Orion Protocol CEO Alexey Koloskov wrote a Twitter thread confirming the attack, but claiming that although they weren't sure how the hack was perpetrated, it wasn't due to the fault of their own code. Koloskov wrote that he thought the issue "might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers."
Orion Protocol suffers $2.9 million hack
Bonq defi borrowing project exploited
The attacker quickly bridged the tokens to the Ethereum chain and swapped them for ETH and USDC, collectively worth around $1.7 million. The price of ALBT plunged around 50%, and the BEUR Euro-pegged stablecoin significantly lost its peg.
Bitcoin community erupts over "Ordinals": Bitcoin-based NFTs
Following the change, Bitcoin block sizes have reached all-time highs nearing 2.5 MB. Some are not thrilled that the size of the chain is ballooning with what they view to be junk data, given the whole thing needs to be recorded forever.
Longtime Bitcoin Core developer Luke Dashjr described Ordinals as a "spam attack" and an "attack on Bitcoin's fungibility", warning they would "break" the major Bitcoin-based projects Lightning and CoinJoin. He has argued that the miners should begin filtering the transactions as spam, which brought strong reactions from some in the community who pushed back that Bitcoin should be censorship resistant. "1) Bitcoin hasn't been censorship-resistant since mining centralisation. 2) Censorship resistance is about censorship, not fighting spam/attacks," he replied. Dashjr's fellow Core developer Adam Back also seemed unimpressed with the project, tweeting about Ordinals' "sheer waste and stupidity".
Ordinals are not the first Bitcoin-based NFTs, but they are the most recent and perhaps the most popular. On February 9, an "Ordinal Punk" — a Bitcoin-based homage to Ethereum's CryptoPunks — sold for 9.5 BTC (~$218,000).
Rally sidechain shuts down with under a day's notice, taking users' tokens with it
Fans of creators including Felicia Day (actress and famous nerd), Brandon Powell (LA Rams wide receiver), and Portugal. The Man (rock band) may be disappointed, however, because Rally announced with under one day of notice that they would be shutting down. "This means that after today, the site will no longer be supported and you may experience a degradation in services or it may simply become inoperable. Additionally, since NFTs on the Rally sidechain are not transferable to mainnet, these will not be accessible once the site shuts down," they wrote in an email. The project also deleted its Twitter account.
The group behind the Rally Network had raised $57 million in funding in 2021, and was backed by VCs including Andreessen Horowitz.
Bankrupt FTX tries to claw back $446 million from bankrupt Voyager
In FTX's ongoing efforts to dig through the proverbial couch cushions in search of any funds that could be used to fill the gaping hole in its balance sheet, the firm has sued Voyager, a crypto broker that filed for bankruptcy in July, to try to recoup $446 million in funds that were "preferentially transferred" to Voyager when it filed for bankruptcy.
The lawsuit alleges that Voyager served as a "feeder fund" that "solicited retail investors and invested their money with little or no due diligence in cryptocurrency investment funds like Alameda and Three Arrows Capital".
Tesla lost $140 million trading Bitcoin in 2022
Tesla sold most of its Bitcoin in Q2 2022, following the grand crypto tradition of buying high and selling low.
Now, according to SEC filings, Tesla suffered a net loss of $140 million in 2022 thanks to the gamble. Their reported $64 million in trading profits were eclipsed by their $204 million loss. Tesla still holds somewhere around 11,000 BTC.
- "Tesla records $140M Bitcoin net loss in 2022", CoinTelegraph
New York regulator investigates Gemini over FDIC claims
When concerned customers contacted Gemini customer support to ask if their funds were safe at Gemini, in the wake of the collapses throughout the crypto industry, they were reassured by customer support that the fiat currency held by Gemini to back their GUSD stablecoin was held in accounts that were eligible for FDIC insurance. Some customers took this to mean that their holdings with Gemini were safe and protected from the possibility of trouble at Gemini: something they've now discovered was not the case, as customers of Gemini's Earn program cannot withdraw their funds.
Cryptocurrency companies misleading or outright lying to customers about FDIC insurance has been something of a trend this year. In July, the Federal Reserve and FDIC sent a cease-and-desist letter to the bankrupt Voyager cryptocurrency broker, demanding they stop claiming that their USD-denominated funds at the company were protected by FDIC insurance (they weren't). Several weeks later, the FDIC sent a similar letter to FTX US, also demanding they stop making misleading statements about deposit insurance.
Hacked Azuki Twitter account enables theft of pricey NFTs and crypto priced at more than $1.74 million
Stolen NFTs included 74 Otherdeeds (floor price ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.
One single wallet transferred 750,000 of the USDC stablecoin to the attacker, resulting in a particularly brutal loss for one individual.
- One of the attacker wallets on Etherscan
- Another attacker wallet on Etherscan
Coinbase fined $3.6 million by Dutch central bank
Bithumb executives charged with embezzlement
In December, the largest Bithumb shareholder, Park Mo, was found dead outside his home in an apparent suicide after he was named as a suspect by prosecutors in an investigation into embezzlement and stock manipulation.
Korean prosecutors had previously charged the former chairman of Bithumb over an alleged $100 million in fraud, though he was acquitted for lack of proof.
Kevin Rose loses pricey NFTs to wallet hack
The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.
Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.
FBI pins the Harmony Bridge hack on North Korea
Now, the FBI has accused two groups of North Korean hackers — Lazarus and APT38 — of perpetrating the Harmony hack. The groups then used Tornado Cash and RAILGUN to launder the funds.
Porsche bungles NFT roll-out
Unfortunately for them, things didn't quite go as planned, with collectors balking at the high pricetag. Mints slowed to a crawl far before the 7,500 limit was reached, and the NFTs quickly began trading at a discount on secondary markets (meaning it was cheaper to buy a resold NFT than mint a new one).
Porsche decided to pump the brakes on the mint when fewer than 2,000 had sold. However, they botched that too — they announced they had stopped the mint before they actually did so, which caused the collection's secondary floor price to rise back above the mint price in anticipation of higher scarcity. Observant traders who noticed this were able to arbitrage the price difference, minting new NFTs and immediately flipping them for a profit on secondary markets.
NFT collectors criticized Porsche for appearing to try to jump into web3 without knowing the space, and asking for an exorbitant mint price without a clear plan.
Wormhole hacker becomes the third largest holder of stETH
Ultimately, the Wormhole hacker became the third-largest holder of stETH as a result. The size of the swaps was so large that it moved the stETH market, increasing trading volume by 3000% and temporarily causing the asset to move above its usual 1:1 peg with Ethereum.
The move, which many crypto enthusiasts took as an indication that the Wormhole hacker was a "crypto degen", is unlike the activities of many crypto hackers, who typically try to launder the money and exit into fiat rather than keep it within the crypto ecosystem.
Gemini lays off 10% of staff amid troubles
Gemini has been having a rough time lately, trying to recoup $900 million of their customers' funds from Genesis, and facing charges from the SEC that their Earn product was an unregistered securities offering.
Binance announces that users won't be able to use SWIFT for transfers below $100,000
Signature Bank has suggested it intends to step back somewhat from the crypto industry. It is one of the relatively few US banks that services crypto clients, and provided services to FTX among others.
Patrick McKenzie speculated that the change might have been related to AML/KYC, and Binance's "Bond villain compliance strategy".
Nexo fined $45 million by US SEC
In a spin attempt rivaling those of Olympic gymnasts, Nexo wrote that the large fine was good, actually: "Nexo believes that the company has been recognized for what it truly is - a pioneer, like Uber and Airbnb, providing disruptive solutions in a fast-paced environment," they wrote.
In February, following similar action against BlockFi, Nexo stopped offering their interest program to new customers in the US. Now, Nexo will also stop offering its lending product to US customers as part of the settlement agreement.
- "Nexo Agrees to Pay $45 Million in Penalties and Cease Unregistered Offering of Crypto Asset Lending Product", United States Securities and Exchange Commission
- "Crypto Lender Nexo Is Fined $45 Million as Crackdown Widens", The New York Times
Genesis files for bankruptcy
It remains to be seen what the impact of a Genesis bankruptcy may have on its parent company, Digital Currency Group (DCG). DCG owes Genesis more than $1.65 billion, according to bankruptcy filings, including a $1.1 billion promissory note created to absorb Genesis losses in the Three Arrows Capital collapse.
- "Genesis, a Crypto Lending Firm, Files for Bankruptcy", The New York Times
Founder of Bitzlato crypto exchange charged for processing more than $700 million in illicit funds
- "Founder and Majority Owner of Bitzlato, a Cryptocurrency Exchange, Charged with Unlicensed Money Transmitting", U.S. Attorney's Office, Eastern District of New York
Three Arrows Capital founders seek funding for an exchange to enable customers to trade claims against firms 3AC helped to bankrupt
The group is seeking $25 million to create a cryptocurrency exchange they're calling "GTX" for now — which they write in the pitch deck is "because G comes after F".
Not only that, but the exchange plans to focus on claims trading — that is, the trading of claims held by creditors against debtors who are undergoing bankruptcy proceedings, like FTX, Celsius, BlockFi, or Mt. Gox (throwback!). The fact that 3AC was a major catalyst in kicking off the string of bankruptcies we saw throughout 2022 was not lost on observers, with Nic Carter of the Castle Island venture capital firm commenting that the endeavor "is akin to arsonists returning to the scene of the crime and offering to charge their victims for buckets of water".
NFT GOD's wallet drained, accounts used to phish others after malware infection
According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.
The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.
LendHub reports $6 million hack
Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. The attacker was able to mint and redeem tokens in the old market, while borrowing against them in the new one, ultimately making off with the majority of the assets on the platform.
Nexo raided by Bulgarian authorities
Authorities charged four individuals with various crimes shortly after the raid. Two were arrested and released on bail; authorities are still looking for the other two. Police have also confiscated money, computers, and crypto assets.
Within a 24-hour period after the raid was announced, Nexo experienced $45 million in withdrawals — about the same amount they normally process in an entire week — as customers rushed to get their money off the platform.
FTX liquidators get liquidated
This SNAFU unfortunately means that those assets won't be available to be repaid to FTX customers, although this loss is relatively small compared to the total amount owed.
SEC charges Gemini and Genesis for allegedly offering unregistered securities
On November 16, Gemini halted withdrawals from Earn after Genesis halted withdrawals after FTX collapsed. Since then, Gemini and Genesis have been engaged in a very public battle, with Gemini's founders accusing Genesis and its parent company of misconduct and demanding the return of the $900 million in Gemini customer funds.
- "SEC Charges Genesis and Gemini for the Unregistered Offer and Sale of Crypto Asset Securities through the Gemini Earn Lending Program", U.S. Securities and Exchange Commission
Coinbase lays off nearly 1,000 people in second round of layoffs over the last year
Like the first round of layoffs, they were performed via email to employees' personal emails, because access to internal systems had already been cut off. The public blog post acknowledged that the strategy "feels sudden and harsh".
Huobi performs 20% layoff, reportedly requires employees to take salary in stablecoins
Crypto reporter Colin Wu has also reported that the company is requiring all employees to begin accepting their salaries in Tether or USDC stablecoins, or face dismissal. Rumors on Twitter emerged that internal communications channels had been shut down to quell dissent over the change.
Some crypto advocates commenting on the change maintained that there should be no difference to employees if they receive salaries in stablecoins vs. real money, but none seemed able to elucidate any legitimate reason that an exchange might find itself unable to pay salaries except in stablecoins.
At least they're not being asked to take salaries in USDD, the Tron-based stablecoin associated with Justin Sun. USDD depegged even further from its peg (which has been unstable since around October 2022), dipping to around $0.97.
Developer of Mutant Ape Planet NFT project charged in $2.9 million rug pull
Michel said in his defense that he "never intended to rug but the community went way too toxic". In a press release, an IRS Special Agent stated, "Michel can no longer blame the NFT community for his criminal behavior."
Mutant Ape Planet — though clearly based on it — is unaffiliated with the Mutant Ape Yacht Club project, a Yuga Labs-created spin-off of their own Bored Ape Yacht Club.
- "Non-Fungible Token (NFT) Developer Charged in Multi-Million Dollar International Fraud Scheme", U.S. Attorney's Office of the Eastern District of New York
Genesis lays off another 30% of staff
Genesis is currently in a really bad spot, halting withdrawals from their lending arm in the wake of the FTX collapse and warning of bankruptcy shortly afterwards. The company owes $900 million to customers of Gemini, and Gemini's CEO recently sent an open letter to Genesis's parent company demanding the funds be returned.
Silvergate bank takes $718 million loss liquidating debt during FTX collapse
Silvergate announced that they would be cutting 40% of their staff — around 200 employees. They also announced that they would be taking a $196 million impairment charge on assets they purchased from Diem — Facebook's blockchain-based payment system once known as Libra. "Given the significant changes in the digital asset industry landscape, this charge reflects the Company’s belief that the launch of a blockchain-based payment solution by Silvergate is no longer imminent," they wrote.
Silvergate's stock plunged 41% on the news.
- "Silvergate Raced to Cover $8.1 Billion in Withdrawals During Crypto Meltdown", The Wall Street Journal
- "Silvergate Capital cutting headcount 40%, takes $196M impairment charge", Seeking Alpha
- "Silvergate Announces Select Preliminary Fourth Quarter 2022 Financial Metrics and Provides Business Update", Seeking Alpha
New York Attorney General sues Celsius CEO Alex Mashinksy for defrauding investors
The lawsuit seeks to permanently bar Mashinsky from engaging in similar business in the state, and seeks disgorgement, damages, and restitution.
- "Attorney General James Sues Former CEO of Celsius Cryptocurrency Platform for Defrauding Investors", New York Attorney General
Sports company Fanatics jettisons its majority stake in NFT company Candy Digital
Fanatics purchased a 60% stake in Candy Digital in a $100 million Series A round in October 2021. Now, they've sold the stake to a group of investors led by Galaxy Digital for an undisclosed amount, in what Rubin wrote was "a rather straightforward and easy decision". He highlighted Fanatics' ability to "realize [when] things aren't working", he wrote in the email.
Logan Paul threatens to sue CoffeeZilla for exposing his (alleged) grift
After many attempts over the span of a year to contact Paul, directly and via his manager (who CoffeeZilla did speak with), Paul has claimed that CoffeeZilla made no attempts to get his side of the story. Instead of addressing any of the many well-researched claims about the flagrant (alleged) grift that Paul has been perpetrating, he has instead reacted in typical (alleged) cryptoscammer fashion: by threatening to sue CoffeeZilla.
NFTs reportedly stolen from influencer CryptoNovo, flipped for at least $525,000
The thief quickly flipped all of the NFTs for around 417 ETH ($525,000). It's unclear if one of the CryptoPunks was stolen, as it was transferred to a wallet to whom CryptoNovo has previously made transfers, but that NFT too was sold for 75 ETH ($94,200).
The thief made a pretty penny, but the loss to CryptoNovo is more substantial based on how much money they spent on the NFTs. They had purchased the Bored Ape in August 2021 for 30 ETH (then around $100,000), and CryptoPunk #4608 in September 2021 for 290 ETH (then $850,000).
The attack appears to have been phishing-related.
Coinbase settles with New York regulators, set to pay $100 million
Early last year, Coinbase was ordered by regulators to hire an outside monitor to oversee compliance. Under the settlement agreement, Coinbase will be required to continue the monitoring for at least another year as it works to improve its compliance.
- "Coinbase Reaches $100 Million Settlement With New York Regulators", The New York Times
Fake NFTs listed under verified collections on Magic Eden marketplace
Magic Eden acknowledged the issue in a tweet, asking users to contact their support if they had bought any of the fake NFTs. Various users on Twitter had reported buying the spoofed NFTs, paying 20–50 SOL ($266–$666) for fake NFTs that appeared as though they were a part of a verified collection that usually sold for around 165 SOL ($2,200).
Clicking in to the NFT details showed that they were a part of a different collection that was not verified, but they appeared in listings among the verified NFTs, and were in some cases quickly purchased by collectors who thought they were taking advantage of a seller's mistake in listing the NFT.
Crypto payments platform Wyre to shut down or "scale back"
Giannaros told Axios that the company was "still operating but will be scaling back".
Hackers steal $3.2 million from GMX whale
The sudden sale of such a large number GMX tokens (which are comparatively illiquid compared to much larger cryptocurrencies like Ethereum) caused the price to suddenly drop from ~$41.50 to ~$38 per token, though the token price recovered fairly quickly. GMX is the native token for the defi exchange of the same name.
- "Hackers steal $3.5M worth of digital assets from GMX whale", Cointelegraph
Users of several NFT marketplaces see porn, Big Bang Theory stills appearing instead of their NFT images
"What the fuck is happening, why my 5 years old kid watching porn JPEGs on [Magic Eden's] website" tweeted one shocked user.
The issue was resolved fairly quickly, although some visitors continued to see the unsavory images for a while longer due to browser caching.
Streamer and crypto founder DNP3 admits to gambling with investor funds
On January 3, he released a statement on Twitter explaining that he had become addicted to gambling over the past year — specifically mentioning his use of the Stake cryptocurrency casino. He wrote, "Every dollar I could find I would put into Stake in hopes of winning big. Even when the big wins did happen it wasn’t enough. Eventually I lost everything. In addition to my own life savings, I also irresponsibly used investor funds to try and 'get my money back' from the casino which was wrong for so many reasons."
The impact on the projects he created — and those who put money into them — is not yet fully clear.
Hacker drains the wallet of the RTFKT crypto project's COO
Gopalani tweeted that "I was hacked by a clever Phisher (same phone # as apple ID) & sold all my clone x / some other nfts... Obviously pretty upset and hurt by this and I havent really been able to move all day." He didn't provide further details, but a tweet by RTFKT CTO Samuel Cardillo suggested that Gopalani may have provided passwords or private keys to a phisher.
Gemini founder writes open letter to Barry Silbert begging for the return of $900 million
On January 2, Cameron Winklevoss — one of the twin brothers who operates Gemini — published an open letter on Twitter to Barry Silbert, the founder and CEO of DCG, which is the parent company of Genesis. DCG also has a substantial amount of money that they have borrowed from Genesis.
"More than 340,000 Earn users ... are looking for answers. These users aren't just numbers on a spreadsheet, they are real people. A single mom who lent her son's education money to you. A father who lent his son's bar mitzvah money to you. A husband and wife who lent their life savings to you. A school teacher who lent his children's college funds to you. A policeman, and so many more. All together, these people entrusted more than $900 million of their assets to you," wrote Winklevoss, without any apparent self-reflection on the fact that these words could just as easily have been (and should also be) addressed to him by those same customers of his service.
Bitcoin core developer claims his wallets were compromised, more than 216 BTC (~$3.6 million) stolen
Dashjr complained on Twitter about having trouble getting in contact with the FBI about the theft. Some joked about the irony of a Bitcoin maximalist running to the FBI when his coins were stolen.
There are some questions about the veracity of Dashjr's claims, given his supposed security practices, the extent of the breach, and some of his odd comments on Twitter.
Swiss crypto broker Covario goes bust
The firm had attempted to keep up appearances that all was well, spending lavishly and even opening new offices several weeks before entering bankruptcy. However, it turns out that employee pension contributions had not been being paid since early summer. Employee salaries had not been paid since October.
- "Pleite von Zuger Krypto-Startup: PK, AHV, Löhne offen", Inside Paradeplatz (in German)
Tax loss harvesting service emerges to help collectors unload their worthless NFTs
"This tool really helped me unload those embarrassing early NFT Hype investments. Should shave about $1000 off my tax bill", a supposed user writes in a testimonial blurb on the site (although the testimonials appear to be faked).
Perhaps someone has finally found a viable crypto business model after all.
Wallets linked to Sam Bankman-Fried's Alameda Research unexpectedly begin selling off $1.7 million in tokens
Altogether, an estimated $1.7 million was moved through various services to obfuscate the flow of funds.
3Commas finally owns up to API key leak
3Commas did not come off looking very good after this incident, after they spent weeks denying any breach and accusing those who were concerned 3Commas had been compromised of spreading misinformation and "FUD".
Researcher zachxbt wrote that he had verified 44 victims who had lost a combined $14.8 million due to the leak, although he acknowledged that this was only the number of people he could verify and that the total number of people affected was likely much higher.
Midas Investments platform closes after revealing they're $63.3 million in the hole
Users with assets on the platform will see a significant haircut in what they are allowed to withdraw. Midas intends to keep 55% of the Bitcoin, ETH, or stablecoins held by users in their accounts, as well as any rewards users had earned.
Lest the users be too upset that more than half of their assets no longer belong to them, fear not: Midas will be making up the difference in a new, valueless token that does not yet exist, but that will be associated with some future project that Midas has not described yet. You're welcome!
They've also announced they will be pivoting to "CeDeFi". Yes, that is indeed short for "centralized decentralized finance". No, I am not joking.
Mango Markets exploiter arrested despite claiming all his actions were legal
It quickly became apparent that a man named Avraham Eisenberg was behind the exploit. In screenshots leaked from a conversation in a private Discord channel shortly before the attack, Eisenberg talked about the exploit he had planned. "I'm investigating a platform that could maybe lead to a 9 figure payday. Should I do it?" he wrote. When someone replied, "unles[s] it is highly illegal", Eisenberg responded: "Are there rules these days?" When someone suggested responsibly disclosing the vulnerability to the protocol, Eisenberg refused, saying the bug bounty was likely to be too small.
Eisenberg later owned up to the attack, tweeting a thread in which he wrote that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are."
The feds apparently disagreed with his evaluation, and arrested Eisenberg in Puerto Rico on December 26. He is charged with commodities fraud and commodities manipulation.
BTC.com suffers $3 million attack
BTC.com is the seventh largest Bitcoin mining pool, which also operates other crypto mining services. Its parent company, BIT Mining, is publicly traded on the NSYE.
- "Bitcoin mining pool BTC.com reports $3M cyberattack", Cointelegraph
- "BIT Mining Limited Subsidiary Experiences Cyberattack", press release