Now, Genesis' managing director has stepped down after five years. Kraken CEO Jesse Powell relinquished his title, planning to remain at the firm as a chairman. Alex Mashinsky has resigned as the CEO of Celsius Network in the midst of bankruptcy proceedings. And FTX US president Brett Harrison will also be stepping down.
Crypto executive exodus continues
- "Genesis director to step down and move into advisory role", Cointelegraph
- "C.E.O. of Kraken, the Cryptocurrency Exchange, Steps Down", The New York Times
- "C.E.O. of Celsius, the Crypto Bank, Resigns", The New York Times
- "Brett Harrison will step down as FTX US president, move into advisory role", Cointelegraph
Eight state regulators file enforcement actions against Nexo
Nexo had previously been warned to stop offering services in New York state and to register under securities regulations, but hadn't done so. Several states called into question Nexo's "real-time audit", which they describe as bogus. Kentucky also noted in their lawsuit that when the company's holdings of their own $NEXO token was taken out of the equation, the company appears to be insolvent.
Four NFTs valued at at least $150,000 stolen from Jason Falovitch
On September 25, Falovitch tweeted "I got hackled last night on Opensea. Apes, doodles, eth. It's not pretty." Four NFTs had been stolen from his wallet — two Doodles, and a Mutant and Bored Ape — along with 6 ETH (~$7,750). The Mutant and Bored Apes were both resold, for 15.99 ETH (~$20,700) and 82.69 ETH (~$107,000) respectively. Factoring in Doodle floor prices, the hacker is looking at at least $150,000 in profit.
The loss, however, is larger for Falovitch, who spent ~$377,000 on the four NFTs based on the price of ETH at the times of purchase. Falovitch tweeted after the hack, "Now I'm over $1M hacked in ETH and NFTs." It's not clear if he's referring to other wallets he may control that were compromised, previous hacks he's suffered, or if he's massively overestimating the value of the stolen NFTs. He also tweeted that he discovered his car was broken into as he went to drive to the police department to report the NFT thefts.
Well-known crypto researcher zachxbt, who is known for helping victims of wallet hacks recover their assets, tweeted to Falovitch: "Karma for all of the people you rekt with the scams promoted on your Instagram page. Definitely won't be tracking this one."
IRS gets permission for summons to go after taxpayers who didn't report crypto transactions
The press release stated, "Based on its recent experiences with cryptocurrencies, the IRS has strong reason to believe that many virtual currency transactions are not being properly reported on tax returns."
- "IRS Obtains Court Order Authorizing Summons For Records Relating To U.S. Taxpayers Who Failed To Report And Pay Taxes On Cryptocurrency Transactions"U.S. Attorney's Office, Southern District of New York
CFTC files suit against a DAO
This will certainly be interesting to watch. DAOs — decentralized autonomous organizations — are a popular form of web3 project governance where (typically) anyone who holds the governance token can vote on the actions of the DAO. There is little precedent in the way of filing charges against a DAO, and DAOs often don't have the liability protections of more traditional organizational structures.
- "CFTC Penalizes Blockchain Protocol $250K, Files Action Against Successor DAO", CoinDesk
- "CFTC Imposes $250,000 Penalty Against bZeroX, LLC and Its Founders and Charges Successor Ooki DAO for Offering Illegal, Off-Exchange Digital-Asset Trading, Registration Violations, and Failing to Comply with Bank Secrecy Act", CFTC
Man charged with seven felonies over crypto scams
In one, he conned two victims for $1.7 million by claiming to sell a powerful Bitcoin miner that didn't exist; instead, a fake machine in the office was connected to a monitor displaying prerecorded video to make it appear as though the machine was mining cryptocurrencies.
In another, he created a business he claimed would "Bank the Unbankable" by providing financial services to people who couldn't access them. Instead, the millions of dollars were spent on unrelated businesses.
- "Spanish Fork Man and His Two Businesses Charged with Wire Fraud and Money Laundering Offenses", U.S. Attorney’s Office District of Utah
- "Utah Man Charged With 7 Felonies in Connection to Alleged $1.7M Crypto Mining Scam", CoinDesk
Compute North, one of the largest crypto mining datacenters, files for bankruptcy
Wall Street Journal suggests that Coinbase tested proprietary trading
Coinbase has refuted the WSJ claims in a blog post, accusing the paper of confusing "client-driven activities" with prop trading. In a statement to the WSJ, published in the article alongside the allegations, a Coinbase spokesperson said that "Coinbase does not, and has never, had a proprietary trading business. Any insinuation that we misled Congress is a willful misrepresentation of the facts".
- "Coinbase Tested Group to Speculate on Crypto", The Wall Street Journal
- "In response to the Wall Street Journal", Coinbase
Investors seek to recoup around $30 million from Canadian "Crypto King" in his early 20s
So far, the court has seized two McLarens, two BMWs, and a Lamborghini — only a few cars out of the eleven luxury cars Pleterski owned, plus another four he was renting. Investors have also asked about the CA$45,000-a-month (~US$30,000) lakefront mansion he was renting in Ontario, watches, and gold bars, hoping they could be liquidated to repay some of his debts.
Pleterski had promised investors that he would invest on their behalf, taking 30% of any capital gains, with a goal of achieving 10–20% gains biweekly. He also promised that any loss on the initial investment would be paid back in full. Pleterski had made some money in crypto as a teenager, but according to him, he lost most of the money he was given to invest in late 2021 and early 2022 "in a series of margin calls and bad trades". An investor claims that at one point, he was given pictures and videos of financial statements showing an account with $311 million, but when he checked with the company supposedly maintaining the account, they said they had no accounts with that kind of funds. So far, the court and investors alike have struggled to untangle Pleterski's mess — according to him, he was unorganized and didn't track his finances or debts.
Wintermute hacked for $160 million
Wintermute hasn't disclosed more about the attack, but it's possible that the hacker may have exploited the vulnerability in the vanity wallet address generator Profanity, which was disclosed five days prior. The crypto asset vault admin had a wallet address prefixed with 0x0000000
, a vanity address that would have been susceptible to attack if it was created using the Profanity tool.
This is the second incident involving Wintermute in the past few months. In June, the group provided the wrong wallet address to the Optimism project, and Optimism sent 20 million OP tokens to a non-existent address. Another person noticed the error before they did and was able to take the tokens. They ultimately returned 17 million of the tokens to Wintermute, keeping the rest as a "bounty". $OP have been trading at around $1 as of mid-September.
SEC files emergency action to stop CryptoFX scam
The United States Securities and Exchange Commission filed an emergency action to stop the fraud and freeze assets, which was granted on September 29, 2022. The SEC then filed a complaint against the company and its leaders Mauricio Chavez and Giorgio "Gio" Benvenuto. The SEC alleged CryptoFX had raised at least $12 million from 5,000 investors, which ostensibly would be put into crypto markets but instead was primarily used to "fund [Chavez's] real estate company and extravagant lifestyle".
- "SEC Halts Crypto Asset-Related Fraud Victimizing Latino Investors", United States Securities and Exchange Commission
Sparkster settles for $35 million with the SEC; SEC charges crypto influencer
The SEC also charged crypto influencer Ian Balina for his involvement with the scheme. He allegedly accepted a 30% bonus on the $5 million worth of SPRK tokens he purchased in an agreement to promote the project on YouTube, Telegram, and other channels, but did not disclose his compensation. He also organized an investing pool with more than 50 investors, and also didn't register it with the SEC. Balina had advertised that he could help people "make millions with initial coin offerings".
- "Sparkster to Pay $35 Million to Harmed Investor Fund for Unregistered Crypto Asset Offering", U.S. Securities and Exchange Commission
- U.S. SEC v. Ian Balina
UK financial regulator warns against FTX exchange
A spokesperson from FTX said they believed that "a scammer is impersonating FTX", which they said they thought led to the warning. However, that statements in the warning are accurate: FTX is not registered with the FCA, and they serve UK customers.
- FTX, Financial Conduct Authority
- "UK Regulator Issues Warning on Crypto’s FTX to Consumers", Bloomberg
Scammer earns 13 ETH ($17,500) from fake Mutant Ape scheme
The trader ended up with a worthless counterfeit and a measly 0.5 ETH for his pricey NFT. The scammer quickly flipped the real Mutant for 13.5 ETH, making a tidy $17,500 profit.
Whale illustrates price manipulation risk in GMX exchange, profits more than $400,000
A whale was able to take advantage of this "feature" by taking large positions in AVAX, the token belonging to the Avalanche blockchain, which has relatively low liquidity compared to larger tokens like Bitcoin or Ether. The whale then manipulated the price by making large trades on a centralized exchange, taking an estimated profit of between $400,000 and $450,000 after fees.
Some had publicly expressed concerns about the possibility of such an exploit earlier in September: Taureau, a founder of another decentralized exchange, had outlined the possibility of an exploit like this on a podcast episode on September 1.
GMX responded to the incident by capping the size of positions that users can take on AVAX. Another project, MM.Finance, announced they would be pausing order execution on their MadMex platform, which is a fork of GMX.
Binance accounting bug involving Helium tokens results in $19 million of erroneous payouts
Binance distributed around 4.8 million HNT before discovering and patching the bug, valued at around $19 million.
Hours after Ethereum transition to proof-of-stake, SEC Chair says PoS crypto could be classed as securities
Later that day, SEC Chairman Gary Gensler pointed to the staking mechanism as a signal that an asset might be a security as determined by the Howey test.
There has been much discussion over whether cryptocurrencies in general or individually should be considered securities, commodities, or possibly even something else. Broadly, people within the crypto community don't want to see the assets fall under SEC jurisdiction, as the SEC is seen as much less friendly to the industry than the CFTC.
- "Ether’s New ‘Staking’ Model Could Draw SEC Attention", The Wall Street Journal
Vulnerability discovered in vanity wallet generator puts millions of dollars at risk
0xdeadbeef52aa79d383fd61266eaa68609b39038e
(beginning with deadbeef), or one with lots of 0s at the end, or some other address the user thinks looks cool.However, because of the way the Profanity tool generated addresses, researchers discovered that it was fairly easy to reverse the brute force method used to find the keys, allowing hackers to discover the private key for a wallet created with this method.
Attackers have already been exploiting the vulnerability, with one emptying $3.3 million from various vanity addresses. 1inch wrote in their blog post that "It's not a simple task, but at this point it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions."
The maintainer of the Profanity tool removed the code from Github as a result of the vulnerability. Someone had raised a concern about the potential for such an exploit in January, but it had gone unaddressed as the tool was not being actively maintained.
"No politics at work" Coinbase rolls out a feature to promote crypto-friendly politicians
Now, he's just announced that Coinbase will be "integrating our crypto policy efforts right into our app" by providing a rating of Congressmembers' negative or positive "crypto sentiment". He also said that they plan to "help pro-crypto candidates solicit donations from the crypto community (in crypto)", and wish to get their users to attend town hall events. "We've also added a very easy way for you to contact your member of Congress to urge them to support pro-crypto policies," Armstrong said in a video demonstrating the feature.
"Double your money" scammers capitalize on Ethereum merge
Most of the tweets say something like "To celebrate the Merge, Ethereum Foundation giving away 50,000 ETH!", and link out to various websites that invite people to send some amount of Ethereum with the promise that they'll receive twice as much in return — a classic double-your-money scam.
At least 36 verified Twitter accounts were compromised and used for the scam, including the 6 million-follower Cityarabia account that normally tweets for Arabic-speaking fans of the Manchester City football club. On the afternoon and evening of September 14 alone, at least 195 ETH (~$314,000) was drawn in by the accounts and scam websites I found.
South Korea issues arrest warrant for Terra founder Do Kwon
Kwon and the others named in the warrant are currently in Singapore. In June, Korea banned current and former Terraform Labs employees from leaving the country, and in July Korean authorities raided multiple exchanges in connection to their investigation.
Starbucks wants you to have an "immersive coffee experience" with their web3 rewards program
Despite that, Starbucks has apparently decided that what its rewards program really needs are "digital collectible stamps", a euphemism for NFTs that somehow makes them sound even less appealing.
These NFTs promise to provide their holders with "immersive coffee experiences", which sounds an awful lot like what cost McDonald's a few million in the mid-nineties.
Unfortunately for Starbucks, between the time they came up with the idea, announced it at their town hall, and are now inviting people to sign up to the waitlist, the NFT craze has died down considerably. Even at the peak of NFT mania, though, I'm not sure if people would have been lining up to buy "digital collectible stamps" that allow them to "claim an ownership stake in their loyalty to Starbucks" (what??)
Ubisoft now claims its forceful introduction of NFTs was only "research"
Well, despite being pretty bullheaded about their stance on NFTs and web3, even Ubisoft is now backing away from it all. In April, only a few months after launch, Ubisoft announced that there would be no more NFTs for the Ghost Recon Breakpoint title. Now, the CEO is putting a different spin on the company's once determination to introduce NFTs: "we are still in research mode" when it comes to web3 technologies, he said. "We probably were not good at saying we are researching. We should have said we were working on it, and when we have something that gives you a real benefit, we'll bring it to you." I imagine that might come as a shock to the handful of people who actually bought the Ghost Recon Breakpoint NFTs, given they were promised "real benefit" back in December and are now left with useless collectibles.
Algorand Foundation discloses $35 million exposure to Hodlnaut
The Algorand Foundation reassured people that the funds potentially lost to Hodlnaut were less than 3% of the Foundation's assets, and "we do not anticipate operational or liquidity issues due to this action". They also wrote that they would be "pursuing all legal remedies to maximize asset recovery".
- "Algorand Foundation exposure to Hodlnaut", Algorand Foundation
New Free DAO loses $1.25 million in flash loan attack
Shiba Inu developers leak AWS credentials on Github
On September 8, a security researcher published a blog post reporting that the developers behind the Shiba Inu coin — one with reality-defying levels of popularity at #13 on the list of coins by market cap — had apparently published their AWS credentials to Github. After making the discovery, his team attempted to contact the developers, but were not able to find a bug bounty program, responsible disclosure policy, or even people they could reach out to personally.
Luckily for Shiba Inu (and somewhat miraculously), the tokens were invalidated two days later before anyone malicious apparently took advantage of the vulnerability. The researcher wrote that the exposure had "the potential to cause serious security breaches, including but not limited to user fund theft, token embezzlement, disruption of services, etc."
Coinbase funds lawsuit against the Treasury Department over Tornado Cash sanctions
In the suit, they argue that the Treasury Department overstepped its authority in what it can sanction, claiming that "Tornado Cash software, including the smart contracts, consists of immutable open-source software code, which is not property, a foreign country or a national thereof, or a person of any kind." They've also argued that the designation is unconstitutional under both the free speech protections of the First Amendment and the due process protections of the Fifth Amendment.
Crypto reacts to Queen Elizabeth's death
Is there a way to include in one's will that you don't wish to be turned into an NFT or commemorated with a "Queen Inu" token when you die? Asking for a friend.
Company begins selling Celsius-themed Monopoly game... three months after Celsius suspends withdrawals
If you were wondering who might decide to sell such a product, well, USA Strong's founder and CEO is none other than Krissy Mashinsky, wife of Celsius founder Alex Mashinsky.
Both the announcement tweet and the game product page were taken down shortly after the announcement, likely due to the less-than-enthused response from Celsius users.
- Tweet by Stephanie Martin
- Celsiusopoly on USA Strong
Investors face $11 million loss in VBit Technologies/Advanced Mining Group, an alleged crypto Ponzi scheme
However, customers trying to withdraw their "rewards" saw increasing delays in receiving their payouts — days, then weeks, then an indefinite pause. A COO hired by the group left the company only three weeks later. On June 27, the group sent an email to its customers explaining that there was a "potential pending settlement" with the SEC — the first customers heard of the existence of any investigation — and that they would no longer serve customers in the U.S. On July 15, the company promised to refund customers what they paid to sign up with the program, but no refunds or further updates have materialized.
The company has faced lawsuits in Washington state and Delaware, and apparently operated for two years after executives had acknowledged they were violating securities laws. The Delaware lawsuit describes the operation as a Ponzi scheme, and alleges that the company sold packages that would have required far more computing power than the company actually had access to.
- "Investors fear millions lost in Pennsylvania’s largest cryptocurrency scandal based in South Philly", The Philadelphia Inquirer
David Bowie NFTs anger fans
A tweet from OpenSea announcing the project received some positive replies, and a lot of other NFT projects trying to promote Bowie-themed NFTs they'd included in their collections. However, the tweet from David Bowie Twitter account seemed to be received almost universally negatively, with many commenters writing that they wished the estate would just raise money for charity without getting into NFTs, and others writing that they didn't think Bowie would have supported NFTs.
On September 10, the account announced that "Out of respect for the people of the UK and Queen Elizabeth II, we will be postponing the 'Bowie on the Blockchain' sale. We will update soon."
Flash loan attack nets attacker $370,000 from several sources
Binance plans to convert USDC and other stablecoins into their own BUSD stablecoin
Binance claims the move is to "enhance liquidity and capital-efficiency for users", but the conversion and Binance's related decision to stop trading on spot pairs involving those same stablecoins seems like an attempt to increase the status of its own stablecoin against that of rivals.
Poolin suspends withdrawals from their wallet service
Poolin users had been complaining about issues withdrawing from their Poolin wallets since at least August, which had sparked rumors of liquidity problems prior to the announcement. Poolin said in their announcement that they would announce their plans to resume withdrawals within two weeks. However, a week later, they instead told customers they would be receiving "IOU" tokens.
Bitcoiner gets 6–15 months in prison, warns others about making peer-to-peer Bitcoin trades
In 2019, his home was raided in connection to a Nigerian lottery scam, for which he converted between half a million and $1.5 million to cryptocurrency over the span of half a year. He was ultimately charged with "illegally operating a cash-to-cryptocurrency conversion business", to which he pleaded guilty (by his telling, in an attempt to get charges against his family members dropped).
Hopkins claims that "any time anyone with a crypto trades p2p (i.e., not with an exchange), they're legally liable under this statute as it's currently interpreted", though authorities have claimed that Hopkins knowingly aided the lottery scammer by telling them "I'm set up as a marketing company, so tell them you're paying for a marketing campaign".
- 'Doctor Bitcoin' Pleads Guilty to Illegal Cash-to-Crypto Scheme, U.S. Attorney’s Office of the Northern District of Texas
- "Bitcoiner sentenced to federal prison warns users involved in OTC trading", CoinTelegraph
Islamic State tests out NFTs
The token was briefly listed on OpenSea, Rarible, and various other marketplaces before those marketplaces took it down. However, because it was minted on the blockchain, the token itself cannot be removed. "It's very much an experiment...to find ways to make content indestructible," said Raphael Gluck, a co-founder of a jihadist research group.
- "Islamic State Turns to NFTs to Spread Terror Message", The Wall Street Journal
Crypto scam watchdog group launches NFT project, which is then exploited
Ironically, a flaw in the project's smart contract allowed individual wallets to mint many NFTs at once, rather than one per wallet, allowing two people to game the system and snap up more than 450 NFTs rather than the one they were allowed. Rug Pull Finder wrote that "An exploit was shared with us 30 minutes before mint went live. After reviewing it with 3 different dev teams, we did not believe the credibility of the information sent to us... We were clearly wrong, and we are truly truly sorry".
Rug Pull Finder announced that they had reached an agreement with the people who gamed the mint, and would buy back the 366 NFTs the duo still held for 2.5 ETH (~$4,000).
Crypto security researcher OKHotshot wrote, "I think its concerning when security minded projects like RugPullFinder get their discord breached and their code exploited yet they're offering those exact services to customers."
Georgian Coinbase customers take advantage of 100x price bug
Some users who took advantage of the bug and withdrew funds to their bank accounts found their accounts frozen shortly after, when Coinbase noticed the error and began working to claw back the funds. According to Coinbase, about 1,000 users took advantage of the error.
Attacker exploits bug in ShadowFi to empty $300,000 liquidity pool
The project had only just launched that same day, after running a presale of their SDF tokens. The project promised to allow people to "Take your spending away from the floodlights of surveillance capitalism" and apparently involves sending people prepaid Visa cards to help them cash out their cryptocurrency without connecting a bank account or providing KYC information.
Holding company for Mercado cuts 15% of employees
Describing the layoffs, a spokesperson for 2TM said that Mercado was suffering for playing by the rules. "The competitive environment remains deteriorated and unfair, lacking the approval of the legal framework for crypto-activities, as players following the law are penalized by companies that ignore local rules."
dYdX infuriates users by requesting "liveness checks" via webcam, cancels campaign due to "overwhelming demand"
This infuriated many crypto users, who were horrified that dYdX would try to collect this kind of biometric data. "DYDX just nuked itself. I would never use this platform," wrote a prominent trader.
On September 1, dYdX tweeted that "Due to extremely overwhelming demand of the $25 deposit bonus promotion, we are ending the campaign, effective immediately. Thank you to the many thousands of new users that onboarded to dYdX today. We truly underestimated the amount of interest the campaign garnered." They made no mention of the backlash against the liveness checks, but quietly removed the mentions of the system from their website.
Bill Murray's NFT charity auction nets $185,000, which is then immediately stolen
However, hours after the auction, a hacker gained access to Murray's crypto wallet and snagged the ETH for themselves. They also attempted to steal 800 NFTs from the remaining collection by Bill Murray, though a wallet security team was able to safeguard those NFTs in time.
Murray's team confirmed the theft, and said they are working with the police and Chainalysis to identify the hacker.
Attackers steal around $265,000 of user funds from KyberSwap exchange
Kyber identified and remedied the issue after two hours of investigating it, and only two wallets were affected. Kyber promised to compensate the users who lost funds, and also tried to tempt the hacker into returning funds by allowing them to keep 15% of the stolen money as a "bounty" (~$40,000).
Snapchat abandons its web3 plans
This news came amidst the announcement that Snap would be laying off 20% of its staff, a whopping 1,300 people.
- "Snap to 'sunset' web3 team in company restructuring", The Block
- "Snap explores plans to let users showcase NFTs as filters", Financial Times
Unable to recover from the April Rari exploit, Babylon Finance shuts down
Since April, Babylon tried to recover from the hack. However, they described it as "the domino that kickstarted a series of unfortunate events". Rari canceled their planned reimbursement, users withdrew their funds from Babylon Finance, the Fuse pool on Rari was abandoned, and the token price decreased from around $20 to around $5.
On August 31, Babylon Finance's founder Ramon Recuero published a blog post announcing that Babylon would be shutting down. They promised to distribute the remaining project treasury among holders. Users were told to withdraw their funds by November 15.
- "Babylon Finance is shutting down", Ramon Receuro
Lawyer Kyle Roche withdraws from several crypto class-action lawsuits after allegations that he was involved in "gangster-style" schemes to hurt competitor projects
Although Roche has denied the claims by the site, and stated that someone deliberately got him drunk and then took clips of videos out of context, it probably doesn't look so good for a lawyer to be referring to jurors as "10 idiots", or plaintiffs in class-action lawsuits as "100,000 idiots".
Helium ditches its blockchain
Now, Helium is ditching its custom Helium chain in favor of a Solana-based token, and scrapping the blockchain entirely for the portions of its service that actually used the blockchain for anything beyond handling rewards.
Helium seems to have realized, finally, that blockchains tend to be slow as hell. In a blog post about the change, they wrote that "specific transactions, including Proof-of-Coverage and Data Transfer Accounting, are processed on-chain unnecessarily. This data bottleneck can cause efficiency issues such as device join delays and problems with data packet communications, which bloats the Network and causes slow processing times." They outline their plans to move these portions of the project to a "more traditional large data pipeline" — that is, infrastructure that's actually well-suited to that kind of processing.
- "HIP 70: Helium Core Team Proposes to Migrate to Solana", Helium Foundation
- Helium Tracker
DC Attorney General sues Michael Saylor and MicroStrategy for tax evasion
DC permits the court to impose "treble damages" on Saylor if he is determined to have evaded the taxes he owes, which could end up costing him and MicroStrategy more than $100 million in taxes and penalties.
- "AG Racine Sues DC-Based Billionaire Michael Saylor & Software Company Microstrategy for Evading More Than $25 Million in District Taxes", Office of the Attorney General for the District of Columbia
Compound Finance breaks their cETH market for a week
Thodex CEO arrested over a year after fleeing Turkey in the wake of the exchange's collapse
His plan to somehow work off anywhere from $24 million to $2.5 billion in debts was stymied when he was apprehended by Albanian authorities. He faces extradition to Turkey, where a prosecutor has asked for sentences of 40,564 years for him and other executives (just in case, I guess).