Attackers steal around $265,000 of user funds from KyberSwap exchange

An attacker was able to insert malicious code into the frontend of the decentralized exchange KyberSwap and steal $265,000 of user funds. The project used Google Tag Manager to allow code to be injected into the project frontend (often for analytics, ads, or marketing purposes), which was used by the attacker to insert malicious code into the project UI that specifically targeted whale accounts — that is, those with large balances.

Kyber identified and remedied the issue after two hours of investigating it, and only two wallets were affected. Kyber promised to compensate the users who lost funds, and also tried to tempt the hacker into returning funds by allowing them to keep 15% of the stolen money as a "bounty" (~$40,000).

Snapchat abandons its web3 plans

Snap Program Manager Jake Sheinman tweeted that "As a result of the company restructure, decisions were made to sunset our web3 team. The same team that I co-founded last year with other pirates who believed in digital ownership and the role that AR can play to support that." Snap, the company behind Snapchat, had been working on a feature that would enable users to import their NFTs and use them as augmented reality filters.

This news came amidst the announcement that Snap would be laying off 20% of its staff, a whopping 1,300 people.

Unable to recover from the April Rari exploit, Babylon Finance shuts down

In April, an attacker exploited vulnerabilities in the defi lending project Rari Capital to steal $80 million. The asset management project Babylon Finance was a major lending pool on Rari, and lost $3.4 million in the hack. After the incident, users withdrew more than 3/4 of the assets on the project.

Since April, Babylon tried to recover from the hack. However, they described it as "the domino that kickstarted a series of unfortunate events". Rari canceled their planned reimbursement, users withdrew their funds from Babylon Finance, the Fuse pool on Rari was abandoned, and the token price decreased from around $20 to around $5.

On August 31, Babylon Finance's founder Ramon Recuero published a blog post announcing that Babylon would be shutting down. They promised to distribute the remaining project treasury among holders. Users were told to withdraw their funds by November 15.

Lawyer Kyle Roche withdraws from several crypto class-action lawsuits after allegations that he was involved in "gangster-style" schemes to hurt competitor projects

Kyle Roche sitting in a dim restaurant setting, speaking and gesturing. A caption on the video reads "I'm just a crazy motherfucker".Roche in one of the secretly recorded videos (attribution)
Kyle Roche, a founding partner and namesake of the Roche Freedman law firm, has withdrawn from class-action lawsuits filed by the company against projects including Tether and Bitfinex, the Tron Foundation, and BitMEX. This change came less than a week after a whistleblower website alleged he had been paid to attack competitors of the Avalanche blockchain with lawsuits intended to harm them and reveal corporate secrets.

Although Roche has denied the claims by the site, and stated that someone deliberately got him drunk and then took clips of videos out of context, it probably doesn't look so good for a lawyer to be referring to jurors as "10 idiots", or plaintiffs in class-action lawsuits as "100,000 idiots".

Helium ditches its blockchain

Helium is a network of wireless hotspots that decided to bolt on a cryptocurrency layer a few years after it was created. Through this, they hoped to convince people to spend hundreds of dollars on Helium hotspots, which earn an average of 0.07 HNT ($0.37) a day (2.1 HNT/$11.24 a month) for supplying connectivity to internet of things devices.

Now, Helium is ditching its custom Helium chain in favor of a Solana-based token, and scrapping the blockchain entirely for the portions of its service that actually used the blockchain for anything beyond handling rewards.

Helium seems to have realized, finally, that blockchains tend to be slow as hell. In a blog post about the change, they wrote that "specific transactions, including Proof-of-Coverage and Data Transfer Accounting, are processed on-chain unnecessarily. This data bottleneck can cause efficiency issues such as device join delays and problems with data packet communications, which bloats the Network and causes slow processing times." They outline their plans to move these portions of the project to a "more traditional large data pipeline" — that is, infrastructure that's actually well-suited to that kind of processing.

DC Attorney General sues Michael Saylor and MicroStrategy for tax evasion

Michael Saylor sitting in front of a large model shipMichael Saylor (attribution)
DC-based Bitcoin evangelist and former CEO (now chairman) of MicroStrategy has been accused by the DC Attorney General of avoiding years of taxes by pretending to live in Florida, a state without personal income tax. The AG says he evaded more than $25 million in DC taxes this way, with the help of MicroStrategy (which is also named in the suit for helping to enable the tax evasion).

DC permits the court to impose "treble damages" on Saylor if he is determined to have evaded the taxes he owes, which could end up costing him and MicroStrategy more than $100 million in taxes and penalties.

Compound Finance breaks their cETH market for a week

Compound Finance released an update to change the price feed used by the Compound v2 protocol. Despite being audited by three firms, no one caught a bug that caused all transactions for ETH borrowers and lenders to revert, effectively freezing the entire cETH market on the protocol. Because code changes require a seven-day-long vote, the change can't be reverted until a new proposal passes. In the meantime, users with positions they can't access will need to add collateral or repay loans carefully in order to avoid being liquidated if the price of ETH drops by the time the market is operational again.

Thodex CEO arrested over a year after fleeing Turkey in the wake of the exchange's collapse

Faruk Fatih Özer, the CEO of the Thodex cryptocurrency exchange, swore that when they halted trading and shut off customers' access to accounts in April 2021, it was just to investigate suspicious activity. Then he disappeared, leaving behind a collapsed exchange and total losses estimated to be anywhere from $24 million and $2.5 billion in assets (depending who you ask). He left a statement in which he claimed that he was only on the lam in order to "work and repay my debts" to customers, after which he would turn himself in to Turkish authorities.

His plan to somehow work off anywhere from $24 million to $2.5 billion in debts was stymied when he was apprehended by Albanian authorities. He faces extradition to Turkey, where a prosecutor has asked for sentences of 40,564 years for him and other executives (just in case, I guess).

Thai SEC punishes Bitkub CTO for trading Bitkub Coin on insider information

The Securities and Exchange Commission in Thailand took action against Samret Wajanasathian, the chief technology officer of the Thai crypto exchange Bitkub. The SEC fined him 8.5 million baht (~$234,000), and said they would bar him from serving as a director or executive at any crypto firms for a year.

The SEC reported that Wajanasathian had purchased around $61,000 of Bitkub Coin ($KUB) just before it was publicized that the Siam Commercial Bank would purchase a 51% stake in Bitkub. After the announcement, the value of KUB rose 100%.

Earlier that week, the SCM had announced they would not be following through on purchasing the planned $500 million stake in Bitkub, due to concerns over "various issues" that were raised by the Thai SEC.

Crypto.com wants back the $7.2 million they accidentally sent a customer last year

Crypto.com somehow managed to not only send a woman AUD$10.5 million (US$7.2 million) in May 2021, but not notice it for months afterwards. The woman had requested a $100 refund, but someone accidentally entered an account number into the refund amount section and granted this woman a sudden windfall.

Rather than contacting Crypto.com about the error, she put the money into a joint account shared with her sister, and purchased her sister a five-bedroom home with nearly US$1 million of the funds.

Crypto.com only discovered the error in a December 2021 audit, and sued the woman for the erroneously-sent funds. She's just been ordered by the Victoria Supreme Court to sell the home and return the remaining money.

Unlike with many crypto transactions, erroneous transactions on centralized exchanges can typically be reversed by the exchange. However, Crypto.com would have had to notice the error much sooner, before the recipient transferred the funds elsewhere.

Hacktivists make NFTs out of the stolen passports of Belarusian officials

The inside and outside of a Belarusian passport, with a photo and the name of Alexander Lukashenko. Identifying details have been blurredOne of the NFTs (attribution)
A hacktivist group calling themselves the Belarusian Cyber Partisans managed to gain access to the entire passport records of Belarus last year. On August 30, they began selling NFTs created from the passport data of various Belarusian officials, including the country's authoritarian president, Alexander Lukashenko. Other passports include those of the head of the Belarusian KGB, Lukashenko's press secretary, and the country's prime minister.

The group is selling the NFTs for between 0.2 and 6.5 ETH ($300–$9,700), and say that all proceeds will go towards "our work in hitting bloody regimes in minsk & moscow".

OpenSea took down the NFT collection shortly after it was published.

OptiFi developer accidentally closes the project contract, irretrievably locking $661,000

OptiFi, a derivatives defi project, accidentally and permanently shut down the project smart contract, irretrievably locking up $661,000 — the project's entire fund. A developer had been trying to push an update to the project, and ran into issues related to Solana network congestion (a recurring issue). While trying to clean up from a partially-executed transaction, the developer accidentally ran a command that closed the project's primary smart contract.

OptiFi has promised to return user deposits and settle all positions. In a post-mortem, they wrote that they had learned that "Every deployment needs a rigorous process and single point failure can be avoided. Please don't rush like what we did, especially for defi projects". They further outlined a "peer-surveillance approach" in which three people would be required to deploy any changes together. They also asked the Solana team to implement a two-step confirmation for such a potentially destructive command.

Whistleblower website alleges that the creators of the Avalanche blockchain paid lawyers to attack competitors

Kyle Roche sitting in a dim restaurant setting, speaking and gesturing. A caption on the video reads "I'm just a crazy motherfucker".Roche in one of the secretly recorded videos (attribution)
An anonymous whistleblower website called "CryptoLeaks" has alleged that Ava Labs, the company behind the Avalanche blockchain, paid lawyers to sue competitors and obtain confidential information through legal discovery. The site includes secretly recorded videos of Kyle Roche, a founding partner of the Roche Freedman law firm which has filed class action lawsuits against numerous companies including Solana, Binance, and others. In some of the surreptitiously recorded videos, Roche is visibly drunk.

"A pact was formed that involved Ava Labs granting Roche Freedman a massive quantity of Ava Labs stock and Avalanche cryptocurrency (AVAX), now worth hundreds of millions of dollars, in exchange for Roche Freedman agreeing to pursue a hidden purpose," the site claims.

The site does include video clips of Roche saying some surprising things, although the clips are very short and devoid of context. The whole thing should be taken with a grain of salt.

Ava Labs founder Emin Gün Sirer dismissed the claims on the site as "conspiracy theory nonsense". Roche published a statement about the " numerous unsourced false statements and illegally obtained, highly edited video clips that are not presented with accurate context", in which he said that his statements about filing class action suits at the behest of Ava Labs were "false, and were obtained through deceptive means, including a deliberate scheme to intoxicate, and then exploit me, using leading questions. The statements are highly edited and spliced out of context."

CEO of Ragnarok metaverse game admits to treasury mismanagement, including nearly $2 million in trading losses and exorbitant salaries

Pixel art characters stand in a bar setting with a tiled floor made from hexagons. There are cardboard boxes, a jukebox, and a cook behind the bar.Ragnarok screenshot (attribution)
Ragnarok is a metaverse role-playing game that launched its character NFTs in April 2022. The project received $1.75 million in seed funding, plus another $17.5 million from NFT sales and royalties.

On August 26, CEO Fanfaron published a Substack post providing a breakdown of the project's finances, which he began by saying, "As a previous business owner, and because Ragnarok is a startup and not a DAO, our initial plan was never to operate our finances in public, which is why we have historically been closed and unwilling to share full accounting of our balance sheet." As the post went on, it became clear there might be other reasons they were reticent to publish it.

The post revealed that Fanfaron had lost $1.827 million buying ETH during the crypto downturn: "I made mistakes by buying ETH multiple times when I thought it was an advantageous investment for the project, but then to protect downside risk and with the plan to reinvest at a better time, I sold our position in ETH, multiple times.."

It also revealed that the project is paying its team members apparently enormous salaries: $5.4 million in team compensation, plus another $1.5 million spent to buy out a co-founder. "We're a scrappy startup," he wrote, after also acknowledging that he pays himself $50,000 a month ($600,000 a year) — a number he already reduced by $600,000 from his original salary of $1.2 million per year. He ultimately promised in the post to pay back his trading losses.

As for the game, well, it exists, which means it's already ahead of a lot of crypto games. They launched an alpha version of the game in late July after multiple delays, with Fanfaron explaining, "Our vision was to create something similar to WoW... we were, however, overeager and optimistic with regards to how much time it takes to create such a world." The alpha is a multiplayer pixel art world where characters can walk around and talk to each other, and interact with buildings. Battling, leveling, quests, missions, and breeding are apparently all yet to come.

Indian financial crimes authority searches the offices of CoinSwitch, the country's largest crypto company

Financial crime agents from India's Directorate of Enforcement searched the offices of CoinSwitch and the residences of some of its executives. CoinSwitch is the largest crypto company in India, and is backed by Andreessen Horowitz, Tiger Global, and Coinbase Ventures.

According to the CEO, there's nothing to worry about, the search had nothing to do with money laundering (that's specific), and the agency only executed the search to learn more about its business model and user onboarding. Seems like a pretty weird way to do that, but what do I know.

TechCrunch, however, reported that four people familiar with the investigation stated the investigation was to do with potential violations of foreign exchange laws, and that the agency suspects CoinSwitch acquired $200 million in shares in violation of forex laws.

eth.link service about to go offline because domain owner is in prison

Some people might be familiar with ENS, the "Ethereum Name Service", which seeks to be a web3 equivalent of DNS. If you've seen people with usernames ending in .eth, that's an ENS address. The problem is that .eth is not a functional top-level domain, and so many services relied on eth.link to surface these DNS records to other services.

However, the eth.link domain is only rented for a set period of time and needs to be renewed. ENS DAO tweeted that the domain's owner, Virgil Griffith, is "unavailable". By this, they mean that he is currently serving his first of five years in prison for helping North Korea evade sanctions. With Griffith "unavailable", the project has found itself at the mercy of GoDaddy. Welcome to the decentralized web3 we've all been promised!

Although GoDaddy previously allowed another person to renew the domain on Griffith's behalf, they reversed that decision, and now say they intend to allow the domain to expire on September 5.

The ENS DAO issued a series of tweets urging people to switch to a different service, given the risk that the domain could be snapped up. "If the name expires and is acquired by someone with ill intent, the damage they could do via phishing is substantial - so please update your links and alert your users of the issue immediately," they wrote.

The latest Pokémon-themed rug pull nets $708,000

It's not much compared to at least three separate crypto Pokémon ripoffs since February that have each taken millions, but apparently the love of Pokémon still drew people in to the tune of $708,000.

One might think the blatant rip-off of the Pokémon IP (which belongs to a notoriously litigious company) might have been a red flag, but nevertheless, people bought in to PokémonFi — a play-to-earn game that seems like a much worse version of the original thing.

The project and tokens first launched in April. After apparently running off with the money, the project deleted its Twitter account, though its website remained live.

Researcher zachxbt alleges that teenager who stole crypto worth $37 million in 2020 is responsible for a spate of crypto-related Twitter hacks

BirdPartner - The Secret Twitter Panel
Today, I will start to lease out access to my exclusive Twitter panel. This support hub allows you to request usernames, ban accounts, restore access to stolen/locked accounts, report instances of rule violations, and more.
Due to the extreme nature and power of the panel, access will be restricted to a limited amount of users at once. There are several packages; each becoming more discounted the bigger package you buy.Post on SWAPD advertising access to Twitter panel (attribution)
In 2020, a Canadian teenager used SIM swapping to steal US$37 million in Bitcoin and Bitcoin Cash from a single person. Canadian police announced his arrest in November 2021 after he tried to buy a rare gaming username, also writing that they had seized around $5 million of the stolen funds.

Now, crypto investigator zachxbt thinks the same individual is indirectly responsible for a slew of compromised Twitter accounts that have then been used to promote crypto scams, including those of Beeple, DeeKay, and others. According to zachxbt, he has been selling access to a Twitter admin panel, which allows employee-level access to Twitter tools. This might explain how many of the accounts were compromised despite being protected by multi-factor authentication. According to zachxbt, "It's still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working".

10% of Ethereum nodes at risk of being booted from cloud hosting provider

The virtual server provider Hetzner posted a clarification that using its service to mine Ethereum — either in its current form or in the promised proof-of-stake version — violates its terms of service and that the company has been "internally discussing how we can best address this issue".

16% of all hosting nodes (a category that makes up 62% of all nodes by network type) are hosted with Hetzner — 10% of all nodes. If 10% of all Ethereum nodes being supported by one company sounds awfully centralized to you, wait til you hear that 30% run on Amazon services.

SudoRare NFT exchange rug pulls for $820,000

Six hours after its launch, the team behind the new SudoRare NFT exchange took the money and ran, deleting the project website and social media. People had already warned about issues in the project contract that signaled it could be a scam, but those were either unseen or unheeded by the people who put a collective $820,000 of various tokens into the project.

At least one of the scammer wallets interacted with the Kraken crypto exchange, a U.S.-based exchange that requires KYC, so it's possible that Kraken could help identify the scammers — though they've not made any public moves to do so.

Group charged for stealing over $4 million in transaction reversal scheme

The U.S. Attorney's Office of the Southern District of New York announced charges against three men responsible for a scheme in which they stole millions from cryptocurrency exchanges and traditional banks. The group used stolen identities to buy cryptocurrency from various crypto exchanges, then convinced the banks that the fraudulent transactions were, well, fraudulent. The banks would refund the transactions to the thieves, who would then make off with both that and the cryptocurrency they had purchased.

The three men were charged with wire fraud, bank fraud, and identity theft charges, and face potential decades in prison if convicted.

Bank run leaves BendDAO with 5 ETH and a bunch of NFTs they can't sell

Honestly, who can blame BendDAO for failing to consider that the hype bubble around Bored Apes and other NFT projects might not last forever! "We underestimated how illiquid NFTs could be in a bear market when setting the initial parameters", the project wrote in a governance proposal.

BendDAO allows people to take out loans with their NFTs as collateral. However, if the floor price of those NFTs drops too far and the borrower doesn't pay back some of the loan to adjust its risk rating, other people can bid on the NFT.

The problem with this whole plan was revealed when lenders' confidence was shaken when it was reported that $5.3 million in Bored Apes were at risk of liquidation. Panicked users withdrew their assets from the platform, resulting in a bank run that drained the reserves to a low of 5 ETH (~$8,200). BendDAO had other assets, of course: the NFTs below the liquidation threshold. However, a lack of interested buyers willing to pay the minimum prices (95% of the collection floor price) left the project in a tough spot.

Since the extremely close brush with a liquidity crisis, the project has begun to consider a proposal that would reduce the threshold at which NFTs can be liquidated, reduce auction and liquidation protection periods, remove the 95% floor price bid requirement, and increase interest rates.

OpenSea's stale listing issue burns another collector

An illustration of a white penguin wearing a bow tie and gold crown on a light blue backgroundPudgy Penguin #2951 (attribution)
The same issue that led to OpenSea paying out $1.8 million to users who lost their NFTs is apparently still alive and well (despite OpenSea's introduction of an "Inactive listings" panel). Users who have listed NFTs for sale and never removed the listing have occasionally been surprised in a very bad way when their NFT suddenly sells for an old price — sometimes much different than the going prices for those NFTs.

In this case, a person successfully sold their Pudgy Penguin NFT for 8.69 ETH a year ago ($27,500 at the time of sale). Those particular NFTs have been having a comeback lately, and so the collector bought the same NFT back — this time for 20 ETH ($31,500 at the time of sale). However, an old listing from their previous ownership was still active, and someone was able to snap up the NFT from them for only 9.89 ETH ($15,600) within minutes.

The collector's near-instantaneous $20,000 loss has a happy ending for them, though — the person who bought the NFT was willing to reverse the trade.

Someone buys a Bored Ape, gets scammed out of it two hours later

An illustration of an ape with black fur, sticking out its tongue, wearing a tuxedo t-shirt and a gold stud earringBored Ape #887 (attribution)
In what might be a new record, someone bought a Bored Ape NFT for 70.69 ETH (~$116,000) and had it stolen from them less than two hours later. The scammer quickly flipped the NFT for 61.6969 ETH (~$101,000), then bridged the funds through RenBridge to cover their tracks.

Hodlnaut seems to have lied about their Terra exposure

When Terra was collapsing in May, concerned users of the Hodlnaut lending platform asked whether the firm was exposed. CEO JT wrote on Twitter, "Hodlnaut as a firm did not take any losses on UST, users who held/bought UST on our platform did". Their social media manager wrote, "[Holdnaut] had 0 company exposure to [Anchor Protocol]", referring to the Terra-based lending protocol.

However, documents from the legal proceedings surrounding the now-underwater firm revealed that Hodlnaut had 317 million UST, which it liquidated at a loss when the previously dollar-pegged UST hit $0.85. In the filing, they wrote, "Due to the market's lack of liquidity, the average exit price of UST to USDC was around 42 cents on the dollar, resulting in realized losses to Hodlnaut Trading Ltd of about USD 189.7M. As a result, Hodlnaut's total debt to depositors of USD 500M became backed by realisable assets of around USD 315M as of 13 May 2022 due to the de-pegging event."

Swyftx crypto exchange cuts 21% of staff

The Australian crypto exchange Swyftx laid off 21% of its workforce, affecting 74 employees. One such employee was on her honeymoon in Hawaii when she learned she was suddenly out of a job. The company blamed "an uncertain business environment, with levels of domestic inflation not seen in over two decades, rising interest rates, highly volatile markets across all asset classes, and the potential for a global recession" for the cuts.

Swyftx had announced in June that it would be merging with trading platform Superhero in a $1.5 billion deal.

Sub-primate lending: $5.3 million in Bored Apes used as loan collateral are at risk of being liquidated

Chart showing the floor price of the Bored Ape collection over the last 30 days. On July 20 the floor price was 92.7 ETH; it is now at 69.4 ETH.Bored Ape Yacht Club floor price over the last 30 days (attribution)
When people started sinking hundreds of thousands of dollars into Bored Ape NFTs, it wasn't long before people came up with the genius idea of using those NFTs as collateral for loans. BendDAO is one such platform offering the service, allowing people to post their Ape as collateral in exchange for a crypto loan equal to 30–40% of the Bored Apes collection's floor price. At one point, one borrower had 10,000 ETH (~$17.5 million) in loans from BendDAO against his 60-ape-strong collection (though he since repaid the loans).

However, NFTs in general haven't been doing so hot lately, and the Bored Apes haven't been immune from the slump. As the Bored Apes collection floor price has decreased, more than 15% of the apes used as collateral for BendDAO loans are in the "danger zone" — close to being auctioned off. These 45 apes are valued at roughly $5.3 million. Liquidation could lead to cascading liquidations, as the auctions could themselves cause the floor price to decrease.

As Bennett Tomlin put it, "I hate that y'all somehow created a risk for cascading liquidations of JPEG backed loans".

The FDIC sends cease and desist letters to FTX US and other entities who claim their products are insured

The Federal Deposit Insurance Corporation (FDIC) sent cease and desist notices to the FTX US crypto exchange and four websites that they allege are falsely claiming their products are FDIC-insured. Most people are familiar with FDIC insurance because it covers up to $250,000 per account with federally regulated banks, but crypto companies enjoy no such protections.

In July, the FDIC and Federal Reserve sent a cease and desist to Voyager, a company currently undergoing bankruptcy proceedings, which drew in customers with false promises that USD entrusted to the company were safe from any potential Voyager collapse thanks to FDIC insurance.

After choosing to keep the crypto, divorcee wants a do-over

A letter-writer seeking advice from the Financial Times wrote, "I got divorced last year and as part of the financial agreement, my ex-wife and I agreed that I would keep my cryptocurrency assets while she got the lion's share of my pension and other investments, and we split the family home. When we negotiated last autumn, the crypto market was riding high and I was convinced it would go higher still, but following the recent crash my digital assets have more than halved in value. I'm now considerably worse off than my ex and worried about my financial future. She says I only have myself to blame and won't discuss the matter further. Can I go to court to renegotiate our financial order?"

As expected, the lawyer consulted by the FT informed them that their chances of a do-over were pretty slim, and suggested that individuals negotiating a split with a partner don't take on all the high-risk assets like this person did.

As of August 20, Bitcoin was trading at around $21,200–70% lower than at its all-time-high of $69,000 in November 2021. Other major cryptocurrencies are faring similarly poorly, with ETH down 67% to $1,630 from its all-time-high of $4,890.

DegenTown NFT project rug pulls after promotion from Magic Eden

Cel shaded illustration of a humanoid figure with purple skin smirking. They have a roof of a house on their head with Japanese characters and lanterns hanging from it, and are wearing a grey cape with a black clasp. Behind them is fire and a night sky with a large moon.Degen Degen #4901 (attribution)
DegenTown, a collection of brightly-colored cel shaded humanoid figures, launched with much promotion from Magic Eden on their Launchpad minting service. Magic Eden aims to provide collectors with a level of trust in the project by requiring creators to disclose their identities to the company.

DegenTown first suffered issues in July, when the project's Twitter account was allegedly hacked, and users were tricked into approving a contract that drained their wallets. One individual behind the project promised they would compensate the users whose wallets were drained, but never did.

The project ultimately rug pulled instead, with Magic Eden acknowledging it in a blog post and Twitter thread on August 17. They wrote that they were "urging the original Degen Town founders to return the funds" — however, this is complicated somewhat by the fact that the identity of one of them is not known to Magic Eden. They explained, "Our prior policy was that we doxxed founders. NFTRamo claimed to be an advisor but we learned that he was actually the founder of the project and used being an advisor as a way of skirting our doxxing processes." This is not the first time their identity verification process was sidestepped — they introduced it after a serial rugpuller used their platform to anonymously sell and then rug pull another NFT project, but that same person was able to do it again only a few months later.

The DegenTown project minted 8,000 NFTs for 3 SOL apiece, bringing in $923,000. Beyond that, the creators took 7.5% in royalties on secondary sales. Magic Eden has said that they were able to get one of the two founders to return the funds they'd earned from the mint, and that they planned to use them to compensate buyers.

Bribe Protocol team disappears after raising $5.5 million

The Bribe Protocol promised a DAO infrastructure tool where "token holders get paid to govern", and raised $5.5 million in funding in January to work on their extensive roadmap. However, the project leaders have effectively disappeared. There are no posts on the project's Twitter account since May, their Medium page has been untouched since March, and the Discord is a ghost town aside from the occasional message asking about the status of the project and the inevitable reply that the developers had rug pulled.

Bribe Protocol was incubated by Advanced Blockchain AG and Composable. Composable might ring a bell, because in February its pseudonymous head of product, 0xbrainjar, was revealed to be Omar Zaki, who had settled with the SEC over charges that he had misled investors while operating an unregistered investment advisement company and hedge fund. At the time, he wrote that "I do not want a mistake in my youth to cloud all of the team's efforts", though the SEC charge was filed less than three years prior, when Zaki was 21.

An employee of Figment Capital, one of the investors in Bribe Protocol, claimed that the project had formally shut down and returned 86% of the funds raised from institutional investors, though "retail took a huge L". However, this doesn't appear to have been publicly announced by the project.

Bribe Protocol is, of course, not to be confused with the other Bribe Protocol, a defi project that was abandoned in May 2021.

Experienced crypto trader suffers $470,000 theft after signing malicious message

An experienced crypto trader lost $470,000 to a hack when they signed a malicious message that permitted an attacker to drain all of their USDC stablecoins from their crypto hot wallet. Unlike most crypto hacks that involve approving malicious contracts, this hack was perpetrated when the trader was tricked into simply signing a malicious message. Signing a message tends to be a safer and more common action with crypto wallets, and so traders are not always as careful, though as this trader discovered, it can still have catastrophic impacts.

Crypto.com reportedly lays off hundreds more employees than they announced, tries to hide it

In mid-June, Crypto.com announced they would be laying off 260 people, or around 5% of their employees. However, The Verge has reported that "hundreds more" employees were quietly laid off since then. They report: "Crypto.com has been trying to limit knowledge of the extent of these departures even within the company, with CEO Kris Marszalek refusing to answer a question about the total figure in a recent employees-only town hall meeting."

Marszalek also tried to discourage employees from leaking about the layoffs, saying at a company town hall: "A number [of employees laid off] makes for a great headline, it's a great thing to gossip about. [But] as co-owners of this company, you should ask yourself, 'is it in my interest for this number to be out there?'" One employee told The Verge that this did nothing to assuage their fears about the layoffs, and that "[it felt like] I got told to shut up and get back to work. It felt insulting."

One recent review on Glassdoor claims that Crypto.com had laid off "more than 1,000 employees", and alleged that "They've removed the company directory so we can't see the numbers go down."

South Korea moves to block sixteen unregistered crypto exchanges

The South Korean Financial Services Commission (FSC) reported to investigators sixteen unregistered crypto exchanges that were serving Korean users and hosting events marketing to Koreans. The exchanges include MEXC, KuCoin, CoinW, CoinEX, ZB.com, Bitglobal, Bitrue, Poloniex, BTCEX, Phemex, XT.com, Pionex, BTCC, DigiFinex, AAX, and ZoomEX.

Although the FSC informed the exchanges they needed to register and report their activities, the exchanges did not comply. The FSC has moved to block access to these exchanges in the country, including by asking communications authorities to block access to the exchanges' websites. The FSC pointed to the risk of user data leaks and money laundering as motivations for their action.

Those operating unregistered exchanges in the country could face up to five years imprisonment or a ₩50 million ($37,900) fine, and be barred from registering in the country for five years.

Binance exec claims that scammers are using deepfakes to impersonate him

Screenshot of messages between a blurred individual and Patrick Hillman.
Individual: "Hi Patrick this is [blurred], I had a conversation with Mark J Marshall, can you confirm the Zoom call we had on Thursday with you?"
Patrick Hillman: "That wasn't me."
Individual: "they impersonated your hologram
[LinkedIn link]
This person sent me a zoom link then your hologram was in the zoom , please report the scam""They impersonated your hologram" (attribution)
Binance's chief communications officer, Patrick Hillman, has come out with a blog post claiming that "Scammers created an AI hologram of me to scam unsuspecting projects". (Hologram?) He claimed that scammers were using these meetings to ask token creators to pay a listing fee for their tokens, something that Binance also does, but has been more squirrely about.

The only evidence Hillman provided was a redacted conversation via LinkedIn, where he denies meeting with someone, and they reply: "they impersonated your hologram. This person sent me a zoom link then your hologram was in the zoom". (Again, hologram?) Amusingly, Hillman waxes poetic about the importance of security at Binance throughout the whole post, while also including a LinkedIn screenshot with a name that's blurred so poorly it remains completely legible.

Hillman goes on to claim, with no further evidence, that "a sophisticated hacking team used previous news interviews and TV appearances over the years to create a 'deep fake' of me". If so, this would be remarkable, as to date video deepfakes have mostly been limited to robotic-sounding and grainy pre-recorded Elon Musk impersonations, rather than anything that can respond naturally and quickly to alive conversation.

Another possible explanation is that Hillman is trying to cover Binance's collective ass after being caught taking listing fees for tokens they never list. But who's to say, really — maybe deepfakers have made a considerable breakthrough with startling implications, and Hillman just didn't feel it was important to elaborate on.

Adam Neumann continues to fail upwards as VCs throw even more money at the ex-WeWork CEO

Adam Neumann, standing on stage wearing a microphone and a white shirt that says "Made by We" repeatedly in rainbow colors, pointing at the audienceAdam Neumann (attribution)
In a just world, people would probably not be able to fail upwards quite to the extent of Adam Neumann, who engaged in all sorts of self-dealing and lost billions of dollars, among many other allegations, when he was CEO of WeWork until September 2019.

But Neumann has so far enjoyed a comeback thanks to the likes of Andreessen Horowitz, who led a $70 million funding round in May for Neumann's "Flowcarbon" startup, which aims to sell tokenized carbon credits — sorry, "Goddess Nature Tokens" — to companies trying to green up their image.

Andreessen Horowitz is now enabling another one of Neumann's new crypto schemes to the tune of $350 million — its largest investment to date. This one is just called "Flow", in which Neumann is returning to the real estate industry in a company that aims to help with the residential housing crisis... with blockchain, somehow.

God forbid the venture capitalists give money to deserving founders who haven't already been given, and squandered, a chance. Responding to the news that a16z had put $350 million into Neumann's new gambit — an amount larger than the money raised by all Black-founded startups in the US combined in Q2 — author and investor Kathryn Finney said it was a "slap in the face". "It sends a signal that you can really mess up as a white guy and still get second chances to win," she said.

HUSD stablecoin depegs

Month chart showing HUSD maintaining a $1 peg until dropping below $1 on August 17. The coin dipped to around $0.93, briefly returned to around $0.96, and then on August 18 dropped to $0.84HUSD to USD month chart (attribution)
HUSD, a stablecoin linked to the Huobi crypto exchange, lost its peg and dropped to around $0.85. HUSD is a cash-backed stablecoin intended to be pegged to the US dollar, but the coin lost its peg due to "liquidity issues". HUSD later tweeted that, "We had made the decision to close several accounts in specific regions to comply with legal requirements, which included some market maker accounts. Due to the time difference in banking hours, this resulted in a short-term liquidity problem". The stablecoin restored its peg on August 18.

Several weeks earlier, major crypto exchange FTX announced that they had removed HUSD from their USD basket, meaning they would not be able to be used as collateral.

Huobi worked to distance itself from HUSD as the coin de-pegged, emphasizing that the token is maintained by a different entity and claiming to have exited their stake in that entity in April. However, the token was originally launched by Huobi in 2018, and Huobi has continued to run promotions involving the token as recently as July.

Celer Network's cBridge suffers BGP hijacking attack, users lose combined $240,000

The Celer Network's cBridge project was targeted with a BGP hijacking attack. Users who tried to access the bridge's frontend were instead shown a site that prompted them to authorize transactions that drained their wallets. The attacker was able to steal around 128 ETH (~$240,000) before the exploit was discovered and Celer took the frontend offline. The stolen funds were quickly transfered to the Tornado Cash cryptocurrency tumbler.

Genesis lays off 20% of employees, jettisons CEO after Three Arrows Capital disaster

Crypto broker Genesis is laying off 20% of their employees and reshuffling their leadership in the wake of a several-hundred-million dollar loss related to the Three Arrows Capital implosion. With 260 employees, the 20% workforce cut will affect around 50 employees. Genesis also announced that their CEO Michael Moro would be "stepping down".

Canadian pension manager says they invested "too soon" in the crypto sector after $150 million loss

Canadian caisse de dépôt et placement du Québec (CDPQ), Canada's second-largest pension fund manager, sunk $150 million into Celsius during a WestCap-led funding round announced in October 2021.

Needless to say, this hasn't worked out so hot for CDPQ — Celsius locked up its customers' funds in June and filed for bankruptcy in July, and the courts are in the middle of trying to figure out how to untangle it all. "For us it's clear when we look at all of this, even if the last chapter has not been written, that we went in too soon into a sector that was in transition", said CDPQ's CEO.

CDPQ reported a $33.6 billion loss in the first half of 2022, which they attribute mostly to declines in equity and bond markets.

SEC files complaint against Dragonchain in relation to their 2017 ICO

The U.S. Securities and Exchange Commission filed a complaint against an individual and his companies in relation to their sale of Dragon tokens in 2017. The ICO raised $16.5 million, but the SEC has said the event was an unregistered securities offering, and has demanded the proceeds be returned and a penalty be paid.

Hodlnaut applies for creditor protection

After halting withdrawals on August 8, Singaporean crypto lender Hodlnaut has applied for protection against creditors: a process similar to the U.S. Chapter 11 bankruptcy.

They explained in a statement that they made the decision in order to try to avoid forced asset liquidation, "as it is a suboptimal solution that will require us to sell our users' cryptocurrencies at these current depressed asset prices".

Claims of racist imagery in Bored Ape Yacht Club NFT project make it to court

Two side-by-side images. On the left is a Pepe meme from 4chan, where Pepe is wearing a hachimaki reading "神風" ("kamikaze", but the characters are reversed in order). On the right is a Bored Ape wearing an identical hachimaki.Comparison between a racist 4chan Pepe meme and an identical Bored Ape attribute (attribution)
In a motion to dismiss a trademark lawsuit filed by Yuga Labs (the company behind the Bored Ape Yacht Club NFT project) against Ryder Ripps and various others, the defendants outlined in detail their beliefs that the Bored Apes project intentionally includes racist and Nazi dogwhistles, and that Yuga's lawsuit is a strategic lawsuit against public participation (SLAPP) intended to silence criticism.

Ripps is a part of a group of people who have vocally criticized the Bored Apes project for being racist and antisemitic, with what they believe are intentional hat-tips to 4chan culture. Ripps also created his own NFT project, called RR/BAYC, where he clones the Bored Ape NFTs and sells them in what he says is a "critique [of the] hateful imagery". Because Yuga Labs has never brought action against any of the many Bored Ape ripoff NFT collections, he and his lawyers are arguing this lawsuit is an attempt to silence his criticism.

Some of Ripps' and others' individual claims about dogwhistles in the project are more believable than others, but in their entirety they are pretty damning. Ripps is not the only one who has been outspoken about the issue, and is joined by people in and outside of the NFT world.

BitGo plans to seek damages from Galaxy Digital after they called off their $1.2 billion acquisition

In May 2021, investment management firm Galaxy Digital announced their plans to acquire crypto custodian BitGo for $1.2 billion in what would be the first $1 billion dollar deal for the crypto industry. At the time, crypto prices were near all-time-highs.

Galaxy Digital claims that BitGo failed to provide audited financial statements for 2021 by the deadline they had agreed upon, and for that reason they decided to end the deal.

BitGo claims they've still got time to provide the statements, and that Galaxy Digital owes them $100 million for breaking the deal, which they plan to pursue in court.

Galaxy Digital just reported a ~$555 million dollar loss in the second quarter, which may have contributed towards their choice to back out of the acquisition.

In June 2023, the Delaware Court of Chancery dismissed BitGo's complaint with prejudice, finding that Galaxy Digital had a "clean termination right" based on BitGo's failure to provide financial statements.

Eqonex closes its crypto exchange

The Nasdaq-listed firm Eqonex has announced they will close their "underperforming" crypto exchange, hoping to change their money allocation to "reflect the current market conditions and the opportunities that we are best placed to capture". They cited " extreme market volatility and declining trading volumes" as making it challenging to keep the exchange afloat.

They announced that the exchange will stop trading on August 22, and customers have a month to withdraw their funds.

Collector loses four Bored Apes valued at over $500,000 to phishing attack

An illustration of a white-furred ape, with a bandage around its eyes, wearing a toga.Bored Ape #2393, the one stolen NFT yet to be sold (attribution)
An NFT collector who goes by ASEC_APE lost four Bored Ape Yacht Club NFTs to a phishing attack. The attacker quickly flipped three of the four NFTs for a total of around 200 ETH (~$387,000). The fourth is listed for sale on the NFT platform X2Y2 for 84.59 ETH (~$159,000) — a total profit of $546,000 for the scammer if they find a buyer at that price.

ASEC_APE had just purchased the four NFTs between July 15 and August 13 for a combined total of 326 ETH (~$532,000 based on ETH prices at the time of each purchase; ~$631,000 at the price on the day of the theft).

One of the stolen NFTs, Bored Ape 9012, had just been stolen a week before from Cameo CEO Steven Galanis when his wallet was compromised, as were a handful of other pricey NFTs. ASEC_APE had purchased it from the person who purchased it from the hacker shortly after the August 6 theft.

Brazilian crypto lender BlueBenx halts customer withdrawals and lays off employees after $32 million "hack"

The Brazilian crypto lending platform BlueBenx suddenly shut its doors after announcing they had suffered an "extremely aggressive" hack of 160 million BRL (US$32 million). However, they shared very little in the way of details, leading investors to question the veracity of their story.

All 22,000 customers of BlueBenx suddenly found them unable to withdraw funds from the platform. The platform also reportedly laid off the majority of its employees.

Misconfiguration in the Acala stablecoin project allows attacker to steal 1.2 billion aUSD

A misconfiguration in a newly-deployed liquidity pool allowed an attacker to mint 1.2 billion aUSD, a stablecoin built on the Polkadot network. The exploit caused aUSD to lose its USD peg, initially dropping as low as $0.60 and hovering around $0.90.

Acala paused the protocol shortly after the attack, and disabled the transfer functionality of the stolen aUSD and of Acala-based tokens the attacker had swapped for some of the aUSD. It's important to note that the attacker could not earn a profit anywhere near $1.2 billion USD from the erroneous creation of new, unbacked tokens — they likely made off with around $1.6 million. Acala subsequently burned most of the new tokens, which helped the aUSD token return to between $0.90 and $0.94 — much closer to its intended peg.

Scammer trades fake ApeCoins for Bored Ape NFT

An ape with fur colored like television static wears a rainbow-colored hat with a propeller. Its eyes are closed, it's biting its lower lip, and it's wearing a black shirt with a skeleton printed on it.Bored Ape #8373 (attribution)
A scammer created a fake ApeCoin contract on the NFT Trader service, with tokens that appeared identical to the true ApeCoins but were actually worthless. After "chatt[ing] for a long time about location, jobs, the space", the owner of Bored Ape #8373 was convinced to trade it for 26,500 "ApeCoin", which would be valued at $163,770 if they were real. "I didn't bother double checking the contract as I figured [NFT Trader] only allows [OpenSea] verified collections and contracts anyway," the victim wrote on Twitter. The scammer flipped the NFT several minutes later for 78 ETH ($154,774).

Team member admits to taking more than $400,000 from Velodrome to try to recoup personal losses

On August 4, the team behind the Velodrome exchange and liquidity marketplace noticed that $350,000 had been taken from a team-operated wallet that was normally used for operational funds. They announced they were beginning an investigation into the theft, which they initially believed was due to a compromised wallet. Their team member Gabagool tweeted more details, underscoring that no user funds were lost.

On August 13, Gabagool posted a long confession to his Twitter account, writing that he had stolen the $350,000, and had previously taken $56,000 over the course of two months, to try to "revenge trade" the money he had lost in the crypto crash. Explaining why he took the $350,000, he wrote, "I thought I could make the 56k back and return all of the funds, which was delusional". He also wrote that "the majority of the funds have been returned to the Velodrome team. The rest will be." Velodrome later confirmed they had recovered all of the stolen money.

Gabagool had become a somewhat prominent part of the crypto community, providing insights into various crypto happenings as someone who was adept at tracing blockchain transactions. In June, he was featured in a Vice documentary titled, "Is Everything in Crypto a Scam?". He spoke about, among other things, his October 2021 discovery that the crypto-focused venture capital firm Divergence Ventures was Sybil attacking airdrops to claim millions in rewards. That particular incident ended with Divergence returning the money they had gained from the strategy, and Ribbon awarding 5% of that amount — equivalent to about $545,000 at the time — to Gabagool as a "bounty".