitter account saw it post a link announcing a new limited quantity airdrop, which directed them to a website mimicking DeeKay's real site. Some people fell for the scam, and in trying to claim their NFTs, actually approved transactions that allowed the scammers to empty their wallets. One victim lost four Cool Cat NFTs and three Azuki NFTs, which have floor prices of around 4 ETH (~$5,350) and 12 ETH (~$16,200) respectively.

Altogether, the stolen NFTs were valued at around $150,000. DeeKay reported that he wasn't sure how his Twitter account had been compromised, but that "my guess is that [two-factor authentication] was off for that specific time". DeeKay wrote that he was considering compensating his followers who were victim to the scam, but that "[a] few are pretending to be affected and looking for opportunities", and "this also encourages hackers to keep doing their thing". "There were some kind souls who were affected and have shown me great flexibility for me to compensate in different ways. Some are asking for high demands as if I was the hacker...😪", he wrote in the thread.

Coinbase plans to shut down its affiliate-marketing program, sparking rumors of an impending crisis

A leaked email revealed that Coinbase is planning to temporarily end its affiliate-marketing program, which pays influencers to convince their followers to sign up. Some influencers were earning $40 for each person they pulled on to the platform in early 2022, though the rewards had reportedly dwindled to as low as $2/person more recently. In the leaked email, Coinbase stated that they would be shutting down the program on July 19 "due to crypto market conditions and the outlook for the remainder of 2022". They also said they planned to re-enable the program at some point in 2023.

The news sparked rumors about Coinbase, including that they might be facing a liquidity crisis or insolvency. Others dismissed those rumors as unfounded, and normal behavior for a company facing a market downturn. Coinbase CEO Brian Armstrong tweeted that Coinbase was "well capitalized".

Boneheads rug pull for $3.1 million

A screaming skull with glowing pink eyes, wearing a beige t-shirt, grey cargo pants, red high top sneakers, and a grey baseball cap stands in front of a cyan backgroundBonehead #2006 (attribution)
Crypto sleuth zachxbt has accused the NFT project "Boneheads" of rug pulling only weeks after the project minted in August 2021. Although they promised physical collectibles, more NFT collections, merch giveaways (including, of all things, rugs), and other perks, they never followed through.

zachxbt traced the funds to various centralized crypto exchanges, and also found that some of the money had been used to purchase other pricey NFTs including Bored Apes, CryptoPunks, and others. He also identified two individuals he suspected were behind the pseudonymous creators of the project, who had mysteriously begun posting luxury trips, designer purchases, and an expensive Mercedes after the project mint.

After zachxbt's thread, the project tweeted for the first time in a very long time, writing "for the 2736463266474th time, itz not rug 😪, just a very deliberately slow creative process, lots of pivots..." However, the project never followed through on their promised new deadline. The social media account showing evidence of the alleged creator's lavish spending was also deleted.

Betty Boop launches "Boop & Frens" NFT project

A 3D rendering of Betty Boop, overlaid with horizontal lines somewhat resembling an old televisionBetty Boop NFT promotional art (attribution)
The studio behind Betty Boop decided there was no better time to launch a Betty Boop NFT collection than during a period of record low interest in NFTs (or, more likely, they started the project during the NFT craze and decided they'd sunk too much money into it to pull the plug). The Betty Boop Twitter account announced Boop & Frens, an 8,888-piece NFT collection.

Reception on Twitter was brutal, with one person commenting, "And that's another one for Beloved Icons Ruined By Pyramid Scheme Bingo". Another described the decision to launch an NFT project as "jumping on the bandwagon while it's actively collapsing". The reception on Discord was also tepid, with only 130 people joining the server in the two days following the announcement.

OpenSea NFT marketplace lays off 20% of employees

OpenSea, the largest NFT marketplace, announced that they would be laying off around 20% of their employees, or around 60 people. CEO Devin Finzer blamed "crypto winter" for necessitating the decision, a common phrase that has been referenced by multiple CEOs who have announced layoffs in the past two months.

John McAfee associate fined $376,000 for pump & dump scheme and undisclosed promotion of ICOs

Portrait of John McAfee, speaking at a microphoneJohn McAfee (attribution)
In October 2020, the SEC filed charges against anti-virus software magnate, two-time Libertarian presidential candidate, and all-around shady character John McAfee, as well as his bodyguard, Jimmy Watson Jr. They alleged that the two had promoted several initial coin offerings (ICOs) without disclosing that they were being paid to do so. The SEC also charged the pair with participating in a pump and dump scheme, where they secretly bought large amounts of a cryptocurrency token before hyping it on Twitter (where McAfee had millions of followers), then selling the tokens as the price increased.

McAfee died by suicide in June 2021 in a Spanish prison, shortly before he was due to be extradited to the United States on tax evasion charges. His death kicked off a tornado of conspiracy theories by QAnon followers.

Now, the SEC has wrapped up the investigation, finding his partner in crime responsible for the undisclosed promotion and pump and dump scheme. In addition to a $376,000 fine, Watson is prohibited from any professional cryptocurrency trading.

Celsius files for bankruptcy

One month after pausing customer withdrawals, crypto lending firm Celsius Network filed for Chapter 11 bankruptcy. Celsius had recently hired a new group of restructuring lawyers from Kirkland & Ellis, the same group counseling Voyager Digital in their bankruptcy proceedings announced on July 6.

Citizen Finance claims to have been hacked for around $100,000

Citizen Finance, a multichain platform that has something to do with NFTs and blockchain gaming, claimed to have suffered an attack by an outside party who obtained access to a private key for the BNB and Polygon chains. The attacker then used their access to transfer 244 BNB (~$55,000), 57,637 MATIC (~$32,300), and 7,000 USDC for a total windfall of around $94,300. The theft also caused the value of the CIFI token to plummet more than 50%.

As with many of these attacks, it's not immediately clear if there was truly an outside party who gained unauthorized access, or if the "attack" was actually a rug pull or an inside job. The project tweeted on July 16 that they were "continu[ing] to investigate" and had hired outside security firms to try to help them identify the hacker and recoup lost funds.

More than $8.17 million stolen in phishing attack targeting Uniswap users

In a successful, broadly-targeted phishing campaign, more than 70,000 addresses connected to Uniswap were airdropped tokens that baited users into approving transactions that allowed attackers to control their wallets. After some initial confusion that there might be a vulnerability in Uniswap itself, it was determined that the thefts were being perpetrated through the airdrop, which also linked users to a website that resembled the authentic Uniswap site. Users were tricked into signing the contract, and cryptocurrency and NFTs were stolen from wallets.

One single wallet targeted by the phishing attack lost more than $6.5 million worth of Ether and Bitcoin, and another targeted by attackers lost around $1.68 million worth of those currencies.