Web3 is Going Just Great

Curve acknowledged the apparent exploit, tweeting at the iwantmyname domain platform to say they believed the issue was on their end. Around an hour after the issue was widely noticed, Curve announced the "issue has been found and reverted", and to use the alternate Curve Finance domain until DNS changes propagated for the affected domain. They also urged users to revoke any recent contract approvals they'd made on the Curve platform.

FixedFloat tweeted that they had been able to freeze 112 of the stolen ETH (~$192,000) that had been transferred to their platform. Binance later announced that they'd recovered the remaining stolen funds, with founder CZ tweeting, "The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂"

The celebrities who received letters from TINA were Drake Bell, Tom Brady, DJ Khaled, Eminem, Jimmy Fallon, Paris Hilton, Eva Longoria, Madonna, Floyd Mayweather, Meek Mill, Von Miller, Neymar, Shaquille O'Neal, Gwyneth Paltrow, Logan Paul, Snoop Dogg, and Timbaland.

Tornado Cash is the most prominent cryptocurrency tumbler (or "mixer") and has been used in a multitude of instances to launder proceeds from cryptocurrency hacks and scams. In a press release, the Treasury Department named the North Korea-sponsored Lazarus Group's $625 million hack of Axie Infinity in March, the $100 million theft from Horizon Bridge in June, and the $190 million hack of the Nomad bridge in August as contributing to the decision.

Although Tornado Cash had claimed to be complying with sanctions in the wake of the Axie hack, the Treasury Department wrote in their press release that, "Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks".

Tornado Cash is also widely used to maintain privacy in a world where transactions are publicly visible, and it remains to be seen how the cryptocurrency ecosystem will react to this major development. Tornado Cash is also relatively decentralized in its operations, meaning it may be difficult for the sanctions list to be kept up to date and for the sanctions to be enforced.

The fallout from the sanction was swift: in the days following the action, Tornado's source code repository was removed from Github and the accounts of some of its developers were suspended; the project's Gitcoin funding page was taken down; and the project's own website, governance pages, and Discord server went offline.

A press release from Riot proudly announced that "Riot curtailed a total of 11,717 megawatt hours in July, enough to power 13,121 average homes for one month", as though it is acceptable that they are normally using this amount of electricity solely to churn out Bitcoins.

They also wrote that "When applied to anticipated power costs for the month, the power credits and other benefits are expected to effectively eliminate Riot's power costs for July" — meaning that Texas residents are effectively subsidizing the cost of Bitcoin mining whether they like it or not. Meanwhile, the Texas Tribune and The Dallas Morning News report that many Texans are paying 50–70% more for electricity than this time last year.

In an FAQ attached to the announcement, Hodlnaut told users that "it will not be a short process" to re-enable withdrawals and token swaps.

Despite a 2019 blog post by Binance titled, "Binance Acquires India's Leading Digital Asset Platform WazirX to Launch Multiple Fiat-to-Crypto Gateways", Binance CEO Changpeng Zhao ("CZ") tweeted that "Binance does not own any equity in Zanmai Labs, the entity operating WazirX", and that besides wallet services and an off-chain transaction integration, "WazirX is responsible all other aspects of the WazirX exchange". These statements were disputed by Nischal Shetty, the founder of WazirX, who stated in no uncertain terms that WazirX was acquired by Binance. "Binance owns WazirX domain name. Binance has root access of AWS servers. Binance has all the Crypto assets. Binance has all the Crypto profits", Shetty wrote on Twitter.

The project launched only days before it rug pulled. On August 7, the $DMA token dropped in price over 99% as funds were removed from the project and moved to exchanges. According to CoinDesk, around $3.5 million was taken. The project's website, Telegram channel, and Twitter accounts were all taken offline.

Someone apparently decided this was perfect material for an NFT project, which they named "Made In Uyghur". They took 100 images from the database, clumsily projected them onto 3D-rendered human models in a T-pose, and listed them for $25 apiece.

Upon becoming aware of the NFTs, the Xinjiang Victims Database updated their site licensing to CC BY-NC, a Creative Commons license that forbids commercial reuse. "Commercial use of the data, including images of victims, is not okay", they wrote on Twitter, "[Made In Uyghur] never contacted us about this".

The project developer suddenly sold off their share of the coin for around 1355 WBNB (~$442,000), sending the coin price plummeting by more than 68% as a result.

Now, Beanstalk is re-launching, saying they've made changes to their governance model and security practices, and have received audits from two major firms.

In June, the project creator stated that "The thing about a system like Beanstalk is that it works until it doesn't. You can never actually know if it works, only that it has worked so far."

Galanis wrote on Twitter that he "Just got my Apple ID hacked". Although he didn't offer more details on how he had determined iCloud was to blame, it's likely he's referring to an attack vector where MetaMask automatically backs up users' seed phrases to iCloud unless it's disabled, meaning that a hacker who successfully accesses a person's iCloud account can also compromise any of their MetaMask wallets. The same type of attack saw a user lose $650,000 in April, and brought wider attention to the app's behavior.

By manipulating the timestamps of blocks to be added to the chain, a miner can replace other miners' main-chain blocks with their own blocks, obtaining the fees that would have gone to the other miners. The attack has been called an "Uncle Maker" attack because Ethereum refers to valid but not main-chain blocks as "uncles".

F2Pool co-founder Chun Wang responded on August 8 to the allegations against his mining pool, apparently acknowledging their behavior and suggesting that manipulating a vulnerability in a system is not a "blatant disregard [of] the rules" as the researchers had characterized it. He tweeted: "We respect the *consensus* as is. If you don't like the consensus, convince [Ethereum developer Tim Beiko] to send me another Announcement and change it." Quote-tweeting a tweet by the lead author of the paper who described F2Pool's technique, he wrote, "I can't stop appreciate this elegant implementation of what we've done over the past two years... A robust system must withstand all kind of tests."

The ED wrote in a press release, " ED found that large amounts of funds were diverted by the fintech companies to purchase crypto assets and then launder them abroad...(a) maximum amount of funds were diverted to WazirX exchange and the crypto assets so purchases have been diverted to unknown foreign wallets".

In an unpublished blog post where he confessed to his deception, he wrote, "I believe it contributed to the dramatic rise of SOL". He wrote the post shortly after one of his persona's projects, Cashio, was hacked for $52 million, but apparently shelved it.

Ian Macalinao's brother Dylan, the other co-founder of Saber protocol, aided in the scheme by lending credibility to Ian's various personas to those who had doubts about trusting money to projects led by pseudonymous individuals.

All told, Ian Macalinao was responsible for the Saber protocol, the Protagonist VC firm and incubator, and Ubeswap under his real name. He created Sunny Aggregator as Surya Khosla, Cashio as 0xGhostchain, Goki as Goki Rajesh, Quarry as Larry Jarry, TribecaDAO as Swaglioni, Crate as kiwipepper, aSOL as 0xAurelion, Arrow as oliver_code, Traction.Market as 0xIsaacNewton, Sencha as jjmatcha, and VenkoApp as ayyakovenko.

However, that was not the address that CoinGape published in their article titled "Breaking: Nomad Announces ENS Address And Bounty For Returning Funds" article, which was syndicated to Binance's news feed. Instead, they indicated that people should send funds to a different address, a scammer who had been sending on-chain messages to various people who took money out of Nomad during the exploit, asking they return it.

Although CoinGape removed the article fairly quickly, it remained live on Binance's site for over an hour. Fortunately, it doesn't appear anyone besides the writers have fallen for the scam, as no cryptocurrency has been sent to the address.

ZB announced that they were suspending deposit and withdrawal services due to "sudden failure of some core applications".

Robinhood CEO Vlad Tenev wrote, "Since that time, we have seen additional deterioration of the macro environment, with inflation at 40-year highs accompanied by a broad crypto market crash. This has further reduced customer trading activity and assets under custody. Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022."

The announcement came the same day that Robinhood was fined $30 million by the state of New York for insufficient anti-money laundering and cybersecurity protections in the crypto portions of their offering.

Unfortunately, that treasury strategy — which in his case also includes taking on more debt to buy more Bitcoin — is not currently working out so well for MicroStrategy, which reported a $918 million impairment charge on their Bitcoin holdings in their most recent earnings report. Saylor stepped down as CEO the same day.

Robinhood Crypto had certified to the DFS in 2019 that they were in compliance with those regulations, despite the fact that they were not. The DFS imposed a $30 million fine to the company, and also ordered them to hire an outside party to evaluate their regulatory compliance and efforts to remediate the problems with their platform.

Shortly after the exploit, Reaper Farms announced they plained to raise capital via "the sale of vested $OATH tokens from our treasury with desirable terms", which would then be used alongside other assets in their treasury to compensate users.

Users deposited their money into projects running on the Ethereum, Tron, and Binance blockchains, and earned rewards for recruiting others to the scheme. The project also used payments from newer investors to pay out earlier investors — a Ponzi scheme.

Those players have certainly learned something about crypto, as the league informed them that they're not likely to get the funds they were promised after Voyager Digital filed for bankruptcy in early July.

Nomad posted on Discord and tweeted that they were "aware of the incident" and "investigating", but the attack was ongoing over an hour after the acknowledgement.

Four days before the attack, Nomad announced that they'd raised a $22.4 million seed round from investors including Coinbase, OpenSea, and Crypto.com.

Helium is a common name that comes up when people are pressed to provide examples of web3 use cases. The New York Times ran a feature on the company in February 2022, titled "Maybe There's a Use for Crypto After All", where Kevin Roose lavished praise on the company and wrote that they had "largely avoided the hype and inflated claims that surround many crypto projects" (oops) and repeated the false claim about a Lime partnership (double oops). Lime said that the Times never contacted them to fact-check the claim; meanwhile, Helium founder Amir Haleem prominently points people to the article with a pinned tweet.

However, a recent Twitter thread by Liron Shapira drew attention to the fact that the company's total monthly revenue from network usage is only $6,500 — raising questions about the feasibility of hotspot operators actually earning much in the way of rewards (as the rewards are distributed based on network usage).

Following the publication of Binder's article, Helium quietly removed Lime's logo from their website, along with that of Salesforce, a CRM software company. Salesforce also confirmed to The Verge that they had no partnership with Helium, and that the graphic on the Helium website where Salesforce's logo was displayed as a user of Helium was "not accurate".

The Federal Reserve and the FDIC sent a cease-and-desist to Voyager, asking them to remove the misleading statements about deposit insurance. It would have been nice if this had come a bit earlier — perhaps before people had deposited money into accounts with the company and could no longer get it out.

The attack caused the project's ANA token to plunge in value by 80%, and the project's NIRV stablecoin to lose its dollar peg, falling to $0.08. Nirvana Finance tweeted, "Please be advised: ANA has lost its collateral, and NIRV has lost its peg. Until the thief restores funds, these tokens will not have exchange value. Be very careful with trading NIRV & ANA, as they currently have no guaranteed value."

They also tweeted at the hacker, promising to stop investigating the hacker's identity and to pay a $300,000 "bounty" in exchange for the funds back. They wrote, "You have not taken money from VCs or large funds — the treasury you have taken represents the collective hopes of everyday people."

The project had promised its users over 60% APY, and its Twitter account described ANA as "the balanced risk investment with adaptive yield".

The DAO has stumbled along somewhat since its January victory, encountering issues with making the bible viewable to DAO members without breaking copyright laws, a diminishing treasury due to declining crypto prices, and controversy after Soby was linked to the Remilia Collective.

After all that, the project leader suddenly and apparently unilaterally announced a plan where members could redeem their SPICE for ETH, and stated that they would be removing project leaders, converting the DAO to a private company, and selling the Dune bible (likely at a major loss). It was nice knowing you, SpiceDAO.

In his Twitter thread, Lyu outlines how the fund will "implement Anti-FUD education", "motivate and acclaim industry leaders and influencers who are always responsible, delivering trusted information", and "effectively trace FUDers who intentionally spread FUD and take legal actions against them if needed".

Something tells me his list of "industry leaders and influencers" to "acclaim" won't include those who are rightfully skeptical of crypto.

The fired employees quickly began preparing a legal fight against immutable, questioning whether their firing was legitimate when many of the people who were sacked were about to reach the vesting date for more than $1 million in stock options.

On July 20, they issued a press release claiming that "the World's First Non-Fungible Territory has been officially renamed by indigenous people in Brazil in coalition with Nemus". The company claims to own 41,000 hectares (~100,000 acres) of land in the Amazon.

On July 25, Brazil's Federal Prosecution Office (MPF) issued a statement that they had demanded Nemus provide proof of ownership of the areas they claim, clarification on the projects they've been promising online they would undertake, and proof that they've received authorization by the National Indian Foundation (FUNAI) or any other public body that would allow them to operate in the area and engage with various Indigenous groups.

According to the MPF, members of Indigenous groups in the area reported the company had violated their rights. They also explained that Nemus had expressed to them their plans to use heavy machinery to open an airstrip and build a road in order to access Brazil nut groves in the area. Apurinã leaders alleged that company representatives had pressured Indigenous people who do not read well to sign documents, and did not provide them with copies.

In 2018, he was sentenced to federal prison for unrelated securities fraud; a U.S. Attorney stated he "essentially ran his company like a Ponzi scheme". He spent five years in prison, and was released in May 2022.

Shkreli is also banned from the securities industry, and from serving as an officer or director of any publicly traded company.

If this was anyone other than Martin Shkreli, I might have been surprised to hear that, only a little over two months out of prison and while still staying in a halfway house, Shkreli is launching a "web3 drug discovery software platform".

Although the project admins blamed the theft on an outside attacker, writing on Telegram that they were "not certain whether it is a bug in our cross-chain bridge or a leaked developer wallet", that is a common refrain by developers who rug pull their own projects.

Audius halted the token and smart contracts while they patched the bug, and brought the network back online shortly afterward. The attacker had found and exploited a vulnerability in the way the contracts were written which allowed them to rewrite the governance voting rules and delegate 10 trillion AUDIO tokens to themselves for voting purposes. They then used those tokens to pass the malicious proposal. The contracts had been audited by OpenZeppelin and Kudelski, but neither group caught the vulnerability. Audius stated that a plan for dealing with the loss of community funds was still under discussion.

One of their artists, "Jules", created an NFT clearly modeled after The Falling Man, a well-known photograph of a man falling from the upper floors of the World Trade Center during the September 11 attacks in New York City. The NFT is also titled Falling Man, and pictures a model in the same position, but wearing an astronaut suit.

Not only is GameStop selling an NFT of the victim of a tragedy, it's a featured image when Googling "GameStop".

Many customers write of being convinced by Alex Mashinsky personally, particularly in his weekly "AMA"s where he regularly claimed that Celsius was a safe platform with substantial reserves that could cover any potential losses. Mashinsky often denigrated traditional banks, referring to Celsius as a better and safer option.

Some of the letters are particularly heartbreaking, with customers referring to suicidal ideation or saying that they've been too ashamed to share the news of their financial losses with their family. One woman included a copy of an email she sent to Mashinsky and Celsius support, pleading for them to allow her access to her crypto, and including an ultrasound photo of a baby. "I do need the fund to pay for the hospital, doctor and baby items such as cot, clothes, nappies etc. I also need the fund to pay for school fees for my two other school aged children," she wrote.

Wahi allegedly used his access to highly confidential information around which cryptocurrency tokens would be listed and when the news would be announced to tip off his brother and friend, who would then use multiple anonymous Ethereum wallets to purchase large quantities of the token before the prices spiked on the news. According to the press release, the two took positions in at least six tokens before Coinbase announced in April 2022 that they would be listing them on the exchange. The DoJ said that the scheme had generated approximately $1.5 million in gains. The DoJ acknowledged a "Twitter account that is well known in the crypto community", likely referring to Cobie, who identified the suspicious activity.

The DoJ also reported that when Coinbase's director of security operations contacted Wahi in May asking him to attend a meeting regarding the suspicious activity, Wahi purchased a one-way flight to India in an attempt to flee the country. He was stopped by law enforcement.

The U.S. Attorney for the Southern District of New York stated in the press release, "Today's charges are a further reminder that Web3 is not a law-free zone... fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street."

Each of the charges (four against Wahi, two each against his brother and friend) carried a maximum sentence of 20 years. In May 2023, Ishan Wahi was sentenced to two years in prison; Nikhil was sentenced to ten months in prison.

Blockchain.com also announced that they would close their Argentina-based offices, cancel plans to hire in several countries, and cut executive salaries.

The wildfire is reportedly the second fire in that same location attributed to the company in the last month. Spain has been facing devastating fires brought on by record-breaking temperatures and drought, and Land Life acknowledged that contractors should not have been working during the heat wave due to the extreme fire risk.

Based on a follower's suggestion, he created the ENS domain stop-doing-fake-bids-its-honestly-lame-my-guy.eth and placed a 100 ETH bid on it. To his surprise, another person came along and offered him 1.9 ETH (~$2,900). Apparently excited to receive a sizeable offer for a gag NFT, franklinisbored accepted the offer and took to Twitter to write about his good fortune: "Well this is the most surprising 1.891 ETH I have ever made. I owe it all to #ENS and @gweiman_eth's creative idea. #Marketing101".

Meanwhile, he had forgotten to cancel his joke 100 ETH offer, which remained active. The new buyer accepted the offer and sold the NFT back to him, pocketing 98 ETH in the process. Franklinisbored wrote on Twitter, "I was celebrating my joke of a domain sale, sharing the spoils, but in a dream of greed, forgot to cancel my own bid of 100 ETH to buy it back. This will be the joke and bag fumble of the century. I deserve all of the jokes and criticism." He also sent the 1.9 ETH back to the other person, with a message asking them to reverse the transaction. The other person replied, "No, thank you for the money though."

In their report, Tesla stated that "Conversions in Q2 added $936M to our balance sheet." Assuming this is all Bitcoin, this suggests Tesla sold at around $28,900 — a 7–10% decrease from their buy price. The company stated in a shareholder presentation that the "Bitcoin impairment" had damaged the company's Q2 profitability.

This is grim news for some crypto enthusiasts, a group that overlaps considerably with Tesla and Musk superfans. Musk's Bitcoin purchases helped to convince many new people to buy in, and the news of Tesla's decision caused a sharp 2.5% decrease in Bitcoin prices.