Altogether, an estimated $1.7 million was moved through various services to obfuscate the flow of funds.
Wallets linked to Sam Bankman-Fried's Alameda Research unexpectedly begin selling off $1.7 million in tokens
3Commas finally owns up to API key leak
3Commas did not come off looking very good after this incident, after they spent weeks denying any breach and accusing those who were concerned 3Commas had been compromised of spreading misinformation and "FUD".
Researcher zachxbt wrote that he had verified 44 victims who had lost a combined $14.8 million due to the leak, although he acknowledged that this was only the number of people he could verify and that the total number of people affected was likely much higher.
Midas Investments platform closes after revealing they're $63.3 million in the hole
Users with assets on the platform will see a significant haircut in what they are allowed to withdraw. Midas intends to keep 55% of the Bitcoin, ETH, or stablecoins held by users in their accounts, as well as any rewards users had earned.
Lest the users be too upset that more than half of their assets no longer belong to them, fear not: Midas will be making up the difference in a new, valueless token that does not yet exist, but that will be associated with some future project that Midas has not described yet. You're welcome!
They've also announced they will be pivoting to "CeDeFi". Yes, that is indeed short for "centralized decentralized finance". No, I am not joking.
Mango Markets exploiter arrested despite claiming all his actions were legal
It quickly became apparent that a man named Avraham Eisenberg was behind the exploit. In screenshots leaked from a conversation in a private Discord channel shortly before the attack, Eisenberg talked about the exploit he had planned. "I'm investigating a platform that could maybe lead to a 9 figure payday. Should I do it?" he wrote. When someone replied, "unles[s] it is highly illegal", Eisenberg responded: "Are there rules these days?" When someone suggested responsibly disclosing the vulnerability to the protocol, Eisenberg refused, saying the bug bounty was likely to be too small.
Eisenberg later owned up to the attack, tweeting a thread in which he wrote that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are."
The feds apparently disagreed with his evaluation, and arrested Eisenberg in Puerto Rico on December 26. He is charged with commodities fraud and commodities manipulation.
BTC.com suffers $3 million attack
BTC.com is the seventh largest Bitcoin mining pool, which also operates other crypto mining services. Its parent company, BIT Mining, is publicly traded on the NSYE.
- "Bitcoin mining pool BTC.com reports $3M cyberattack", Cointelegraph
- "BIT Mining Limited Subsidiary Experiences Cyberattack", press release
Millions of dollars of user funds stolen in BitKeep wallet hack
BitKeep has claimed that attackers were able to compromise a version of their software and introduce malicious code which enabled them to drain user funds. BitKeep recommended their users contact the team behind BNB Chain on social media to plead with them to freeze an address used by the hackers, although the attackers had already begun to tumble the funds.
This is the second BitKeep-related hack in the last few months. In October, hackers stole more than $1 million worth of BNB when the Swap feature of the BitKeep wallet was exploited.
Rubic cross-chain exchange hacked, $1.4 million in user funds stolen
Rubic paused their project to limit further thefts, and stated they would pursue audits before coming back online. They also stated that they would "strive to compensate for the losses".
Police arrest two executives of shuttered AAX exchange
Now, Hong Kong police have arrested Liang Haoming and Thor Chan, two executives connected to AAX. Police have reportedly accused the men of using the maintenance excuse to halt customer withdrawals while dealing with a liquidity crisis.
- "2 executives of crypto exchange AAX arrested in Hong Kong: Report", CoinTelegraph
- "虛擬貨幣交易平台AAX倒閉 警拘兩男涉欺詐 主腦捲2.3億潛逃海外", 香港01 (in Chinese)
Defrost Finance fails to rug pull
Observers were quick to notice that the "hack" was made possible by the addition of a fake collateral token, which was then manipulated to liquidate the protocol's users, suggesting the "hack" was likely an inside job.
On December 26, Defrost claimed that the "hacker" had miraculously returned the money. The announcement didn't seem to convince the project's users, who left comments like, "It was never hacked. You tried to rug your users".
Defrost Finance's team had previously run a project called FinNexus, which also suffered a "hack" in May 2021 that was widely believed to have been a rug pull.
The latest Pokémon knockoff is stopped in court
Now, it seems that The Pokémon Company International (TPCI) is doing something about it. They hired private investigators to try to locate and serve a company called Kotiota with legal papers, though ultimately were unsuccessful in finding their offices or any employees.
Kotiota was engaged in unusually brazen Pokéfraud, sending legal letters to news outlets who had written about the real Pokémon games and insisting they be named as a developer. Their website falsely claimed Kotiota had been working on various recent Pokémon games, and the company had even forged an agreement with TPCI to claim they had a license agreement.
Kotiota had been planning to release a Pokémon-based play-to-earn blockchain game and collection of NFTs in January 2023, but an Australian court has barred the company from doing so, and ordered them to stop using the Pokémon brand or claiming to have developed the games.
FTX executives Caroline Ellison and Gary Wang plead guilty to criminal charges, are cooperating with investigation
Ellison's and Wang's pleas were announced in a short message by U.S. Attorney Damian Williams, who did not elaborate on what the charges were. He again urged any others who had knowledge of criminal activity at FTX to come forward, and warned that these were not the last charges he expected to file.
Simultaneously with the charges from the Justice Department were civil complaints from the Securities and Exchange Commission, which alleged that both had been involved "in a multiyear scheme to defraud equity investors in FTX". In particular, the SEC accused Ellison of artificially manipulating the price of FTT, the FTX-issued token that formed a large portion of Alameda's balance sheet. The SEC accused Wang of creating a backdoor in FTX software that allowed Alameda to move customer funds from FTX for use in its trading activities.
The CFTC filed an amendment to their complaint against Sam Bankman-Fried, adding Ellison and Wang as defendants.
- Announcement from the U.S. Attorney's Office for the Southern District of New York
- "Two Executives in Sam Bankman-Fried's Crypto Empire Plead Guilty to Fraud", The New York Times
- "TECH FTX’s Gary Wang, Alameda’s Caroline Ellison plead guilty to federal charges, cooperating with prosecutors", CNBC
Paxful crypto marketplace delists ether, citing "scams that have robbed people of billions"
So close. You're almost there.
Paxful CEO Ray Youssef said in an email to the platform's claimed 11.6 million customers that the decision was based on Ethereum moving from proof-of-work to proof-of-stake, not being decentralized, and spawning an ecosystem of scammy Ethereum-based altcoins. The email featured a header photo of Youssef himself posing triumphantly, and Youssef spent much of the subsequent day tweeting memes he made from pictures of himself.
With the loss of ether, the platform will only allow swaps of Bitcoin, Tether (USDT), and USDC — despite both Tether and USDC being Ethereum-based tokens.
Swan Bitcoin releases a new product to streamline the process of losing your house speculating on Bitcoin
"Rates starting at 7.5%, with 80% Bitcoin upside appreciation", they say. Downside risk is, naturally, not mentioned.
For those unfamiliar, Swan Bitcoin is a US-based Bitcoin-only crypto platform (although CEO Klippsten would surely yell at me for saying it is a "crypto platform", as he insists at every opportunity that "Bitcoin is not crypto").
Core Scientific Bitcoin mining firm files for bankruptcy
Core Scientific is only one of many Bitcoin miners in distress, as low Bitcoin prices and other factors make mining much less profitable. Other mining firms, including Argo Blockchain and Greenidge Generation, have warned that they may face bankruptcy in the near future. Some firms, such as Iris Energy, have powered off a significant amount of their mining capacity.
Auros files for bankruptcy
Now, however, Auros is seeking a "light touch" liquidation path that would allow them to continue operations while they develop a restructuring plan. Meanwhile, they have missed another Maple loan repayment, this time for $7.5 million.
Court filings have revealed that "a significant proportion of the Company's assets" are frozen with FTX, leaving the company insolvent. These assets have an estimated value of $20 million.
Waves founder announces a new, "undepeggable" stablecoin as USDN even more dramatically de-pegs
The USDN stablecoin remained within a few cents of its intended USD peg for about a year, before losing its peg in April. Since then, it has had a pretty bumpy road, spending much of the year more than a few cents off the dollar peg, and dropping much farther below it in early November.
A less-than-enthused commenter responded to Ivanov's Twitter announcement of a new coin, writing, "My brother in Christ more stablecoins to depeg is not the answer". "It will be undepeggable", replied Ivanov. Well, in that case.
Scammer steals fourteen Bored Apes from one victim, flips them for over $1 million
After some back-and-forth, with legitimate-looking contracts and falsified emails appearing to come from the real company's real founding director, the NFT collector was asked to use their crypto wallet to sign a contract, via the fake company partner website that had been set up.
When the collector did so, the smart contract drained the collector's wallet of its fourteen pricey Bored Ape NFTs, then accepted the highest offers that were outstanding on each of the Bored Apes, netting 852.9 ETH. The scammer converted the stolen ETH to the DAI stablecoin, making off with $1,075,000 in DAI.
Over 100 Bitcoin moved from dormant QuadrigaCX wallets in "unauthorized" transfer
Now, someone has moved 104 BTC (priced at $1.75 million today) from what is supposed to be a Quadriga cold wallet. In 2019, Quadriga's bankruptcy trustee Ernst & Young revealed they had erroneously transferred these roughly 100 Bitcoin to that wallet, which they could not access. Oops.
Most of the stolen BTC was transferred to a privacy service to obfuscate its ultimate destination. Ernst & Young subsequently confirmed the transfers were "unauthorized transactions" and not performed by them.
- "QuadrigaCX Has Had an Improbable Week", CoinDesk
Raydium exploit results in ~$5 million loss
Raydium claims the exploit was a trojan attack, though they've provided no further evidence to substantiate this. According to Raydium, a trojan allowed an attacker to compromise the private key belonging to the pool owner account. With control over the private key, the attacker was able to withdraw a mix of assets from the pools. They bridged at least $2 million to Ethereum and tumbled them through Tornado Cash; another $1.5 million remained on the Solana chain, where some projects began freezing assets.
Raydium has offered a 10% "bug bounty" to the hacker if they return the stolen funds.
Auditing firm cuts ties with crypto clients, deletes Binance's "proof of reserves" report they issued days prior
On December 7, a branch of Mazars Group had published a "proof of reserves" report for Binance — though it only accounted for Bitcoin, and did not reflect liabilities for Binance's lending product. On December 9, Crypto.com also published a "proof of reserves" report that had been produced by the firm.
As of December 16, the Binance audit — which had been hosted on Mazar's website — had been deleted.
"Proof of reserves" reports have been offered by various cryptocurrency exchanges in lieu of proper audits, but have reasonably failed to reassure many customers of those exchanges. These reports do not involve the scrutiny that would be applied by a full audit — they only reflect a snapshot of assets at a point in time, and do not show a firm's liabilities.
Donald Trump teases a "major announcement" that's just NFTs
Trump supporters got all excited when Trump posted on social media to tease a "major announcement". Was he going to run for speaker of the House? Return to Twitter? Unveil a presidential running mate?
His supporters were surprised — and not exactly thrilled — when the announcement turned out to be a collection of 45,000 NFTs (sorry, "digital trading cards") featuring artwork of himself in heroic outfits and poses. The NFTs are "just" $99 apiece, and money goes to Trump, not his campaign.
Even some of his strongest supporters were nonplussed. Steve Bannon said, "I can't do this anymore," and opined that he should fire whoever advised him to make the collection. A source working for Trump said that he is "supposed to be running for president right now", and questioned how "fleecing our supporters for $99" was in service of that goal.
Nevertheless, the NFTs seemed to sell decently well, with more than 30,000 minted by that evening.
Binance withdrawals surge due to concerns over the company's reserves
These mass withdrawals signal concerns about Binance, whose users are looking for reassurance that the company is not engaged in similarly shady practices as their now bankrupt rival FTX. Recent news that the US Department of Justice is considering criminal charges against the company has not helped reassure customers.
Sam Bankman-Fried arrested
Argo Blockchain faces possible bankruptcy
As a result of the inadvertent publication of bankruptcy documents, the London Stock Exchange and Nasdaq paused trading on the company's stock. The company published a statement saying they had requested trading be re-enabled, since they had not actually filed for bankruptcy (yet).
U.S. Department of Justice is considering filing criminal charges against Binance
Reuters reports that Binance's defense attorneys have argued, among other things, that "a criminal prosecution would wreak havoc on a crypto market already in a prolonged downturn." Well then.
Decentraland adds that one feature we've all been waiting for: landlords
In case you were wondering, I checked, and yes. Someone has already come up with the concept of metaverse mortgages.
Personally, I'm excited to see other horrific parts of the system of homeownership get recreated virtually. Metaverse homeowners associations. Metaverse building permit red tape. Metaverse NIMBYs. Metaverse property liens. Metaverse neighborhood watch.
Lodestar Finance attacked and drained of nearly $7 million in assets
According to Lodestar, they think they may be able to recover around $2.4 million of the stolen funds. Meanwhile, they have attempted to contact the thief to try to negotiate the return of stolen funds. "We will generously reward your collaboration," they wrote on Twitter.
CEO of crypto media outlet The Block resigns after it's revealed he took tens of millions in loans from Sam Bankman-Fried
Now it has come to light that McCaffrey had actually taken a series of loans amounting to $43 million from Sam Bankman-Fried, founder of the now-collapsed FTX exchange and Alameda trading firm. According to McCaffrey and various others at The Block, he was the only one who knew of the arrangement.
The original $12 million loan was used for the company buyout. Another $15 million loan in January 2022 went towards company operations. A third $16 million loan was used... to buy personal real estate in the Bahamas.
Meanwhile, The Block's disclosures page reads, "It is critical that The Block is fully transparent about our own financial holdings so as to avoid any appearance of bias or impropriety. The most valuable asset that we hold and strive to earn again every day is our reader's trust. Therefore, we have implemented a financial disclosure policy that is industry leading."
Class action lawsuit against Jimmy Fallon, Paris Hilton, Justin Bieber, Gwyneth Paltrow, and others accuses them of undisclosed NFT promotions
The promoters listed in the lawsuit are: talent manager Guy Oseary, digital artist Beeple, Madonna, Paris Hilton, Jimmy Fallon and related entities, Justin Bieber, Gwyneth Paltrow, Serena Williams, Diplo, Post Malone, Snoop Dogg, Kevin Hart, the Chainsmokers, Steph Curry, Future, The Weeknd, DJ Khaled, and Adidas.
Former Love Island Australia contestant Vanessa Sierra rug pulls her NFT project
An investigation by OKHotshot has reported that Sierra rug pulled the NFT project, using project funds to wash trade her own NFTs before cashing out. In total, she withdrew 120 ETH (at the time worth around $316,000; today worth around $151,000). Throughout, Sierra claimed that "absolutely none of the funding has been taken by founders".
In addition to the allegations around her NFT project, OKHotshot identified other shady behavior by Sierra, such as pumping-and-dumping other NFTs she'd purchased, and placing lowball offers in $DAI on big-ticket NFTs, hoping that their owners would mistake them for ETH.
After OKHotshot published the thread, Sierra blocked them on Twitter, and deleted the NFT project's Twitter account and website.
Digital Surge enters administration
Some of Digital Surge's customers reported having entrusted the company with hundreds of thousands of dollars from their superannuation funds (retirement pension). "I lost everything," said one customer who had put his entire superannuation of more than AU$150,000 (~US$102,000) into his Digital Surge account, where it is now frozen.
FTX-hosted NFTs break after website is redirected to a restructuring page
However, NFTs that had been minted on the FTX platform relied on metadata from an API at that domain, meaning that the NFTs are now pointing to broken links. Owners of these NFTs can still see that the NFT exists, but images no longer work—even when viewing the NFTs in their own wallets, or when listing them for sale on other platforms.
Other projects that rely on the FTX NFT platform's API, such as the Coachella NFT project, also broke: the Coachella NFT platform shows 0 NFTs in existence. Those NFTs still show up where they are listed on external NFT platforms, although the images and metadata are broken.
- Tweet by jac0xb.sol
- Coachella NFT marketplace
- Broken Coachella NFT on the Magic Eden marketplace
Koinly lays off 14% of staff
The layoffs were reportedly "terribly" executed, with days of uncertainty and employees receiving little or no notice before being fired.
Swyftx lays off another 40% of employees
Swyftx's CEO admitted the company had grown too fast. He attributed the decision to the continued downturn in the crypto market and shaken trust as a result of FTX, though Swyftx says they had no direct exposure to the bankrupt crypto exchange.
Orthogonal Trading is insolvent, defaults on $36 million in loans
On December 3, Orthogonal Trading admitted to Maple that they were unable to meet loan repayments. The group was unable to repay a $10 million loan due the following day. The group has $36 million in liabilities across various loans on Maple's USDC and wETH pools.
Orthogonal Credit, a sister group to Orthogonal Trading, published a blog post distancing themselves, writing that they were "shocked and dismayed" by Trading's misrepresentation. "We are speechless by the extent of the exposure and liquidity position of Orthogonal Trading’s book of business," they wrote. They attributed the insolvency to FTX exposure.
- "Maple Severs All Ties With Orthogonal Trading", Maple
- "Maple Finance Severs Ties With Orthogonal Trading, Alleging It Misrepresented Financial Position", CoinDesk
- "Statement from the Orthogonal Credit Team — December 5th 2022", Orthogonal Credit Medium
- "Orthogonal Trading defaults on $36 million of loans on Maple Finance", The Block
Bybit lays off another 30% of employees
In a Twitter thread, Bybit CEO attributed the layoffs to the "deepening bear market" and said the layoffs touch all departments.
"We are all saddened by the fact this reorganisation will impact many of our dear Bybuddies and some of our oldest friends," he wrote. On the bright side, they no longer have to be called "Bybuddies".
Genesis owes $900 million to customers of Gemini Earn
Gemini has formed a creditor committee to try to recoup funds from Genesis, as well as Genesis parent company DCG.
- "Crypto broker Genesis owes Winklevoss exchange’s customers $900mn", Financial Times
AAX customers search for executives
On November 28, the company's vice president for global marketing and communications acknowledged that he had resigned from the company, explaining on Twitter that "I did fight for the community but none of the initiatives we came up with were accepted."
Upon realizing that the exchange was unlikely to resume withdrawals, some customers have taken it upon themselves to try to find AAX's executives. Some showed up at the Hong Kong headquarters, only to find it deserted. Another user appeared at their Singaporean coworking space, also to find it empty. Users have been posting leaked personal identity documents of listed executives on Telegram, hoping to locate them.
Oracle attack on Helio, enabled by a separate hack on Ankr, allows attackers to steal $15 million
Ankr defi project exploited for over $5 million
The attacker, and possible subsequent copycat attackers, used a vulnerability in the project smart contract to mint quadrillions of aBNBc, which they then swapped to various other tokens.
Binance halted trading on aBNBc tokens, as well as on HAY tokens, a stablecoin project that was subsequently exploited. Ankr also tweeted that "We have been in touch with the [decentralized exchanges] and told them to block trading", although decentralized exchanges are typically not supposed to be able to "block trading".
Ankr later blamed the hack on an employee, who they say had inserted malicious code into the protocol that was used to exfiltrate the private key.
Maersk and IBM announce the discontinuation of their blockchain-based TradeLens platform
The idea was to use a private blockchain to "promote more efficient and secure global trade" by allowing shipping companies to share information including shipping container contents and tracking. However, it was apparently tough to convince these companies to actually adopt the project, and Maersk and IBM pulled the plug.
Auros misses loan payment due to FTX exposure
In total, Auros has 8,400 wETH (~$10.7 million) and $7.5 million in USDC in loans from M11 credit pools, plus another $2.4 million in loans from the Clearpool defi lending project, for a total of more than $20 million in unsecured loans.
Kraken pays over $360,000 to settle violations of sanctions against Iran
The OFAC investigation was first revealed in July, in reporting from the New York Times.
- Settlement Agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and Payward, Inc. ("Kraken"), U.S. Department of the Treasury
Kraken lays off 1,100 employees in 30% cut
Bitso lays off more employees
The company didn't reveal how many employees were affected by the layoffs, but Portal do Bitcoin estimated that around 100 employees were let go — around 15–20% of the company's remaining staff. One employee wrote on LinkedIn that he was among "dozens" who were laid off.
- "Bitso cuts more staff in fresh round of layoffs", The Block
- "Corretora de criptomoedas Bitso faz segunda rodada de demissões no Brasil e no México", Portal do Bitcoin (in Portuguese)
Block subsidiary TBD announces they will trademark "Web5", cancels plans after completely foreseeable backlash
Who could have predicted that people might balk when TBD then announced they would try to trademark the term? Apparently they saw no irony in their attempt as a single, powerful entity to gain control over the trademark.
The same was not true of the people who responded to the post, who wrote things like, "We need to make sure web 5 is truly open by copyrighting it", and simply "🤡🤡🤡🤡🤡".
Six hours later, the company tweeted, "we have heard the community and we are responding to their concerns". They issued a statement acknowledging that "we have heard loud voices in the community who are concerned about the potential for abuse of trademark law in ways that would undermine the mission of decentralization." Gee, you think?
And no, they still haven't explained what happened to web4.
BlockFi files for bankruptcy
Because of this dependency, it was no surprise when BlockFi announced they were once again in crisis following the FTX explosion. On November 15, the Wall Street Journal reported they were preparing for possible bankruptcy and considering layoffs.
On November 28, BlockFi filed for bankruptcy. Their filing estimates they have more than 100,000 creditors (the maximum option on the form), between $1–10 billion in assets, and between $1–10 billion in liabilities.
Shitcoin project tests the limits of cringe by building $600,000 statue of Elon Musk and delivering it to Tesla HQ
The group then delivered the sculpture to Tesla HQ in Austin, Texas, and is reportedly refusing to leave until he accepts the statue. Unfortunately he may be too busy burning Twitter to the ground to have noticed.
Despite receiving press coverage in outlets including the Wall Street Journal, Fox Business, and USA Today, the project has as of yet failed to achieve much of a pump, and the token is trading around where it was several months ago. I've not named the token here in the hopes of not contributing to the goals of their viral marketing stunt.
150 companies seek Binance's bailout for organizations "facing significant, short term, financial difficulties"
In a blog post outlining the $1 billion initiative, Binance also divulged that "we have already received around 150 applications from companies seeking support under the [Industry Recovery Initiative]" — only a week and a half after it was announced.
Lemon Cash crypto exchange lays off almost 40% of its staff
Lemon had closed a $44.1 million series A funding round earlier this year, which they kicked off in July 2021.
- "Carta abierta a la comunidad" ["Open letter to the community"], Lemon Cash blog (in Spanish)