Users deposited their money into projects running on the Ethereum, Tron, and Binance blockchains, and earned rewards for recruiting others to the scheme. The project also used payments from newer investors to pay out earlier investors — a Ponzi scheme.
- "SEC Charges Eleven Individuals in $300 Million Crypto Pyramid Scheme", U.S. Securities and Exchange Commission
- "SEC charges 11 people in alleged $300 million crypto Ponzi scheme", CNBC
Those players have certainly learned something about crypto, as the league informed them that they're not likely to get the funds they were promised after Voyager Digital filed for bankruptcy in early July.
Nomad posted on Discord and tweeted that they were "aware of the incident" and "investigating", but the attack was ongoing over an hour after the acknowledgement.
Four days before the attack, Nomad announced that they'd raised a $22.4 million seed round from investors including Coinbase, OpenSea, and Crypto.com.
- "CoinFLEX Update: July 29, 2022", CoinFLEX blog
Helium is a common name that comes up when people are pressed to provide examples of web3 use cases. The New York Times ran a feature on the company in February 2022, titled "Maybe There's a Use for Crypto After All", where Kevin Roose lavished praise on the company and wrote that they had "largely avoided the hype and inflated claims that surround many crypto projects" (oops) and repeated the false claim about a Lime partnership (double oops). Lime said that the Times never contacted them to fact-check the claim; meanwhile, Helium founder Amir Haleem prominently points people to the article with a pinned tweet.
However, a recent Twitter thread by Liron Shapira drew attention to the fact that the company's total monthly revenue from network usage is only $6,500 — raising questions about the feasibility of hotspot operators actually earning much in the way of rewards (as the rewards are distributed based on network usage).
Following the publication of Binder's article, Helium quietly removed Lime's logo from their website, along with that of Salesforce, a CRM software company. Salesforce also confirmed to The Verge that they had no partnership with Helium, and that the graphic on the Helium website where Salesforce's logo was displayed as a user of Helium was "not accurate".
The Federal Reserve and the FDIC sent a cease-and-desist to Voyager, asking them to remove the misleading statements about deposit insurance. It would have been nice if this had come a bit earlier — perhaps before people had deposited money into accounts with the company and could no longer get it out.
The attack caused the project's ANA token to plunge in value by 80%, and the project's NIRV stablecoin to lose its dollar peg, falling to $0.08. Nirvana Finance tweeted, "Please be advised: ANA has lost its collateral, and NIRV has lost its peg. Until the thief restores funds, these tokens will not have exchange value. Be very careful with trading NIRV & ANA, as they currently have no guaranteed value."
They also tweeted at the hacker, promising to stop investigating the hacker's identity and to pay a $300,000 "bounty" in exchange for the funds back. They wrote, "You have not taken money from VCs or large funds — the treasury you have taken represents the collective hopes of everyday people."
The project had promised its users over 60% APY, and its Twitter account described ANA as "the balanced risk investment with adaptive yield".
The DAO has stumbled along somewhat since its January victory, encountering issues with making the bible viewable to DAO members without breaking copyright laws, a diminishing treasury due to declining crypto prices, and controversy after Soby was linked to the Remilia Collective.
After all that, the project leader suddenly and apparently unilaterally announced a plan where members could redeem their SPICE for ETH, and stated that they would be removing project leaders, converting the DAO to a private company, and selling the Dune bible (likely at a major loss). It was nice knowing you, SpiceDAO.
In his Twitter thread, Lyu outlines how the fund will "implement Anti-FUD education", "motivate and acclaim industry leaders and influencers who are always responsible, delivering trusted information", and "effectively trace FUDers who intentionally spread FUD and take legal actions against them if needed".
Something tells me his list of "industry leaders and influencers" to "acclaim" won't include those who are rightfully skeptical of crypto.
- "Kraken, a U.S. Crypto Exchange, Is Suspected of Violating Sanctions", The New York Times
The fired employees quickly began preparing a legal fight against immutable, questioning whether their firing was legitimate when many of the people who were sacked were about to reach the vesting date for more than $1 million in stock options.
- "Australian crypto platform Immutable sacks 6% of staff despite plans to 'hire aggressively'", news.com.au
- "Sacked crypto unicorn staff plan legal challenge to redundancies", The Australian Financial Review
Brazilian authorities challenge NFT company Nemus after it claims ownership to land in the Amazon, allegedly pressures Indigenous people to sign documents they could not read
On July 20, they issued a press release claiming that "the World's First Non-Fungible Territory has been officially renamed by indigenous people in Brazil in coalition with Nemus". The company claims to own 41,000 hectares (~100,000 acres) of land in the Amazon.
On July 25, Brazil's Federal Prosecution Office (MPF) issued a statement that they had demanded Nemus provide proof of ownership of the areas they claim, clarification on the projects they've been promising online they would undertake, and proof that they've received authorization by the National Indian Foundation (FUNAI) or any other public body that would allow them to operate in the area and engage with various Indigenous groups.
According to the MPF, members of Indigenous groups in the area reported the company had violated their rights. They also explained that Nemus had expressed to them their plans to use heavy machinery to open an airstrip and build a road in order to access Brazil nut groves in the area. Apurinã leaders alleged that company representatives had pressured Indigenous people who do not read well to sign documents, and did not provide them with copies.
- "MPF aciona empresa que vende ativos digitais (NFTs) de áreas da Amazônia", Ministério Público Federal (in Portuguese)
- Press release by Nemus
After five years in prison for a Ponzi scheme and a lifetime ban from the pharmaceutical industry, Martin Shkreli announces his new venture: a web3 drug discovery platform
In 2018, he was sentenced to federal prison for unrelated securities fraud; a U.S. Attorney stated he "essentially ran his company like a Ponzi scheme". He spent five years in prison, and was released in May 2022.
Shkreli is also banned from the securities industry, and from serving as an officer or director of any publicly traded company.
If this was anyone other than Martin Shkreli, I might have been surprised to hear that, only a little over two months out of prison and while still staying in a halfway house, Shkreli is launching a "web3 drug discovery software platform".
- "Announcing Druglike - a Web3 Drug Discovery Platform", press release
- Martin Shkreli, Wikipedia
Although the project admins blamed the theft on an outside attacker, writing on Telegram that they were "not certain whether it is a bug in our cross-chain bridge or a leaked developer wallet", that is a common refrain by developers who rug pull their own projects.
Attacker makes off with $1.1 million after successful governance attack on the Audius web3 music platform
Audius halted the token and smart contracts while they patched the bug, and brought the network back online shortly afterward. The attacker had found and exploited a vulnerability in the way the contracts were written which allowed them to rewrite the governance voting rules and delegate 10 trillion AUDIO tokens to themselves for voting purposes. They then used those tokens to pass the malicious proposal. The contracts had been audited by OpenZeppelin and Kudelski, but neither group caught the vulnerability. Audius stated that a plan for dealing with the loss of community funds was still under discussion.
One of their artists, "Jules", created an NFT clearly modeled after The Falling Man, a well-known photograph of a man falling from the upper floors of the World Trade Center during the September 11 attacks in New York City. The NFT is also titled Falling Man, and pictures a model in the same position, but wearing an astronaut suit.
Not only is GameStop selling an NFT of the victim of a tragedy, it's a featured image when Googling "GameStop".
Many customers write of being convinced by Alex Mashinsky personally, particularly in his weekly "AMA"s where he regularly claimed that Celsius was a safe platform with substantial reserves that could cover any potential losses. Mashinsky often denigrated traditional banks, referring to Celsius as a better and safer option.
Some of the letters are particularly heartbreaking, with customers referring to suicidal ideation or saying that they've been too ashamed to share the news of their financial losses with their family. One woman included a copy of an email she sent to Mashinsky and Celsius support, pleading for them to allow her access to her crypto, and including an ultrasound photo of a baby. "I do need the fund to pay for the hospital, doctor and baby items such as cot, clothes, nappies etc. I also need the fund to pay for school fees for my two other school aged children," she wrote.
- "My Big Coin Founder Convicted of Cryptocurrency Fraud Scheme", U.S. Attorney's Office of the District of Massachusetts
Former Coinbase product manager charged with tipping off co-conspirators about tokens that were about to be listed on the exchange
Wahi allegedly used his access to highly confidential information around which cryptocurrency tokens would be listed and when the news would be announced to tip off his brother and friend, who would then use multiple anonymous Ethereum wallets to purchase large quantities of the token before the prices spiked on the news. According to the press release, the two took positions in at least six tokens before Coinbase announced in April 2022 that they would be listing them on the exchange. The DoJ said that the scheme had generated approximately $1.5 million in gains. The DoJ acknowledged a "Twitter account that is well known in the crypto community", likely referring to Cobie, who identified the suspicious activity.
The DoJ also reported that when Coinbase's director of security operations contacted Wahi in May asking him to attend a meeting regarding the suspicious activity, Wahi purchased a one-way flight to India in an attempt to flee the country. He was stopped by law enforcement.
Each of the charges (four against Wahi, two each against his brother and friend) carry a maximum sentence of 20 years. The U.S. Attorney for the Southern District of New York stated in the press release, "Today's charges are a further reminder that Web3 is not a law-free zone... fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street."
- "Three Charged In First Ever Cryptocurrency Insider Trading Tipping Scheme", U.S. Department of Justice
Blockchain.com also announced that they would close their Argentina-based offices, cancel plans to hire in several countries, and cut executive salaries.
The wildfire is reportedly the second fire in that same location attributed to the company in the last month. Spain has been facing devastating fires brought on by record-breaking temperatures and drought, and Land Life acknowledged that contractors should not have been working during the heat wave due to the extreme fire risk.
- "La empresa forestal que originó el fuego de Ateca ya causó otro hace un mes en el mismo lugar", Heraldo (in Spanish)
- "Land Life Company Raises €3.5 million in Series A Funding", press release
- Comunicado - Incendio Bubierca, Land Life (in Spanish)
Based on a follower's suggestion, he created the ENS domain stop-doing-fake-bids-its-honestly-lame-my-guy.eth and placed a 100 ETH bid on it. To his surprise, another person came along and offered him 1.9 ETH (~$2,900). Apparently excited to receive a sizeable offer for a gag NFT, franklinisbored accepted the offer and took to Twitter to write about his good fortune: "Well this is the most surprising 1.891 ETH I have ever made. I owe it all to #ENS and @gweiman_eth's creative idea. #Marketing101".
Meanwhile, he had forgotten to cancel his joke 100 ETH offer, which remained active. The new buyer accepted the offer and sold the NFT back to him, pocketing 98 ETH in the process. Franklinisbored wrote on Twitter, "I was celebrating my joke of a domain sale, sharing the spoils, but in a dream of greed, forgot to cancel my own bid of 100 ETH to buy it back. This will be the joke and bag fumble of the century. I deserve all of the jokes and criticism." He also sent the 1.9 ETH back to the other person, with a message asking them to reverse the transaction. The other person replied, "No, thank you for the money though."
In their report, Tesla stated that "Conversions in Q2 added $936M to our balance sheet." Assuming this is all Bitcoin, this suggests Tesla sold at around $28,900 — a 7–10% decrease from their buy price. The company stated in a shareholder presentation that the "Bitcoin impairment" had damaged the company's Q2 profitability.
This is grim news for some crypto enthusiasts, a group that overlaps considerably with Tesla and Musk superfans. Musk's Bitcoin purchases helped to convince many new people to buy in, and the news of Tesla's decision caused a sharp 2.5% decrease in Bitcoin prices.
According to CoinDesk, Zipmex faces an enormous loss on a loan of $100 million worth of assets to Babel Finance, an exchange that suspended withdrawals in mid-June and is now hiring restructuring attorneys.
On July 21, the Thai Securities and Exchange Commission sent a letter to Zipmex asking them to explain their decision, requesting details on customer assets under custody and where they were invested — particularly around any assets deposited in Celsius or Babel Finance.
- "Crypto exchange Zipmex halts withdrawals due to 'volatile market conditions'", The Block
- Tweet by Zipmex
- "Zipmex a Victim of Crypto Contagion as Concerns Grow Over Babel Loan: Sources", CoinDesk
- "ก.ล.ต. ให้ บริษัท ซิปเม็กซ์ จำกัด (Zipmex) ชี้แจงข้อมูลเพิ่มเติมเกี่ยวกับทรัพย์สินของลูกค้า", Thai SEC (in Thai)
Raccoon Network is a metaverse project. Freedom Protocol invested in the project in late June, and announced they would be working together. Freedom Protocol is a defi project that advertises an 183,394.2% APY "compounded by scientific calculations".
The Sho Restaurant does plan to allow members of the public as well as NFT holders, and even the holders will still have to pay for their food. NFT holders also get access to the exclusive Sho Club, and things like "Access to all future Sho Club lounges" (no such lounges appear to be in planning). Those who pay $15,000 or $300,000 for top two tiers of NFTs receive access to perks including a "Monthly curated omakase members dinner (food & beverage not included).
The FBI stated they had identified 244 victims, and estimated the total loss associated with these fraudulent apps to be around $42.7 million.
- "Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors", Federal Bureau of Investigation
Only four days prior, on July 14, Bexplus had published a press release offering "rewards worth up to $5,000 to new users who sign up and make their first deposit". The project also promised its users up to 21% interest on bitcoin kept with the exchange. Bexplus had also promised a 100% match on deposits to the platform, up to 10 BTC (currently priced at $235,550).
- "Notice on Indefinite Suspension of Bexplus Project", Bexplus
- "Bexplus Exchange Announces $5,000 Giveaway for New Users", press release
- "Corretora brasileira de criptomoedas fecha e dá 24 horas para clientes sacarem fundos", Livecoins (in Portuguese)
The move came only a month after BlockFi laid off 20% of their employees, or around 170 people. The company appears to be struggling to stay afloat, soliciting $400 million in loans from Sam Bankman-Fried's FTX crypto exchange and signing a deal with FTX that gives the exchange the opportunity to acquire them.
The week prior, an internal operating plan document was shared to the anonymous employee platform Blind, which outlined a plan that would reduce company headcount to around 800 — a 15% reduction. The plan was taken down shortly after. Gemini co-founder Cameron Winklevoss wrote in a Slack message that the leak was "super lame", and wrote that "friendly reminder that Karma is the blockchain of the universe — an immutable ledger that keeps track of positive and negative behavior."
The fund is down 30% YTD. According to Scaramucci, the suspension was to avoid "damag[ing] investors that want to stay in the funds" if many investors decide to exit in a less than "orderly" fashion.
The fine was imposed on April 25, 2022, and Binance filed an appeal in June. This is not Binance's first time playing fast and loose with regulatory bodies — in February, Binance halted activities in Israel due to being unlicensed. In December 2021, the Ontario Securities Commission released a statement to say that Binance wasn't registered in the province, but Binance continued to operate there anyway for several more months.
Then, on July 17, the exchange released a new announcement: "Due to cooperation with the police investigation, the platform has suspended related services... Please wait for the police announcement." They also wrote in the post, "AEX reserves the right of final interpretation of this announcement", and below the signature wrote, "The closer you look, the further you see."
On July 20, PREMINT's CEO announced they would be compensating all users affected by the hack by sending them ETH equivalent to the floor price of the stolen NFTs. "I realize that the NFTs stolen were not all floor NFTs... You might feel like this compensation isn't enough. But I don't think there's any other scalable and objective way to do this," he said. The total repayment will amount to about 340 ETH ($525,000). PREMINT also bought the two most expensive stolen NFTs from their new owners for the prices they had paid to buy them from the hacker — 92 ETH ($138,000) for a Bored Ape and 12 ETH ($17,800) for an Azuki. Those NFTs were returned to their original owners.
NFTs valued at $150,000 stolen via phishing link posted to the hacked Twitter account of NFT artist DeeKay
Altogether, the stolen NFTs were valued at around $150,000. DeeKay reported that he wasn't sure how his Twitter account had been compromised, but that "my guess is that [two-factor authentication] was off for that specific time". DeeKay wrote that he was considering compensating his followers who were victim to the scam, but that "[a] few are pretending to be affected and looking for opportunities", and "this also encourages hackers to keep doing their thing". "There were some kind souls who were affected and have shown me great flexibility for me to compensate in different ways. Some are asking for high demands as if I was the hacker...😪", he wrote in the thread.
The news sparked rumors about Coinbase, including that they might be facing a liquidity crisis or insolvency. Others dismissed those rumors as unfounded, and normal behavior for a company facing a market downturn. Coinbase CEO Brian Armstrong tweeted that Coinbase was "well capitalized".
Reception on Twitter was brutal, with one person commenting, "And that's another one for Beloved Icons Ruined By Pyramid Scheme Bingo". Another described the decision to launch an NFT project as "jumping on the bandwagon while it's actively collapsing". The reception on Discord was also tepid, with only 130 people joining the server in the two days following the announcement.
McAfee died by suicide in June 2021 in a Spanish prison, shortly before he was due to be extradited to the United States on tax evasion charges. His death kicked off a tornado of conspiracy theories by QAnon followers.
Now, the SEC has wrapped up the investigation, finding his partner in crime responsible for the undisclosed promotion and pump and dump scheme. In addition to a $376,000 fine, Watson is prohibited from any professional cryptocurrency trading.
- "Crypto Lender Celsius Files for Bankruptcy After Cash Crunch", Bloomberg
- "Troubled Crypto Lender Celsius Hires New Restructuring Lawyers", The Wall Street Journal
As with many of these attacks, it's not immediately clear if there was truly an outside party who gained unauthorized access, or if the "attack" was actually a rug pull or an inside job. The project tweeted on July 16 that they were "continu[ing] to investigate" and had hired outside security firms to try to help them identify the hacker and recoup lost funds.
One single wallet targeted by the phishing attack lost more than $6.5 million worth of Ether and Bitcoin, and another targeted by attackers lost around $1.68 million worth of those currencies.
Rival firm Nexo has said it is considering acquiring Vauld, though some have expressed skepticism that Nexo is in a position to afford such an acquisition.
The usage of the exchange by residents of sanctioned countries could draw the attention of US regulators. It's also the latest in several investigative reports by Reuters into Binance, in addition to a June report that the exchange facilitated $2.35 billion in illicit transfers from 2017–2021, and an April report that Binance supplied the Putin regime with information about crypto donors to opposition leader Alexei Navalny.
Bifrost wrote in their post-mortem analysis that because the attack was limited to the BTC address registration server, and the hack didn't exploit any smart contract or protocol vulnerabilities, a security audit performed by Theori "is still valid" — leading one to wonder why anyone should trust an "audited" platform if $2.25 million in assets can be stolen without invalidating an audit.
- "Post-mortem: BiFi-BTC illegal address registration", Bifrost blog
Hackers used NFTs from the popular Doodles collection as collateral to borrow wETH, then withdrew all but one of the NFTs, allowing them to perform a re-entrancy attack. The attacker then laundered the funds using the Tornado Cash cryptocurrency tumbler.
According to Omni, only funds belonging to the platform that were being used for testing were taken by the attacker.
- "Hacker drains $1.4 million worth of ETH from NFT lender Omni", The Block
- Exploiter wallet on Etherscan