The attacker was able to swap their tokens for 931 ETH ($1.57 million), which they then laundered through Tornado Cash.
"There's no excuse for an exploit, but these things happen," the project wrote on Twitter.
...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
The attacker was able to swap their tokens for 931 ETH ($1.57 million), which they then laundered through Tornado Cash.
"There's no excuse for an exploit, but these things happen," the project wrote on Twitter.
Pierce had made posts on Twitter, including writing shortly after he was fired from ESPN that "ESPN I don't need you. I got EthereumMax. I made more money with this crypto in the past month than I did with y'all in a year. TRUTH shall set u Free". The SEC pointed out that although he had been given EMAX tokens prior to the post, they were priced at around $46,000, not nearly the more than $1 million he'd made at ESPN over the previous year. Pierce later made a post claiming that he held more than $2.5 million of EMAX tokens, but the SEC alleged in the lawsuit that "his own personal holdings were in fact far lower" and that Pierce had been provided the screenshot of another person's holdings.
In October 2022, Kim Kardashian paid $1.26 million to settle charges over touting the same cryptocurrency, a fairly unknown token that nevertheless splashed out heavily for influencer and celebrity promotion in what appears to be a pump-and-dump scheme.
Although Loyalist had been largely inactive since October, shortly after zachxbt published his research in February 2023, Loyalist moved nearly $1 million in the DAI stablecoin out of one of the wallets identified by zachxbt.
According to the SEC, Kwon "repeatedly misled and deceived investors" about the characteristics and stability of Terra and Luna, and tricked investors into believing that a popular Korean mobile payments platform used the Terra blockchain.
Kwon has been on the run from the law since Korean authorities filed a warrant for his arrest in September 2022. An Interpol red notice followed soon after. He is reportedly hiding out in Serbia, and Korean authorities reportedly traveled there in early February to hunt for him.
The exploit was a flash loan attack that allowed them to drain some protocol pools, also causing the stablecoin to lose its dollar peg and drop to around $0.48. A team member reported on the project's Discord that "all operations are paused until we get more clarity".
The following day, the project reported they had recovered $2.4 million of the stolen funds, and were working with crypto sleuth zachxbt, who had leads as to the hacker's identity. Later that month, Platypus announced that French police had arrested two suspects, who had tried to withdraw stolen funds through Binance — to whom they had submitted identification documents for KYC purposes.
Anyway, Bitcoin seems to be having its own little resurgence of NFT mania. On February 9, an "Ordinals Punk" — the Ordinals version of CryptoPunks — sold for 9.5 BTC (~$218,000). That record has now been broken by Inscription 2042, which is not an image but rather a 1-second-long audio recording of a fart sound. The NFT reportedly sold for 12.3 BTC (~$280,000), though it's tough to verify given the lack of any sort of Ordinals marketplace.
Many of these companies have taken the (true) statement that the company's insured depository accounts at various banking institutions are FDIC insured and presented it to customers in a misleading way, and the FDIC wants them to cut it out. The FDIC also demanded websites who published statements like "Is CEX.io Safe? Yes, Cex.io is a safe crypto exchange. Actually, one of the safest on the market since they are FDIC insured..." take them down.
CEX.io is a London-based cryptocurrency exchange with comparatively low trading volume compared to its larger competitors like Binance or Coinbase.
Terra and Luna dramatically collapsed in May 2022, and South Korean authorities are still hunting for Terra leader Do Kwon, who is reportedly hiding in Serbia. Earlier this month, Korean authorities reportedly traveled to Serbia to try to locate him, but were unsuccessful.
dForce contacted the hacker via blockchain transaction, offering to negotiate a bounty. Several days later, the project tweeted that the attacker had "c[o]me forward as a whitehat", and that the funds had been fully returned. "We have agreed to offer a bounty and will drop all on-going investigation and law enforcement actions," they announced.
Nearly simultaneously, the SEC sent a Wells notice to Paxos, informing them of imminent enforcement action. According to the Wall Street Journal, the SEC told Paxos they intended to sue the company for violating investor protection laws, and that the SEC believed Binance USD was an unregistered security.
Paxos agreed to stop minting new BUSD tokens (but will continue to honor redemptions), and said in a statement that they would be ending their stablecoin-minting relationship with Binance. As for the SEC, Paxos has promised to "vigorously litigate if necessary", arguing that BUSD is not a security.
It's not quite clear the extent of the NYDFS investigation, though it joins rumors (denied by Paxos) that they were also being investigated by the US Office of the Comptroller of the Currency (OCC), which regulates banks. Paxos has a provisional banking charter, which it received from the OCC in 2021. It also has a virtual currency license, which is issued by the NYDFS.
Shortly after, the project CEO began dumping tokens on the market, cashing out 44,000 UMAMI tokens. These were ostensibly priced at $800,000, though the sell-off crashed the UMAMI price by more than 60% and ultimately netted the CEO around $380,000 of USDC.
Amidst the sell-off, a team member tried to reassure users that "the team resigned" but that also, confusingly, the "treasury assets are safe and in control of the team".
According to the SEC, Kraken had failed to register its staking-as-a-service program, which had generated $147 million in revenue.
This is not Kraken's first run-in with authorities, after paying a $360,000 fine to OFAC in November for sanctions violations.
LocalBitcoins cited "the ongoing very cold crypto-winter" as the rationale for the closure, and stated that new sign-ups would be suspended immediately. Trading will be suspended a week later, and users will have a year to withdraw Bitcoins they stored on LocalBitcoins' wallet product.
Yuga Labs has said that, following the end of the three-week-long game tournament, the Sewer Passes with non-zero scores in the game will transform into something new, with the idea that higher scorers may receive more valuable NFTs.
This, of course, incentivized users to try to cheat in the game by creating bots, changing the browser-based game code to eliminate obstacles, or access game seeds that allowed them to predict the layout of a course run. Sewer Pass holders began paying others to play their game for them — either more skilled players, or players who were using these tools. Some were charging up to 2.5 ETH (~$4,200) to obtain scores of 700,000 or more for those who hired them.
Yuga Labs has promised to review gameplay to ensure that those who cheated are disqualified. They've also warned people buying Sewer Passes after gameplay ended that if they buy a pass that is determined to have cheated, it will be worthless. Some are skeptical of Yuga's ability to accurately detect cheaters, and others have expressed concern over false positives in the game's cheat detection that appeared to be caused by slower Internet connections.
Rothschild tried to argue that his work echoes Andy Warhol's Campbell's soup cans and other "brand art".
Hermès, on the other hand, argued that Rothschild was simply a "digital speculator" hawking a "get rich quick" scheme, and trying to profit off consumers' confusion that the NFTs were an official Hermès production. They claimed they have their own plans for NFTs, and that Rothschild impeded those with his project.
Ultimately, the jury found that Rothschild had infringed upon the Hermès trademark, and awarded the company $133,000 in damages.
"[Hermès] feel they have the right to choose what art IS and who IS an artist... Not because of what they create but because their CV doesn't scream artist with a pedigree from a world class art school," accused Rothschild after the decision, though he was not actually the designer of the images used in the NFT project.
The company disclosed liabilities between $100 million and $500 million, and assets between $50 million and $100 million. In a filing, they reported they had 5,001–10,000 creditors.
By far the largest creditor is Genesis, a crypto lending firm that is also undergoing bankruptcy proceedings. Coin Cloud has a $116 million loan from Genesis, around $108 million of which is unsecured. Coin Cloud also owes a $7.6 million secured debt to crypto lending firm Enigma.
According to Coin Cloud, contributing to their bankruptcy was a $35 million deal with a vendor who they allege sold them faulty ATMs in February 2021, and with whom they are in litigation. Furthermore, in September 2021, the firm providing Coin Cloud's ATM software tried to terminate their software agreement, and pushed a software update that rendered the machines inoperable, causing days- or weeks-long outages. Coin Cloud decided to deploy unfinished ATM software that they had been using internally, and which was quickly hacked for around $6.5 million. Finally, Coin Cloud claims a chief marketing officer they hired lied about his credentials, and then spent $20 million more than he was budgeted.
Trust Wallet published a thread about the theft, characterizing it as a social engineering scam perpetrated by an "organized crime unit from Rome". However, they didn't clearly address the claims about funds being stolen via a photograph of the Trust Wallet. Trust Wallet seemed to suggest they believed that the theft may have been perpetrated via malware transmitted in a PDF containing KYC information.
Webaverse described the incident as "undoubtedly a setback", but expressed belief that they would be able to continue operating.
This comes in the wake of various crypto exchanges — Binance included — appearing to have difficulties with banking. On January 21, Binance announced that users wouldn't be able to use SWIFT for transfers below $100,000 via Signature Bank. Meanwhile, Crypto.com's Lithuanian payment processor, Transactive, has faced a crackdown from the Lithuanian banking regulator leaving Crypto.com users without access to Euro-denominated deposits and withdrawals.
Scam sleuth CoffeeZilla dug into the project in a multipart YouTube series recently, drawing legal threats from Paul. After plenty of negative publicity, Paul withdrew the legal threats and promised to develop a refund plan for some of the funds that were invested, though it is a small fraction of the money lost in the project.
Rather than wait to see if Paul comes through with refunding only a small portion of their money, a group has formed a class action lawsuit against Paul and others who helped with the project. The lead plaintiff put a total of around $3,000 into the project altogether.
The suit accuses Paul and his team of a whole host of charges including fraud, breach of contract, unjust enrichment, deceptive trade practices, negligence, and fraudulent misrepresentation.
Orion Protocol CEO Alexey Koloskov wrote a Twitter thread confirming the attack, but claiming that although they weren't sure how the hack was perpetrated, it wasn't due to the fault of their own code. Koloskov wrote that he thought the issue "might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers."
The attacker quickly bridged the tokens to the Ethereum chain and swapped them for ETH and USDC, collectively worth around $1.7 million. The price of ALBT plunged around 50%, and the BEUR Euro-pegged stablecoin significantly lost its peg.
Following the change, Bitcoin block sizes have reached all-time highs nearing 2.5 MB. Some are not thrilled that the size of the chain is ballooning with what they view to be junk data, given the whole thing needs to be recorded forever.
Longtime Bitcoin Core developer Luke Dashjr described Ordinals as a "spam attack" and an "attack on Bitcoin's fungibility", warning they would "break" the major Bitcoin-based projects Lightning and CoinJoin. He has argued that the miners should begin filtering the transactions as spam, which brought strong reactions from some in the community who pushed back that Bitcoin should be censorship resistant. "1) Bitcoin hasn't been censorship-resistant since mining centralisation. 2) Censorship resistance is about censorship, not fighting spam/attacks," he replied. Dashjr's fellow Core developer Adam Back also seemed unimpressed with the project, tweeting about Ordinals' "sheer waste and stupidity".
Ordinals are not the first Bitcoin-based NFTs, but they are the most recent and perhaps the most popular. On February 9, an "Ordinal Punk" — a Bitcoin-based homage to Ethereum's CryptoPunks — sold for 9.5 BTC (~$218,000).
Fans of creators including Felicia Day (actress and famous nerd), Brandon Powell (LA Rams wide receiver), and Portugal. The Man (rock band) may be disappointed, however, because Rally announced with under one day of notice that they would be shutting down. "This means that after today, the site will no longer be supported and you may experience a degradation in services or it may simply become inoperable. Additionally, since NFTs on the Rally sidechain are not transferable to mainnet, these will not be accessible once the site shuts down," they wrote in an email. The project also deleted its Twitter account.
The group behind the Rally Network had raised $57 million in funding in 2021, and was backed by VCs including Andreessen Horowitz.
In FTX's ongoing efforts to dig through the proverbial couch cushions in search of any funds that could be used to fill the gaping hole in its balance sheet, the firm has sued Voyager, a crypto broker that filed for bankruptcy in July, to try to recoup $446 million in funds that were "preferentially transferred" to Voyager when it filed for bankruptcy.
The lawsuit alleges that Voyager served as a "feeder fund" that "solicited retail investors and invested their money with little or no due diligence in cryptocurrency investment funds like Alameda and Three Arrows Capital".
Tesla sold most of its Bitcoin in Q2 2022, following the grand crypto tradition of buying high and selling low.
Now, according to SEC filings, Tesla suffered a net loss of $140 million in 2022 thanks to the gamble. Their reported $64 million in trading profits were eclipsed by their $204 million loss. Tesla still holds somewhere around 11,000 BTC.
When concerned customers contacted Gemini customer support to ask if their funds were safe at Gemini, in the wake of the collapses throughout the crypto industry, they were reassured by customer support that the fiat currency held by Gemini to back their GUSD stablecoin was held in accounts that were eligible for FDIC insurance. Some customers took this to mean that their holdings with Gemini were safe and protected from the possibility of trouble at Gemini: something they've now discovered was not the case, as customers of Gemini's Earn program cannot withdraw their funds.
Cryptocurrency companies misleading or outright lying to customers about FDIC insurance has been something of a trend this year. In July, the Federal Reserve and FDIC sent a cease-and-desist letter to the bankrupt Voyager cryptocurrency broker, demanding they stop claiming that their USD-denominated funds at the company were protected by FDIC insurance (they weren't). Several weeks later, the FDIC sent a similar letter to FTX US, also demanding they stop making misleading statements about deposit insurance.
Stolen NFTs included 74 Otherdeeds (floor price ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.
One single wallet transferred 750,000 of the USDC stablecoin to the attacker, resulting in a particularly brutal loss for one individual.
In December, the largest Bithumb shareholder, Park Mo, was found dead outside his home in an apparent suicide after he was named as a suspect by prosecutors in an investigation into embezzlement and stock manipulation.
Korean prosecutors had previously charged the former chairman of Bithumb over an alleged $100 million in fraud, though he was acquitted for lack of proof.
The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.
Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.
Now, the FBI has accused two groups of North Korean hackers — Lazarus and APT38 — of perpetrating the Harmony hack. The groups then used Tornado Cash and RAILGUN to launder the funds.
Unfortunately for them, things didn't quite go as planned, with collectors balking at the high pricetag. Mints slowed to a crawl far before the 7,500 limit was reached, and the NFTs quickly began trading at a discount on secondary markets (meaning it was cheaper to buy a resold NFT than mint a new one).
Porsche decided to pump the brakes on the mint when fewer than 2,000 had sold. However, they botched that too — they announced they had stopped the mint before they actually did so, which caused the collection's secondary floor price to rise back above the mint price in anticipation of higher scarcity. Observant traders who noticed this were able to arbitrage the price difference, minting new NFTs and immediately flipping them for a profit on secondary markets.
NFT collectors criticized Porsche for appearing to try to jump into web3 without knowing the space, and asking for an exorbitant mint price without a clear plan.
Ultimately, the Wormhole hacker became the third-largest holder of stETH as a result. The size of the swaps was so large that it moved the stETH market, increasing trading volume by 3000% and temporarily causing the asset to move above its usual 1:1 peg with Ethereum.
The move, which many crypto enthusiasts took as an indication that the Wormhole hacker was a "crypto degen", is unlike the activities of many crypto hackers, who typically try to launder the money and exit into fiat rather than keep it within the crypto ecosystem.
Gemini has been having a rough time lately, trying to recoup $900 million of their customers' funds from Genesis, and facing charges from the SEC that their Earn product was an unregistered securities offering.
Signature Bank has suggested it intends to step back somewhat from the crypto industry. It is one of the relatively few US banks that services crypto clients, and provided services to FTX among others.
Patrick McKenzie speculated that the change might have been related to AML/KYC, and Binance's "Bond villain compliance strategy".
In a spin attempt rivaling those of Olympic gymnasts, Nexo wrote that the large fine was good, actually: "Nexo believes that the company has been recognized for what it truly is - a pioneer, like Uber and Airbnb, providing disruptive solutions in a fast-paced environment," they wrote.
In February, following similar action against BlockFi, Nexo stopped offering their interest program to new customers in the US. Now, Nexo will also stop offering its lending product to US customers as part of the settlement agreement.
It remains to be seen what the impact of a Genesis bankruptcy may have on its parent company, Digital Currency Group (DCG). DCG owes Genesis more than $1.65 billion, according to bankruptcy filings, including a $1.1 billion promissory note created to absorb Genesis losses in the Three Arrows Capital collapse.
The group is seeking $25 million to create a cryptocurrency exchange they're calling "GTX" for now — which they write in the pitch deck is "because G comes after F".
Not only that, but the exchange plans to focus on claims trading — that is, the trading of claims held by creditors against debtors who are undergoing bankruptcy proceedings, like FTX, Celsius, BlockFi, or Mt. Gox (throwback!). The fact that 3AC was a major catalyst in kicking off the string of bankruptcies we saw throughout 2022 was not lost on observers, with Nic Carter of the Castle Island venture capital firm commenting that the endeavor "is akin to arsonists returning to the scene of the crime and offering to charge their victims for buckets of water".
According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.
The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.
Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. The attacker was able to mint and redeem tokens in the old market, while borrowing against them in the new one, ultimately making off with the majority of the assets on the platform.
Authorities charged four individuals with various crimes shortly after the raid. Two were arrested and released on bail; authorities are still looking for the other two. Police have also confiscated money, computers, and crypto assets.
Within a 24-hour period after the raid was announced, Nexo experienced $45 million in withdrawals — about the same amount they normally process in an entire week — as customers rushed to get their money off the platform.
This SNAFU unfortunately means that those assets won't be available to be repaid to FTX customers, although this loss is relatively small compared to the total amount owed.
On November 16, Gemini halted withdrawals from Earn after Genesis halted withdrawals after FTX collapsed. Since then, Gemini and Genesis have been engaged in a very public battle, with Gemini's founders accusing Genesis and its parent company of misconduct and demanding the return of the $900 million in Gemini customer funds.
Like the first round of layoffs, they were performed via email to employees' personal emails, because access to internal systems had already been cut off. The public blog post acknowledged that the strategy "feels sudden and harsh".
Crypto reporter Colin Wu has also reported that the company is requiring all employees to begin accepting their salaries in Tether or USDC stablecoins, or face dismissal. Rumors on Twitter emerged that internal communications channels had been shut down to quell dissent over the change.
Some crypto advocates commenting on the change maintained that there should be no difference to employees if they receive salaries in stablecoins vs. real money, but none seemed able to elucidate any legitimate reason that an exchange might find itself unable to pay salaries except in stablecoins.
At least they're not being asked to take salaries in USDD, the Tron-based stablecoin associated with Justin Sun. USDD depegged even further from its peg (which has been unstable since around October 2022), dipping to around $0.97.
Michel said in his defense that he "never intended to rug but the community went way too toxic". In a press release, an IRS Special Agent stated, "Michel can no longer blame the NFT community for his criminal behavior."
Mutant Ape Planet — though clearly based on it — is unaffiliated with the Mutant Ape Yacht Club project, a Yuga Labs-created spin-off of their own Bored Ape Yacht Club.
Genesis is currently in a really bad spot, halting withdrawals from their lending arm in the wake of the FTX collapse and warning of bankruptcy shortly afterwards. The company owes $900 million to customers of Gemini, and Gemini's CEO recently sent an open letter to Genesis's parent company demanding the funds be returned.
Silvergate announced that they would be cutting 40% of their staff — around 200 employees. They also announced that they would be taking a $196 million impairment charge on assets they purchased from Diem — Facebook's blockchain-based payment system once known as Libra. "Given the significant changes in the digital asset industry landscape, this charge reflects the Company’s belief that the launch of a blockchain-based payment solution by Silvergate is no longer imminent," they wrote.
Silvergate's stock plunged 41% on the news.