Web3 is Going Just Great

Raydium claims the exploit was a trojan attack, though they've provided no further evidence to substantiate this. According to Raydium, a trojan allowed an attacker to compromise the private key belonging to the pool owner account. With control over the private key, the attacker was able to withdraw a mix of assets from the pools. They bridged at least $2 million to Ethereum and tumbled them through Tornado Cash; another $1.5 million remained on the Solana chain, where some projects began freezing assets.

Raydium has offered a 10% "bug bounty" to the hacker if they return the stolen funds.

On December 7, a branch of Mazars Group had published a "proof of reserves" report for Binance — though it only accounted for Bitcoin, and did not reflect liabilities for Binance's lending product. On December 9, Crypto.com also published a "proof of reserves" report that had been produced by the firm.

As of December 16, the Binance audit — which had been hosted on Mazar's website — had been deleted.

"Proof of reserves" reports have been offered by various cryptocurrency exchanges in lieu of proper audits, but have reasonably failed to reassure many customers of those exchanges. These reports do not involve the scrutiny that would be applied by a full audit — they only reflect a snapshot of assets at a point in time, and do not show a firm's liabilities.

Trump supporters got all excited when Trump posted on social media to tease a "major announcement". Was he going to run for speaker of the House? Return to Twitter? Unveil a presidential running mate?

His supporters were surprised — and not exactly thrilled — when the announcement turned out to be a collection of 45,000 NFTs (sorry, "digital trading cards") featuring artwork of himself in heroic outfits and poses. The NFTs are "just" $99 apiece, and money goes to Trump, not his campaign.

Even some of his strongest supporters were nonplussed. Steve Bannon said, "I can't do this anymore," and opined that he should fire whoever advised him to make the collection. A source working for Trump said that he is "supposed to be running for president right now", and questioned how "fleecing our supporters for $99" was in service of that goal.

Nevertheless, the NFTs seemed to sell decently well, with more than 30,000 minted by that evening.

These mass withdrawals signal concerns about Binance, whose users are looking for reassurance that the company is not engaged in similarly shady practices as their now bankrupt rival FTX. Recent news that the US Department of Justice is considering criminal charges against the company has not helped reassure customers.

As a result of the inadvertent publication of bankruptcy documents, the London Stock Exchange and Nasdaq paused trading on the company's stock. The company published a statement saying they had requested trading be re-enabled, since they had not actually filed for bankruptcy (yet).

Reuters reports that Binance's defense attorneys have argued, among other things, that "a criminal prosecution would wreak havoc on a crypto market already in a prolonged downturn." Well then.

In case you were wondering, I checked, and yes. Someone has already come up with the concept of metaverse mortgages.

Personally, I'm excited to see other horrific parts of the system of homeownership get recreated virtually. Metaverse homeowners associations. Metaverse building permit red tape. Metaverse NIMBYs. Metaverse property liens. Metaverse neighborhood watch.

According to Lodestar, they think they may be able to recover around $2.4 million of the stolen funds. Meanwhile, they have attempted to contact the thief to try to negotiate the return of stolen funds. "We will generously reward your collaboration," they wrote on Twitter.

Now it has come to light that McCaffrey had actually taken a series of loans amounting to $43 million from Sam Bankman-Fried, founder of the now-collapsed FTX exchange and Alameda trading firm. According to McCaffrey and various others at The Block, he was the only one who knew of the arrangement.

The original $12 million loan was used for the company buyout. Another $15 million loan in January 2022 went towards company operations. A third $16 million loan was used... to buy personal real estate in the Bahamas.

Meanwhile, The Block's disclosures page reads, "It is critical that The Block is fully transparent about our own financial holdings so as to avoid any appearance of bias or impropriety. The most valuable asset that we hold and strive to earn again every day is our reader's trust. Therefore, we have implemented a financial disclosure policy that is industry leading."

The promoters listed in the lawsuit are: talent manager Guy Oseary, digital artist Beeple, Madonna, Paris Hilton, Jimmy Fallon and related entities, Justin Bieber, Gwyneth Paltrow, Serena Williams, Diplo, Post Malone, Snoop Dogg, Kevin Hart, the Chainsmokers, Steph Curry, Future, The Weeknd, DJ Khaled, and Adidas.

An investigation by OKHotshot has reported that Sierra rug pulled the NFT project, using project funds to wash trade her own NFTs before cashing out. In total, she withdrew 120 ETH (at the time worth around $316,000; today worth around $151,000). Throughout, Sierra claimed that "absolutely none of the funding has been taken by founders".

In addition to the allegations around her NFT project, OKHotshot identified other shady behavior by Sierra, such as pumping-and-dumping other NFTs she'd purchased, and placing lowball offers in $DAI on big-ticket NFTs, hoping that their owners would mistake them for ETH.

After OKHotshot published the thread, Sierra blocked them on Twitter, and deleted the NFT project's Twitter account and website.

Some of Digital Surge's customers reported having entrusted the company with hundreds of thousands of dollars from their superannuation funds (retirement pension). "I lost everything," said one customer who had put his entire superannuation of more than AU$150,000 (~US$102,000) into his Digital Surge account, where it is now frozen.

However, NFTs that had been minted on the FTX platform relied on metadata from an API at that domain, meaning that the NFTs are now pointing to broken links. Owners of these NFTs can still see that the NFT exists, but images no longer work—even when viewing the NFTs in their own wallets, or when listing them for sale on other platforms.

Other projects that rely on the FTX NFT platform's API, such as the Coachella NFT project, also broke: the Coachella NFT platform shows 0 NFTs in existence. Those NFTs still show up where they are listed on external NFT platforms, although the images and metadata are broken.

The layoffs were reportedly "terribly" executed, with days of uncertainty and employees receiving little or no notice before being fired.

Swyftx's CEO admitted the company had grown too fast. He attributed the decision to the continued downturn in the crypto market and shaken trust as a result of FTX, though Swyftx says they had no direct exposure to the bankrupt crypto exchange.

On December 3, Orthogonal Trading admitted to Maple that they were unable to meet loan repayments. The group was unable to repay a $10 million loan due the following day. The group has $36 million in liabilities across various loans on Maple's USDC and wETH pools.

Orthogonal Credit, a sister group to Orthogonal Trading, published a blog post distancing themselves, writing that they were "shocked and dismayed" by Trading's misrepresentation. "We are speechless by the extent of the exposure and liquidity position of Orthogonal Trading’s book of business," they wrote. They attributed the insolvency to FTX exposure.

In a Twitter thread, Bybit CEO attributed the layoffs to the "deepening bear market" and said the layoffs touch all departments.

"We are all saddened by the fact this reorganisation will impact many of our dear Bybuddies and some of our oldest friends," he wrote. On the bright side, they no longer have to be called "Bybuddies".

Gemini has formed a creditor committee to try to recoup funds from Genesis, as well as Genesis parent company DCG.

On November 28, the company's vice president for global marketing and communications acknowledged that he had resigned from the company, explaining on Twitter that "I did fight for the community but none of the initiatives we came up with were accepted."

Upon realizing that the exchange was unlikely to resume withdrawals, some customers have taken it upon themselves to try to find AAX's executives. Some showed up at the Hong Kong headquarters, only to find it deserted. Another user appeared at their Singaporean coworking space, also to find it empty. Users have been posting leaked personal identity documents of listed executives on Telegram, hoping to locate them.

The attacker, and possible subsequent copycat attackers, used a vulnerability in the project smart contract to mint quadrillions of aBNBc, which they then swapped to various other tokens.

Binance halted trading on aBNBc tokens, as well as on HAY tokens, a stablecoin project that was subsequently exploited. Ankr also tweeted that "We have been in touch with the [decentralized exchanges] and told them to block trading", although decentralized exchanges are typically not supposed to be able to "block trading".

Ankr later blamed the hack on an employee, who they say had inserted malicious code into the protocol that was used to exfiltrate the private key.

The idea was to use a private blockchain to "promote more efficient and secure global trade" by allowing shipping companies to share information including shipping container contents and tracking. However, it was apparently tough to convince these companies to actually adopt the project, and Maersk and IBM pulled the plug.

In total, Auros has 8,400 wETH (~$10.7 million) and $7.5 million in USDC in loans from M11 credit pools, plus another $2.4 million in loans from the Clearpool defi lending project, for a total of more than $20 million in unsecured loans.

The OFAC investigation was first revealed in July, in reporting from the New York Times.

The company didn't reveal how many employees were affected by the layoffs, but Portal do Bitcoin estimated that around 100 employees were let go — around 15–20% of the company's remaining staff. One employee wrote on LinkedIn that he was among "dozens" who were laid off.

Who could have predicted that people might balk when TBD then announced they would try to trademark the term? Apparently they saw no irony in their attempt as a single, powerful entity to gain control over the trademark.

The same was not true of the people who responded to the post, who wrote things like, "We need to make sure web 5 is truly open by copyrighting it", and simply "🤡🤡🤡🤡🤡".

Six hours later, the company tweeted, "we have heard the community and we are responding to their concerns". They issued a statement acknowledging that "we have heard loud voices in the community who are concerned about the potential for abuse of trademark law in ways that would undermine the mission of decentralization." Gee, you think?

And no, they still haven't explained what happened to web4.

Because of this dependency, it was no surprise when BlockFi announced they were once again in crisis following the FTX explosion. On November 15, the Wall Street Journal reported they were preparing for possible bankruptcy and considering layoffs.

On November 28, BlockFi filed for bankruptcy. Their filing estimates they have more than 100,000 creditors (the maximum option on the form), between $1–10 billion in assets, and between $1–10 billion in liabilities.

The group then delivered the sculpture to Tesla HQ in Austin, Texas, and is reportedly refusing to leave until he accepts the statue. Unfortunately he may be too busy burning Twitter to the ground to have noticed.

Despite receiving press coverage in outlets including the Wall Street Journal, Fox Business, and USA Today, the project has as of yet failed to achieve much of a pump, and the token is trading around where it was several months ago. I've not named the token here in the hopes of not contributing to the goals of their viral marketing stunt.

In a blog post outlining the $1 billion initiative, Binance also divulged that "we have already received around 150 applications from companies seeking support under the [Industry Recovery Initiative]" — only a week and a half after it was announced.

Lemon had closed a $44.1 million series A funding round earlier this year, which they kicked off in July 2021.

CoinList lost $35 million in the June Three Arrows blowup. Shortly after the FTX collapse, CoinList claimed to have "no material exposure to FTX, FTT, Alameda or any credit exposure to any affiliate of FTX". However, they stopped processing withdrawals shortly after.

Iris Energy's stock has plummeted to $1.66, down 93% from its $24.80 peak when the stock first began trading a year ago.

New York has been the home of some battles against crypto-miners who have set up shop at dormant fossil fuel plants. The Greenidge Bitcoin mining operation near Seneca Lake has been the locus of some particularly bitter battles against the industry: a dormant coal power plant that was converted to natural gas and devoted to Bitcoin mining in 2019, its permit renewals have been the focus of fierce protests. It will not be affected by this particular legislation, which only bans mining operations who have not already submitted applications for new or renewed permits.

The Wall Street Journal then reported that Genesis had been seeking a $1 billion emergency loan due to a "liquidity crunch due to certain illiquid assets on its balance sheet".

The halting of withdrawals from Genesis' lending business has already had major downstream impacts, as it is a major partner of other crypto lending services. Gemini and Coinhouse both followed Genesis in suspending withdrawals, as did other firms including Donut and GOPAX.

A Genesis bankruptcy would be a monumental event in crypto, with enormous downstream exposure.

This was not helped by Grayscale's response to those in crypto who were pushing Grayscale to follow suit with some other crypto platforms and publish proof of reserves. Grayscale announced that "due to security concerns, we do not make such on-chain wallet information and confirmation information publicly available through a cryptographic Proof-of-Reserve, or other advanced cryptographic accounting procedure". They did not elaborate on what these "security concerns" might be, and stoked fears in some that the company might not have the backing they ought to have.

Grayscale published a letter from Coinbase that basically said "we have Grayscale's assets, we promise", which did not seem to assuage the fears that have formed around centralized entities promising they have the assets they claim. This is understandable, given that FTX made similar promises, only to collapse.

Since then, there has been little communication and a series of shady activities. According to HOO CEO Rexy Wang on Twitter on July 15, Hoo employee and former Binance head of security Fang Wenbin (known as "Top") "took advantage of his position at Hoo to delete the company system privately, causing everyone in the company to be unable to access the system, resulting in a temporary failure of the main domain name". Top replied to allege that, "Rexy himself has transferred most of the assets from the platform. Employee salaries and platform users cannot withdraw coins".

At some point after that, Wang made his Twitter private. Hoo's social media channels have been inactive. On November 18, the exchange website was replaced with a post that identified the "Hoo de facto controller", Xu Tong Hua, and said: "Currently all permissions for Hoo's wallet and website programs are controlled by Mr Xu, so please contact the official email if you have any questions."

Meanwhile, customers have been active on social media complaining about the apparent fraud, and some have formed an informal group pushing for legal action against Hoo.

ASX will write off the AU$245–$255 million (US$164–$170M) they have poured into the project, and start again on designing a replacement for the CHESS system.

The suit alleges that the celebrities violated the anti-touting provisions of securities laws by failing to disclose the nature, scope, and amount they were compensated to promote the platform.

Nestcoin had nearly all of the funds remaining from their $6.45 million funding round locked in FTX — approximately $4 million.

The company said in a blog post that they were "working with the Genesis team" to restore withdrawals. Like Genesis, they tried to urge that the issue would not affect other Gemini products. However, a service outage that same day did little to strengthen trust in the company.

They urged in their announcement that the decision would not impact their trading or custody businesses — though if I was a user of their other services I might not be feeling so reassured given crypto companies' poor track record of segregating operations.

Genesis has about $2.8 billion in total active loans as of the end of September 2022.

This is not the first crisis for Genesis this year. The firm lost hundreds of millions due to exposure to the Three Arrows Capital collapse, and in August announced layoffs of 20% of their employees.

Ten of the NFTs in the collection came with lifetime passes to Coachella, and sold for six figures. Each year, the NFT holder has to go through the redemption process to obtain their festival pass.

Many of the token owners bought their NFTs with FTX and simply left them in their accounts on the platform. Some were able to transfer their tokens before FTX's NFT platform stopped operating, but many did not.

Now, the Wall Street Journal reports that BlockFi has been considering layoffs, and has been in talks with bankruptcy attorneys about a possible Chapter 11 filing.

Although BlockFi disputed reports that they had been custodying client assets at FTX, they acknowledged that they had "significant exposure to FTX and associated corporate entities that encompasses obligations owed to us by Alameda, assets held at FTX.com, and undrawn amounts from our credit line with FTX.US".

This not entirely unlike someone trying to sell you a house that is "otherwise sturdy, but in an engulfed-in-flames crisis".

He says the project is intended to reduce the "cascading negative effects of FTX", underscoring how nervous this whole debacle is making other players in the industry.

He announced that they would continue trading their remaining assets, and continue operating their venture fund. However, he said the future of the hedge fund was unclear, and likely to depend on what happens with FTX customer withdrawals.

"I'm pretty disgusted with the space as a whole and kinda humanity in general," he continued. "I'm at a loss for words at the depth & breadth of the pieces of shit that permeate crypto. So many fucking sociopaths were granted the opportunity to do so much damage. It's hard for me to imagine the space bouncing back quickly from this ordeal. Too many got burned too hard."