Genesis lays off 20% of employees, jettisons CEO after Three Arrows Capital disaster

Crypto broker Genesis is laying off 20% of their employees and reshuffling their leadership in the wake of a several-hundred-million dollar loss related to the Three Arrows Capital implosion. With 260 employees, the 20% workforce cut will affect around 50 employees. Genesis also announced that their CEO Michael Moro would be "stepping down".

Canadian pension manager says they invested "too soon" in the crypto sector after $150 million loss

Canadian caisse de dépôt et placement du Québec (CDPQ), Canada's second-largest pension fund manager, sunk $150 million into Celsius during a WestCap-led funding round announced in October 2021.

Needless to say, this hasn't worked out so hot for CDPQ — Celsius locked up its customers' funds in June and filed for bankruptcy in July, and the courts are in the middle of trying to figure out how to untangle it all. "For us it's clear when we look at all of this, even if the last chapter has not been written, that we went in too soon into a sector that was in transition", said CDPQ's CEO.

CDPQ reported a $33.6 billion loss in the first half of 2022, which they attribute mostly to declines in equity and bond markets.

SEC files complaint against Dragonchain in relation to their 2017 ICO

The U.S. Securities and Exchange Commission filed a complaint against an individual and his companies in relation to their sale of Dragon tokens in 2017. The ICO raised $16.5 million, but the SEC has said the event was an unregistered securities offering, and has demanded the proceeds be returned and a penalty be paid.

Hodlnaut applies for creditor protection

After halting withdrawals on August 8, Singaporean crypto lender Hodlnaut has applied for protection against creditors: a process similar to the U.S. Chapter 11 bankruptcy.

They explained in a statement that they made the decision in order to try to avoid forced asset liquidation, "as it is a suboptimal solution that will require us to sell our users' cryptocurrencies at these current depressed asset prices".

Claims of racist imagery in Bored Ape Yacht Club NFT project make it to court

Two side-by-side images. On the left is a Pepe meme from 4chan, where Pepe is wearing a hachimaki reading "神風" ("kamikaze", but the characters are reversed in order). On the right is a Bored Ape wearing an identical hachimaki.Comparison between a racist 4chan Pepe meme and an identical Bored Ape attribute (attribution)
In a motion to dismiss a trademark lawsuit filed by Yuga Labs (the company behind the Bored Ape Yacht Club NFT project) against Ryder Ripps and various others, the defendants outlined in detail their beliefs that the Bored Apes project intentionally includes racist and Nazi dogwhistles, and that Yuga's lawsuit is a strategic lawsuit against public participation (SLAPP) intended to silence criticism.

Ripps is a part of a group of people who have vocally criticized the Bored Apes project for being racist and antisemitic, with what they believe are intentional hat-tips to 4chan culture. Ripps also created his own NFT project, called RR/BAYC, where he clones the Bored Ape NFTs and sells them in what he says is a "critique [of the] hateful imagery". Because Yuga Labs has never brought action against any of the many Bored Ape ripoff NFT collections, he and his lawyers are arguing this lawsuit is an attempt to silence his criticism.

Some of Ripps' and others' individual claims about dogwhistles in the project are more believable than others, but in their entirety they are pretty damning. Ripps is not the only one who has been outspoken about the issue, and is joined by people in and outside of the NFT world.

BitGo plans to seek damages from Galaxy Digital after they called off their $1.2 billion acquisition

In May 2021, investment management firm Galaxy Digital announced their plans to acquire crypto custodian BitGo for $1.2 billion in what would be the first $1 billion dollar deal for the crypto industry. At the time, crypto prices were near all-time-highs.

Galaxy Digital claims that BitGo failed to provide audited financial statements for 2021 by the deadline they had agreed upon, and for that reason they decided to end the deal.

BitGo claims they've still got time to provide the statements, and that Galaxy Digital owes them $100 million for breaking the deal, which they plan to pursue in court.

Galaxy Digital just reported a ~$555 million dollar loss in the second quarter, which may have contributed towards their choice to back out of the acquisition.

In June 2023, the Delaware Court of Chancery dismissed BitGo's complaint with prejudice, finding that Galaxy Digital had a "clean termination right" based on BitGo's failure to provide financial statements.

Eqonex closes its crypto exchange

The Nasdaq-listed firm Eqonex has announced they will close their "underperforming" crypto exchange, hoping to change their money allocation to "reflect the current market conditions and the opportunities that we are best placed to capture". They cited " extreme market volatility and declining trading volumes" as making it challenging to keep the exchange afloat.

They announced that the exchange will stop trading on August 22, and customers have a month to withdraw their funds.

Collector loses four Bored Apes valued at over $500,000 to phishing attack

An illustration of a white-furred ape, with a bandage around its eyes, wearing a toga.Bored Ape #2393, the one stolen NFT yet to be sold (attribution)
An NFT collector who goes by ASEC_APE lost four Bored Ape Yacht Club NFTs to a phishing attack. The attacker quickly flipped three of the four NFTs for a total of around 200 ETH (~$387,000). The fourth is listed for sale on the NFT platform X2Y2 for 84.59 ETH (~$159,000) — a total profit of $546,000 for the scammer if they find a buyer at that price.

ASEC_APE had just purchased the four NFTs between July 15 and August 13 for a combined total of 326 ETH (~$532,000 based on ETH prices at the time of each purchase; ~$631,000 at the price on the day of the theft).

One of the stolen NFTs, Bored Ape 9012, had just been stolen a week before from Cameo CEO Steven Galanis when his wallet was compromised, as were a handful of other pricey NFTs. ASEC_APE had purchased it from the person who purchased it from the hacker shortly after the August 6 theft.

Brazilian crypto lender BlueBenx halts customer withdrawals and lays off employees after $32 million "hack"

The Brazilian crypto lending platform BlueBenx suddenly shut its doors after announcing they had suffered an "extremely aggressive" hack of 160 million BRL (US$32 million). However, they shared very little in the way of details, leading investors to question the veracity of their story.

All 22,000 customers of BlueBenx suddenly found them unable to withdraw funds from the platform. The platform also reportedly laid off the majority of its employees.

Misconfiguration in the Acala stablecoin project allows attacker to steal 1.2 billion aUSD

A misconfiguration in a newly-deployed liquidity pool allowed an attacker to mint 1.2 billion aUSD, a stablecoin built on the Polkadot network. The exploit caused aUSD to lose its USD peg, initially dropping as low as $0.60 and hovering around $0.90.

Acala paused the protocol shortly after the attack, and disabled the transfer functionality of the stolen aUSD and of Acala-based tokens the attacker had swapped for some of the aUSD. It's important to note that the attacker could not earn a profit anywhere near $1.2 billion USD from the erroneous creation of new, unbacked tokens — they likely made off with around $1.6 million. Acala subsequently burned most of the new tokens, which helped the aUSD token return to between $0.90 and $0.94 — much closer to its intended peg.

Scammer trades fake ApeCoins for Bored Ape NFT

An ape with fur colored like television static wears a rainbow-colored hat with a propeller. Its eyes are closed, it's biting its lower lip, and it's wearing a black shirt with a skeleton printed on it.Bored Ape #8373 (attribution)
A scammer created a fake ApeCoin contract on the NFT Trader service, with tokens that appeared identical to the true ApeCoins but were actually worthless. After "chatt[ing] for a long time about location, jobs, the space", the owner of Bored Ape #8373 was convinced to trade it for 26,500 "ApeCoin", which would be valued at $163,770 if they were real. "I didn't bother double checking the contract as I figured [NFT Trader] only allows [OpenSea] verified collections and contracts anyway," the victim wrote on Twitter. The scammer flipped the NFT several minutes later for 78 ETH ($154,774).

Team member admits to taking more than $400,000 from Velodrome to try to recoup personal losses

On August 4, the team behind the Velodrome exchange and liquidity marketplace noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost.

On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.

Gabagool had become a somewhat prominent part of the crypto community, providing insights into various crypto happenings as someone who was adept at tracing blockchain transactions. In June, he was featured in a Vice documentary titled, "Is Everything in Crypto a Scam?". He spoke about, among other things, his October 2021 discovery that the crypto-focused venture capital firm Divergence Ventures was Sybil attacking airdrops to claim millions in rewards. That particular incident ended with Divergence returning the money they had gained from the strategy, and Ribbon awarding 5% of that amount — equivalent to about $545,000 at the time — to Gabagool as a "bounty".

Crypto YouTuber sues someone for calling him a "dirtbag influencer"

Ben Armstrong ("Bitboy Crypto") pictured sitting in a car, midsentence. Overlaid is the text "Use crypto risk free", the Bitcoin logo, and a wallet with coinsThumbnail of a Bitboy YouTube video (attribution)
"BitBoy Crypto" (Ben Armstrong) has sued "Atozy" (Erling Mengshoel Jr.) over a video in which Mengshoel accuses Armstrong of "lacking integrity as a cryptocurrency commentator" and repeatedly calls him a "dirtbag". He also states that Armstrong "cannot be trusted with financial advice because you don't know whether he's trying to enrich you or himself."

Armstrong has claimed that the video cost him more than $75,000 in damages, and has caused him emotional distress including anxiety and depression.

Oddly, in the lawsuit, he writes that he is "in the business of providing advice and commentary on cryptocurrency investments" — a strange thing to do for someone who, like most crypto influencers, constantly tries to claim that his videos are not financial advice.

Armstrong has promoted crypto projects including Celsius. He has also posted and then deleted videos on cryptocurrency projects that later failed, such as Ethereum Yield, Cypherium, and MYX Network. According to a recent CNBC story, he claimed he "could easily make more than $100,000 per month in promotions alone", though it was not clear to which time period he was referring.

Armstrong announced on August 24 that he planned to drop the lawsuit against Mengshoel, stating that "I didn't understand that my name is now so big that if I file a lawsuit it would be found and be made public" — a strange thing to be blindsided by given he sued a YouTuber with 1 million followers who predictably told his audience about the suit. "We are going to drop the lawsuit, 100%. I'm sorry it became public."

Researchers estimate that an insider trader profited from 10–25% of new crypto listings at Coinbase

It's no secret that insider trading has happened at Coinbase, with the U.S. Attorney's Office of the Southern District of New York filing charges in July against three individuals, including a former Coinbase product manager, for their involvement in a scheme to trade on non-public information. However, researchers at the University of Technology Sydney have published a study showing that a group of four connected wallets appeared to trade based on the knowledge of tokens that were about to be listed by Coinbase. The trader(s) took positions in the coins ahead of the announcements, then sold the tokens soon after the listing announcement when they increased in value based on the news. The wallets involved in the trading scheme made a total profit of around 1,003 ETH ($1.88 million), which the researchers note is a conservative estimate of insider profits at Coinbase.

However, some have pointed out that issues with Coinbase's API leaked information about which coins were about to be listed, which could have enabled people to obtain the information allowing them to make such trades without an insider connection.

India freezes assets of FlipVolt, Vauld's Indian exchange

India's Enforcement Directorate froze $46.5 million of assets belonging to FlipVolt, the Indian branch of the Vauld cryptocurrency exchange. Vauld had previously filed for protection from creditors — a process in Singapore that is similar to Chapter 11 bankruptcy in the U.S. — on July 8, only four days after suspending withdrawals. Vauld subsequently announced a shortfall of around $70 million due to the Terra collapse and other factors, and reportedly owes creditors $363 million.

According to India's ED, 23 entities deposited Rs 370 crore (~$46.5 million) into FlipVolt, which the ED says were the proceeds of criminal activity. FlipVolt had "very lax KYC norms, no EDD [enhanced due diligence] mechanism, no check on the source of funds of the depositors, no mechanism of raising STRs [suspicious transaction reports], etc" and reportedly enabled the entities to launder the proceeds of crimes via the exchange.

Martin Shkreli dumps his project's token in "hack"

Martin Shkreli sits at a table, arms crossed and smirkingMartin Shkreli (attribution)
I've almost got to give it to him. When I wrote up Druglike, Martin "Pharma Bro" Shkreli's new "web3" project for drug discovery, and asked him some questions in the project Discord, I expected him to run into issues with the fact that he's trying to build a pharmaceutical software platform after being banned from the pharma business. But he seems to have exceeded my high expectations for this grift, pulling off a scam even before anything got off the ground.

The value of $MSI, Martin Shkreli Inu (really), plummeted 90% from $0.000014 to a mere $0.0000014 when a wallet owned by Shkreli suddenly dumped its tokens. The MSI token originally was a fan-made token, but Shkreli adopted it as the token "powering" Druglike (despite zero information as to how it's actually used to power the project). The MSI were swapped for 239 ETH (~$459,000).

Shkreli claimed via his Twitter persona "Enrique Hernandez" that "I got hacked last night." (Shkreli was banned from Twitter after being creepy to a journalist, and so now uses the thinnest of veiled identities to somehow evade Twitter suspension). Shkreli claimed that when he had tried to torrent a file called, no joke, [BigTitsRoundAsses] 17.12.14 - Jazmyn [1080p], he ended up with a remote access trojan. However, crypto research project Rug Pull Finder tweeted, "Bruh - why is the attackers wallet funded by you then".

Suspected Tornado Cash developer arrested in the Netherlands

A suspected developer of the Tornado Cash cryptocurrency tumbler was arrested in the Netherlands, according to the country's Fiscal Information and Investigation Service (FIOD). They said that he was "suspected of involvement in concealing criminal financial flows and facilitating money laundering". Wallet addresses used by Tornado Cash were sanctioned by the United States several days prior due to their use in laundering the proceeds of criminal activities.

It's not immediately clear from the statement whether the activities that led to the arrest involved more than just contributing to the Tornado Cash codebase, but it would be very concerning if not. There are complexities around the sanctioning of Tornado Cash — a fairly decentralized software project — that raise concerns about the criminalization of code. For many, it brings to mind the "Crypto Wars" (where "crypto" is referring to cryptography rather than cryptocurrency).

The largest Ethereum miner starts blocking Tornado transactions

The Ethermine mining pool is responsible for over a quarter of all Ethereum mining, making them the largest miner for that blockchain. On August 11, three days after OFAC added the project to its sanctions list, Ethermine stopped including Tornado Cash transactions in their blocks.

This came as a shock to some crypto enthusiasts, who were taken aback that such a large number of blocks in a "decentralized" and "censorship-resistant" project would reject Tornado Cash transactions. Others worried that more miners would do the same, which could eventually prevent Tornado Cash transactions from being validated at all.

Game studio pauses development on their game after sinking Kickstarter funds into crypto

A 3D rendered woman stands next to a green dragon-like creator, with her hand shading her eyes looking up into the distance. Behind her is grass and then a tropical beach. The title says "Untamed Isles" and there is a graphic in the bottom right that says "over 420% funded"Untamed Isles artwork (attribution)
Over 3,000 backers put a combined ~NZ$841,000 (~US$535,000) into Untamed Isles, a Pokémon-like MMORPG. Although the developers did eventually plan to add optional crypto elements for players who wanted them, it was not primarily a crypto game.

On August 11, about a year after the Kickstarter launched, the creators posted an update: they would be pausing development and putting the project on hold because they had run out of money. "We leaned into the crypto market and expanded rapidly off the back of the positive interest. When the crash came, we ended up heavily exposed with too short of a runway."

Project backers were not impressed by this announcement, with many asking for refunds — which the developers had promised if the game never launched. However, the game developers wrote that "Due to our cash reserves being empty, we are not in a position to refund our initial backers."

"Really disappointed by this- I put money into funding this game to back a game, not to throw money into the crypto market," wrote one backer. "Gutted and to be honest pretty appalled," wrote another.

Mailchimp bans a slew of crypto companies according to their no-crypto policy

The email marketing company Mailchimp reportedly suspended accounts belonging to several prominent companies and individuals in the crypto sphere, including crypto analytics tool Messari, blog Decrypt, wallet provider Edge, NFT artist Jesse Friedland, and the founder of the Cryptoon Goonz NFT collection.

Daniel Roberts, CEO of Decrypt, wrote on Twitter that they had used Mailchimp for more than four years, but that the company had "deactivated our newsletter account with no warning or explanation".

Mailchimp's acceptable use policy bans businesses offering "Cryptocurrencies, virtual currencies, and any digital assets related to an Initial Coin Offering". It's listed among other industries that they identify as having "higher-than-average abuse complaints, which can jeopardize deliverability" including work-at-home scams, make money online, and lead generation opportunities; gambling services or products; and multi-level or affiliate marketing. In an email reportedly sent to Friedland regarding his suspension, Mailchimp wrote, "We cannot allow businesses involved in the sale, transaction, trading, exchange, storage, marketing, or production of cryptocurrencies, virtual currencies and any digital assets."

In April, Mailchimp had experienced a security breach in which audience data was taken from around 100 accounts in finance and crypto-related industries.

OpenSea changes its policy, requires a police report to freeze NFTs

The dominant NFT platform, OpenSea, has changed its policy around NFTs that are reported as stolen. OpenSea now requires those who have reported an NFT as stolen to produce a police report within seven days, or else they will re-enable trading of the asset.

Some have praised the change as a good step towards preventing false reports, whereas others have complained that the change does not apply retroactively to assets that have already been frozen from trading on the platform. Others have raised concerns about the new requirement that they engage with police.

Coinbase stopped sending price notifications during crypto crash

Mother Jones has reported that the Coinbase crypto exchange stopped sending the email notifications that it had previously sent some users when the price of a cryptocurrency changed noticeably. Coinbase had been trialling these price change alerts in January, and some users had grown to rely on them to notify them when cryptocurrency prices changed noticeably. However, the company quietly stopped sending these emails sometime in February, before they were re-enabled for all users.

While the choice could be chalked up to the end of an A/B test, some legal experts have expressed concern about the sudden and unannounced change in behavior: "It's potentially illegal... This seems straight up deceptive. They said we'll email you price alerts and then stopped doing it without saying they were [going to stop]." He also noted that even if a customer didn't sue for damages, depending on the number of users who saw the alerts, "if they caused harm to people who didn't sell crypto that they would have sold, that is potentially actionable by regulators." Another expert observed that a traditional brokerage firm would likely be penalized by FINRA if they did something similar.

Celsius CEO Alex Mashinsky reportedly sells off some of his $CEL holdings during price increase and attempted short squeeze

Alex Mashinsky sitting onstage, wearing a Madonna microphone and a t-shirt reading "Banks are not your friends." with the Celsius logoAlex Mashinsky (attribution)
A wallet identified as belonging to Celsius CEO Alex Mashinsky sold off 17,475 CEL (the native token of the Celsius lending platform) for around $28,000. Celsius is undergoing bankruptcy proceedings, and users remain without access to their cryptocurrency that's locked in the platform.

CEL enjoyed an all-time-high of around $8 in June 2021, but has been trading for less than half that for this year. The token hit $0.15 on the day Celsius announced they would be pausing withdrawals, but has, oddly, recently spiked above $2. Some have attributed this to the ill-advised attempts at a short squeeze by a group of people who believe that exchanges are somehow running out of CEL tokens to provide to short-sellers, and that a properly-coordinated short squeeze could somehow realistically send the token to $100. Protos did a useful explainer on why this is unlikely to work, but those pushing the idea have a fervency not unlike what was seen with those pushing the GameStop short squeeze, and enjoy dismissing those who question the strategy as "CEL shorters" who are trying to ruin any chance of a Celsius recovery.

All the same, Mashinsky can possibly thank the short squeeze folks for helping him pump his bags, and sell off a pile of tokens for over 10x more than what he previously could have.

Analytics firm Elliptic says RenBridge has been used to launder more than $540 million in proceeds from crimes over the last two years

Two days after OFAC sanctioned crypto tumbler Tornado Cash, the blockchain analytics firm Elliptic pointed to cryptocurrency bridges as a likely future target for sanctions if the Treasury Department continues its attempts to crack down on crypto money laundering. In addition to their purpose of allowing different currencies to be used cross-chain, cryptocurrency bridges are a useful tool for obscuring the path of cryptocurrencies, as it can be difficult for outside observers to link cryptocurrencies flowing into a bridge with the destination wallet(s) on the other end.

Elliptic singled out the RenBridge chain in particular, saying that at least $540 million in funds linked to crimes have been moved through the bridge in the last two years. $153 million of this, they say, originated from ransomware plots, and $53 million is allegedly linked to the Russia-based group behind the Conti ransomware.

Blur Finance rug pulls for over $600,000

The yield aggregator Blur Finance rug pulled, taking more than $600,000 in assets from the BNB Chain and Polygon-based projects before deleting their website and social media accounts. The project had only been active for about a month, and had accumulated about 750 users on its original BNB Chain implementation, and on August 5 had announced their launch on Polygon. In the announcement, they boasted returns of over 4,000% APR.

Hotbit crypto exchange suspends trading due to criminal investigation

Tweet from Hotbit News: 📢Announcement on the Suspension of Hotbit Website Service on August 10th, 2022 Details👉https://hotbit.zendesk.com/hc/en-us/articles/8074249353495 ⚠️User's assets are safe, please don't worry. We are sorry for any inconvenience caused!😢
Followed by a GIF of Anya Forger from Spy x Family cryingHotbit announcement tweet (attribution)
The Hotbit cryptocurrency exchange abruptly announced they would be suspending services because they were under criminal investigation, and law enforcement had frozen some of their assets. Hotbit claims that the investigation pertains to a former employee who was involved in a "project" unbeknownst to Hotbit, which investigators believe was illegal. Hotbit urged that all customer funds were safe, which seems a bit of a bold statement when their funds are currently frozen to the point where the exchange can no longer operate.

Hotbit announced the suspension on Twitter with a GIF of a crying Anya from the anime series Spy × Family which, despite demonstrating their good taste in shows, does not seem like it would exactly inspire confidence among customers.

CoinFLEX files for restructuring

The cryptocurrency exchange CoinFLEX announced they had filed for restructuring, a move that probably didn't surprise too many people after they stopped customer withdrawals in June, sued Roger Ver over $84 million they claimed he owed them in July, and then significantly cut staff in order to try to massively reduce their costs.

As tends to happen with insolvent exchanges, they are hoping to "compensate" their depositors with a mix of CoinFLEX-issued tokens and equity, rather than actual money or more liquid, established cryptocurrencies.

Nuri crypto exchange files for insolvency

The German cryptocurrency exchange Nuri, formerly known as Bitwala, filed for insolvency. Interestingly, they did not stop customer withdrawals — as have many exchanges who later announced they were insolvent — allowing its existing users to continue to withdraw funds and otherwise use their services.

Their announcement began by saying, "We would like to inform you about an important development that does not affect our services, funds or investments with Nuri," and throughout the post they stressed that customer funds were safe.

Nuri blamed the insolvency on everything from "the ongoing after-effects of the Corona pandemic" to "the economic and political uncertainties in the markets after Russia's invasion of Ukraine" to the more recent crypto bear market.

On October 18, the company announced they would be shutting down after failing to find someone to acquire the company. They asked customers to withdraw their funds by December 18. Unlike many of the services that faced insolvency crises this summer, Nuri is closing without any loss of customer funds.

Curve Finance frontend compromised, $620,000 stolen but later recovered by exchanges

Curve Finance's frontend at curve.fi was compromised, prompting users to give token approval to a malicious smart contract. Stolen funds were then transferred out to the FixedFloat cryptocurrency exchange and the Tornado Cash tumbler. It appears that at least 362 ETH (~$620,000) have been stolen.

Curve acknowledged the apparent exploit, tweeting at the iwantmyname domain platform to say they believed the issue was on their end. Around an hour after the issue was widely noticed, Curve announced the "issue has been found and reverted", and to use the alternate Curve Finance domain until DNS changes propagated for the affected domain. They also urged users to revoke any recent contract approvals they'd made on the Curve platform.

FixedFloat tweeted that they had been able to freeze 112 of the stolen ETH (~$192,000) that had been transferred to their platform. Binance later announced that they'd recovered the remaining stolen funds, with founder CZ tweeting, "The hacker kept on sending the funds to Binance in different ways, thinking we can't catch it. 😂"

Truth in Advertising sends letters to 17 celebrities about undisclosed promotion of NFTs

A collage of sixteen of the seventeen recipients of TINA's letters: Drake Bell, Tom Brady, DJ Khaled, Eminem, Jimmy Fallon, Paris Hilton, Eva Longoria, Madonna, Floyd Mayweather, Meek Mill, Von Miller, Neymar, Shaquille O'Neal, Gwyneth Paltrow, Logan Paul, and Snoop DoggSome of the recipients (attribution)
Non-profit advertising watchdog organization Truth in Advertising (TINA) sent letters to seventeen celebrities, urging them to follow FTC requirements on clearly disclosing when they are being paid to promote a brand. TINA had also previously sent such letters to Justin Bieber in relation to his promotion of the inBetweeners NFT project, and to Reese Witherspoon in relation to her endorsement of World of Women.

The celebrities who received letters from TINA were Drake Bell, Tom Brady, DJ Khaled, Eminem, Jimmy Fallon, Paris Hilton, Eva Longoria, Madonna, Floyd Mayweather, Meek Mill, Von Miller, Neymar, Shaquille O'Neal, Gwyneth Paltrow, Logan Paul, Snoop Dogg, and Timbaland.

At least 101 NFT Discord servers compromised in July

A fluorescent green skull with blond hair, a piece of cheese floating above its head, a rainbow connecting its eye sockets, and padded armorTasty Bones' Discord was hacked twice in July (attribution)
I've largely stopped covering crypto Discord compromises because they occur so frequently it would drown out everything else. OKHotshot has been keeping count, though, and according to them, at least 101 servers have been compromised in the month of July. Four of the projects — EY3KON, Tasty Bones, Universe by Barnabe, and Angry Dinos — were each compromised twice in that month.

"Animate your Bored Ape" scammers linked to more phishing attacks amounting to more than $2.5 million

Screenshot of an Instagram post promising to animate users' Bored Ape NFTs. Text reads "Wanna turn your Ape or Mutant into a cool GIF? - High quality - All attributes working - Only gas fees to pay (50$) boredapeyachtclub.github.io (LINK IN BIO) PM @exyt to get gas fees refunded!"Screenshot of an Instagram post promising to animate users' Bored Ape NFTs (attribution)
Crypto sleuth zachxbt has uncovered a French scam duo, Mathys and Camille, who he believes were behind the March "turn your BAYC animated" phishing scam in which they stole a collector's Bored Ape NFT and flipped it for 264 ETH (at the time worth $764,000). He has also tied them to four other Bored Ape holders who fell victim to fake "animator" phishing schemes that also stole pricey NFTs including Doodles and Mutant Apes. Among them, they lost NFTs collectively valued at $1.7 million. In his investigation, zachxbt also uncovered other crypto wallets that appeared to contain proceeds from other phishing scams, totaling around 497 ETH (~$851,000). "Undoubtedly there is more to uncover, but there is only so much that can be tracked through Tornado Cash," he wrote.

Tornado Cash added to U.S. sanctions list

The U.S. Office of Foreign Assets Control (OFAC) added Tornado Cash to its SDN list: a list of "Specially Designated Nationals And Blocked Persons" with whom U.S. individuals and organizations are prohibited from doing business.

Tornado Cash is the most prominent cryptocurrency tumbler (or "mixer") and has been used in a multitude of instances to launder proceeds from cryptocurrency hacks and scams. In a press release, the Treasury Department named the North Korea-sponsored Lazarus Group's $625 million hack of Axie Infinity in March, the $100 million theft from Horizon Bridge in June, and the $190 million hack of the Nomad bridge in August as contributing to the decision.

Although Tornado Cash had claimed to be complying with sanctions in the wake of the Axie hack, the Treasury Department wrote in their press release that, "Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks".

Tornado Cash is also widely used to maintain privacy in a world where transactions are publicly visible, and it remains to be seen how the cryptocurrency ecosystem will react to this major development. Tornado Cash is also relatively decentralized in its operations, meaning it may be difficult for the sanctions list to be kept up to date and for the sanctions to be enforced.

The fallout from the sanction was swift: in the days following the action, Tornado's source code repository was removed from Github and the accounts of some of its developers were suspended; the project's Gitcoin funding page was taken down; and the project's own website, governance pages, and Discord server went offline.

Bitcoin mining operation Riot Blockchain earns more money in July by not mining, effectively mines without paying for power

An aerial photo of large warehouse-style buildings, electricity infrastructure, and shipping containers on a large dirt plotRiot Blockchain's Rockdale, Texas facility (attribution)
The Bitcoin mining firm Riot Blockchain produced 318 BTC in July, valued at around $6.88 million, from its mining operations located in central Texas. The firm also received $9.5 million in power credits for switching off their power-hungry Bitcoin miners during all-time-high energy demands in a month where the state has been experience extreme heat waves.

A press release from Riot proudly announced that "Riot curtailed a total of 11,717 megawatt hours in July, enough to power 13,121 average homes for one month", as though it is acceptable that they are normally using this amount of electricity solely to churn out Bitcoins.

They also wrote that "When applied to anticipated power costs for the month, the power credits and other benefits are expected to effectively eliminate Riot's power costs for July" — meaning that Texas residents are effectively subsidizing the cost of Bitcoin mining whether they like it or not. Meanwhile, the Texas Tribune and The Dallas Morning News report that many Texans are paying 50–70% more for electricity than this time last year.

Hodlnaut halts withdrawals

Crypto lending firm Hodlnaut announced they would be suspending withdrawals "due to recent market conditions". They also announced they would be withdrawing their license application with the Monetary Authority of Singapore, and that "Hodlnaut is therefore no longer providing regulated digital payment token (DPT) services, ie our token swap feature. For the avoidance of doubt, Hodlnaut will also cease all borrowing and lending services."

In an FAQ attached to the announcement, Hodlnaut told users that "it will not be a short process" to re-enable withdrawals and token swaps.

No one wants to admit to owning the WazirX crypto exchange

Tweet by Nischal Shetty, quote-tweeting a tweet by Changpeng Zhao.

CZ tweet reads: Sad that these have to be debated on Twitter:
Binance provides wallet services for WazirX.
WazirX domain is transferred to our control.
We were given a shared access to an AWS account.
We could shutdown WazirX. But we can't, because.. 1/2

Shetty's tweet reads:'We could shut down WazirX' - Proves you have control
'Shared access of AWS' - You have ROOT access of AWS! Anyone with root access controls AWS
'WazirX domain transferred to our control' - Good to see you confirm that
Only control now is Zanmai, why are you not taking it?Tweet by WazirX founder Nischal Shetty (attribution)
After India froze the assets of the WazirX cryptocurrency exchange due to suspicions they were enabling money laundering, suddenly no one wants to admit to operating it.

Despite a 2019 blog post by Binance titled, "Binance Acquires India's Leading Digital Asset Platform WazirX to Launch Multiple Fiat-to-Crypto Gateways", Binance CEO Changpeng Zhao ("CZ") tweeted that "Binance does not own any equity in Zanmai Labs, the entity operating WazirX", and that besides wallet services and an off-chain transaction integration, "WazirX is responsible all other aspects of the WazirX exchange". These statements were disputed by Nischal Shetty, the founder of WazirX, who stated in no uncertain terms that WazirX was acquired by Binance. "Binance owns WazirX domain name. Binance has root access of AWS servers. Binance has all the Crypto assets. Binance has all the Crypto profits", Shetty wrote on Twitter.

Brand new Dragoma "move-to-earn" game rug pulls for around $3.5 million

An illustration of a purple dragon with white spikes all around its head, perched on the text "Dragoma" in blue all caps. Underneath that it says "Dragoma Web 3.0" in white text. In the background is an illustrated scene of trees and sky.Dragoma promotional image (attribution)
The Polygon-based Dragoma app promised to be a new move-to-earn game, the term for a category of web3 apps that promise to reward people in tokens when they exercise. This particular app promised to be a dragon-themed "adventure game" where users could hatch dragon eggs by walking 500 meters a day (about 1/3 of a mile) for 40 days.

The project launched only days before it rug pulled. On August 7, the $DMA token dropped in price over 99% as funds were removed from the project and moved to exchanges. According to CoinDesk, around $3.5 million was taken. The project's website, Telegram channel, and Twitter accounts were all taken offline.

Someone makes NFTs out of photographs from the Xinjiang Victims Database

A 3D rendering of a man, standing in a T-pose and pictured from above his head. The rendering itself is shown on what appears to be a polaroid-style photograph inside a black plastic sleeve with stickers on itMade in Uyghur NFT (blurring added by W3IGG) (attribution)
The Xinjiang Victims Database is a database that aims to collect records on ethnic minority citizens in China's Xinjiang Uyghur Autonomous Region who have been imprisoned in concentration camps as a part of the Uyghur genocide. According to the project, "The goal of this database consists in documenting the aforementioned individuals, so as to both protect them now and hold the Chinese authorities accountable later."

Someone apparently decided this was perfect material for an NFT project, which they named "Made In Uyghur". They took 100 images from the database, clumsily projected them onto 3D-rendered human models in a T-pose, and listed them for $25 apiece.

Upon becoming aware of the NFTs, the Xinjiang Victims Database updated their site licensing to CC BY-NC, a Creative Commons license that forbids commercial reuse. "Commercial use of the data, including images of victims, is not okay", they wrote on Twitter, "[Made In Uyghur] never contacted us about this".

"Saxon James Musk" token developer rug pulls for around $442,000

Who could have predicted that the shitcoin named after one of Elon Musk's 16-year-old sons could turn out to be a scam? Well, besides the people who fell for previous rug pulls of tokens based on the Musk family, such as Baby Elon coin in June or the Baby Musk Coin in February...

The project developer suddenly sold off their share of the coin for around 1355 WBNB (~$442,000), sending the coin price plummeting by more than 68% as a result.

Beanstalk Farms comes back for round two after $182 million exploit

The algorithmic stablecoin project Beanstalk Farms suffered a devastating hack in April 2022, suffering $182 million in losses from a governance attack and flash loan exploit on the project. The project tried a fundraiser to restore the stolen money, but only raised $10 million.

Now, Beanstalk is re-launching, saying they've made changes to their governance model and security practices, and have received audits from two major firms.

In June, the project creator stated that "The thing about a system like Beanstalk is that it works until it doesn't. You can never actually know if it works, only that it has worked so far."

Hacker compromises wallet of Steven Galanis, CEO of Cameo app, stealing $231,000

An illustration of an ape with grey-brown fur, with heavily lidded eyes, wearing 3D glasses and a togaBored Ape #9012 (attribution)
A hacker compromised the wallet belonging to Steven Galanis, the CEO of Cameo, an app that allows people to pay various celebrities to record short messages for them. The hacker took 9,457 ApeCoin (~$69,000), 2.3 ETH (~$3,900), a Bored Ape NFT, three Otherside land plots, and other various NFTs. The hacker then flipped the Bored Ape for 77 ETH (~$131,000), and the other NFTs for a combined 16 ETH (~$27,000).

Galanis wrote on Twitter that he "Just got my Apple ID hacked". Although he didn't offer more details on how he had determined iCloud was to blame, it's likely he's referring to an attack vector where MetaMask automatically backs up users' seed phrases to iCloud unless it's disabled, meaning that a hacker who successfully accesses a person's iCloud account can also compromise any of their MetaMask wallets. The same type of attack saw a user lose $650,000 in April, and brought wider attention to the app's behavior.

Researchers identify an attack strategy actively being used by the second-largest Ethereum mining pool to earn outsized mining rewards

Researchers from The Hebrew University have identified an attack on the consensus mechanism used by Ethereum which they describe as risk-free and which can used to "obtain consistently higher mining rewards compared to the honest protocol". They also identified that the attack was being actively used by F2Pool's Ethereum mining pool to attack other mining operations. F2Pool is the second-largest Ethereum mining pool.

By manipulating the timestamps of blocks to be added to the chain, a miner can replace other miners' main-chain blocks with their own blocks, obtaining the fees that would have gone to the other miners. The attack has been called an "Uncle Maker" attack because Ethereum refers to valid but not main-chain blocks as "uncles".

F2Pool co-founder Chun Wang responded on August 8 to the allegations against his mining pool, apparently acknowledging their behavior and suggesting that manipulating a vulnerability in a system is not a "blatant disregard [of] the rules" as the researchers had characterized it. He tweeted: "We respect the *consensus* as is. If you don't like the consensus, convince [Ethereum developer Tim Beiko] to send me another Announcement and change it." Quote-tweeting a tweet by the lead author of the paper who described F2Pool's technique, he wrote, "I can't stop appreciate this elegant implementation of what we've done over the past two years... A robust system must withstand all kind of tests."

India freezes assets of WazirX, Binance's Indian exchange

India's Enforcement Directorate froze $8.16 million of assets belonging to WazirX, a Binance-owned cryptocurrency exchange that is one of the largest exchanges in India. According to the ED, its action was a result of an investigation into WazirX allegedly laundering the proceeds of a crime by allowing it to be converted into cryptocurrencies.

The ED wrote in a press release, " ED found that large amounts of funds were diverted by the fintech companies to purchase crypto assets and then launder them abroad...(a) maximum amount of funds were diverted to WazirX exchange and the crypto assets so purchases have been diverted to unknown foreign wallets".

Ian Macalinao revealed to have pumped the total value locked on the Solana ecosystem by pretending to be 11 developers working on over a dozen projects

Ian Macalinao sitting in a folding chair and speaking into a microphone, gesturing at someone out of frameIan Macalinao (attribution)
CoinDesk revealed that eleven developers behind Solana projects including Sunny Aggregator and Cashio were all actually personas created by Ian Macalinao. Macalinao created the Saber protocol on Solana, and used his personas to build what appeared to be independent projects that all used Saber. In doing so, he was able to artificially inflate the apparent total value locked (TVL) on Solana by double-counting the same tokens. At their peak popularity, Saber and Sunny were responsible for the $7.5 billion of Solana's $10.5 billion TVL.

In an unpublished blog post where he confessed to his deception, he wrote, "I believe it contributed to the dramatic rise of SOL". He wrote the post shortly after one of his persona's projects, Cashio, was hacked for $52 million, but apparently shelved it.

Ian Macalinao's brother Dylan, the other co-founder of Saber protocol, aided in the scheme by lending credibility to Ian's various personas to those who had doubts about trusting money to projects led by pseudonymous individuals.

All told, Ian Macalinao was responsible for the Saber protocol, the Protagonist VC firm and incubator, and Ubeswap under his real name. He created Sunny Aggregator as Surya Khosla, Cashio as 0xGhostchain, Goki as Goki Rajesh, Quarry as Larry Jarry, TribecaDAO as Swaglioni, Crate as kiwipepper, aSOL as 0xAurelion, Arrow as oliver_code, Traction.Market as 0xIsaacNewton, Sencha as jjmatcha, and VenkoApp as ayyakovenko.

CoinGape and Binance publicize scam recovery address after Nomad hack

After the August 1 Nomad bridge exploit, Nomad created an address where people who took money out of the bridge could return it.

However, that was not the address that CoinGape published in their article titled "Breaking: Nomad Announces ENS Address And Bounty For Returning Funds" article, which was syndicated to Binance's news feed. Instead, they indicated that people should send funds to a different address, a scammer who had been sending on-chain messages to various people who took money out of Nomad during the exploit, asking they return it.

Although CoinGape removed the article fairly quickly, it remained live on Binance's site for over an hour. Fortunately, it doesn't appear anyone besides the writers have fallen for the scam, as no cryptocurrency has been sent to the address.

ZB crypto exchange exploited for more than $3.5 million

The self-described "world's most secure digital asset exchange", ZB, suffered an exploit in which attackers stole a large number of different cryptocurrencies, estimated by various researchers to be valued at around $3.6 million and $4.8 million.

ZB announced that they were suspending deposit and withdrawal services due to "sudden failure of some core applications".

Robinhood cites crypto market crash in decision to lay off 23% of employees

Stock and crypto trading app Robinhood announced they would be laying off 23% of their staff: 780 people. The layoffs followed a prior round of layoffs in April, which saw 9% of their staff (~342 people) out of jobs.

Robinhood CEO Vlad Tenev wrote, "Since that time, we have seen additional deterioration of the macro environment, with inflation at 40-year highs accompanied by a broad crypto market crash. This has further reduced customer trading activity and assets under custody. Last year, we staffed many of our operations functions under the assumption that the heightened retail engagement we had been seeing with the stock and crypto markets in the COVID era would persist into 2022."

The announcement came the same day that Robinhood was fined $30 million by the state of New York for insufficient anti-money laundering and cybersecurity protections in the crypto portions of their offering.

Thousands of Solana wallets drained in attack that nets over $6 million

Nearly 8,000 Solana wallets were drained for at least $6 million worth of assets, including native SOL tokens and SPL tokens like USDC. The attack went on for nearly a day before Solana identified the likely cause: private keys that were exposed to an application monitoring service used by the crypto wallet Slope. Both Solana and Slope were vague about further details but explained that they were continuing to investigate.

CoinShares investment firm reports $21.5 million loss from Terra collapse

In their Q2 earnings report, European cryptocurrency investment firm CoinShares reported that they'd only made $120,000 in net income in the most recent quarter, down from more than $32 million in Q1. They explained this was largely because of an enormous loss that resulted from the May collapse of the Terra ecosystem, costing the firm £17.7 million ($21.5 million).

Michael Saylor steps down as MicroStrategy CEO as the company reports a $918 million impairment charge on Bitcoin holdings

Michael Saylor sitting in front of a large model shipMichael Saylor (attribution)
Bitcoin maximalist Michael Saylor announced he would be stepping down as CEO of MicroStrategy, which is ostensibly a software company but in recent years appears to be mostly a Bitcoin-purchasing company. Saylor is extremely pro-Bitcoin, with an emphasis on "extreme". In March 2021, when Bitcoin was at around $57,000, he urged people to "go mortgage your house and buy Bitcoin with it... if you've got a business that you love because your family works for the business and it's been in your family for 37 years, and you can't bear to sell it, mortgage it, finance it, and convert the proceeds into ... Bitcoin. If you're working for a company that's got $100m in the treasury, you ought to convince the CEO and the board of directors to convert the treasury into Bitcoin... that'd be worth billions to them."

Unfortunately, that treasury strategy — which in his case also includes taking on more debt to buy more Bitcoin — is not currently working out so well for MicroStrategy, which reported a $918 million impairment charge on their Bitcoin holdings in their most recent earnings report. Saylor stepped down as CEO the same day.