Metroverse blockchain game implodes

An isometric rendering of a square tile on which there are multiple city buildings including skyscrapers and futuristic structures, rendered in neon colors.Block #6086 (attribution)
The Metroverse NFT-based game caught the end of the 2021–22 crypto bull market, minting the Genesis collection in January 2022. The project sold out quickly, netting the project creators 2,000 ETH (~$6.3 million) from the mint alone, not to mention 5% royalties on the 25,361 ETH in trading volume since. The project promised to deliver a "land trading NFT strategy game" with mechanics they said would be "similar to Sim City", and flashy artwork drew in an excited fanbase.

Ultimately, the project delivered a game that was a far cry from Sim City, and which only a small subset of players designated as "leaders" could even play. As interest in NFTs and crypto prices began to fall, the community became increasingly dissatisfied with the project creators, who they felt had delivered a subpar game, engaged in an additional cashgrab mint, and took actions like performing a reverse-split of the token which they believed harmed secondary market prices.

Tensions emerged between the project team and the community, with the project team dismissing all criticism as "FUD" and accusing their community members of "sabotage", and community members accusing the project team of rug-pulling and failing to listen to feedback. The team shut down the project Discord, claiming that the community was only making it harder for them to do what they had promised to do, and saying that the attacks were damaging to their mental health. The team promised to complete the last item on the roadmap, but stated that they would not be continuing to develop the project or add additional roadmap items due to the current NFT markets and the "non-stop attacks from the community".

Very shortly after closing the Discord, the project team changed their mind and announced that they would be closing the project entirely. They announced that the upcoming battle would be the last available to play, but that they would be airdropping tokens to players as promised in the last item on the roadmap, and open-sourcing the code. Multiple project team members deleted their social media, and project AMAs were wiped from the Metroverse YouTube channel.

These gestures were far from enough to satisfy an angry community, some of whom threatened to dox the anonymous team behind the game or take legal action against the founders. The team themselves fired back with legal threats, contacting community members to tell them that they believed their conversations on a separate Discord server involved illegal activities that are "not only morally reprehensible but may also constitute serious criminal offenses".

Some community members claimed to have spent tens of thousands of dollars on the project. "I spen[t] like 25 eth at 3k" wrote one. "I spen[t] 250k" shared another.

Crypto investment scheme with links to UK Parliament vanishes

The Guardian published a report on Phoenix Community Capital, a cryptocurrency investment project that solicited investments in part based on credibility it built by ingratiating itself with parliament. The firm drew in approximately 8,000 investors, some of whom put in tens of thousands of pounds, before vanishing in September: the website went offline, and portfolio accounts became inaccessible. A post to the company's Twitter account reported the firm was "under new management", but the new company has said they have no obligation to make previous investors whole.

The firm built credibility by sponsoring an APPG — all-party parliamentary group — and its co-founder, Luke Sullivan, was active as a speaker for parliamentary groups and events hosted by MPs. The firm promoted itself based on these ties to the UK government, including by publishing a blog post about how they "brought the Metaverse to the Palace of Westminster".

Some investors say they have lost more than $100,000 each. One such investor is Alan Rogers, a former Premier League footballer who sunk around $50,000 into the rather Ponzi-looking scheme.

Sam Bankman-Fried indicted on four new charges in criminal case

Sam Bankman-Fried pictured from the shoulders upSam Bankman-Fried (attribution)
Sam Bankman-Fried, the founder and former CEO of the now-bankrupt FTX exchange, was already facing eight criminal charges for offenses including wire fraud, securities fraud, money laundering, and campaign finance violations. Now, US prosecutors have slapped him with four more charges including conspiracy to operate an unlicensed money-transmitting business and conspiracy to commit bank fraud.

The new indictment includes additional information about Bankman-Fried's alleged fraud. The indictment details SBF's attempts to circumvent due diligence by US banks by creating a fake company called North Dimension. Via North Dimension, SBF diverted funds to FTX, which was unable to get a bank account.

Bankman-Fried has entered a not guilty plea to the original eight charges, but has not yet entered a plea for the additional four.

These criminal charges add to securities fraud and other civil charges from the SEC, as well as civil charges out of the CFTC. Both civil cases have been stayed pending the outcome of the criminal case.

WazirX closes NFT marketplace after processing $112 in trades over a month

Indian cryptocurrency exchange WazirX abruptly closed their NFT marketplace on February 22, giving its users no warning. In an announcement on Twitter, they wrote that they had made the decision based on "low volume and traction". Elaborating, they wrote that over the previous 30 days, the platform had seen "71 unique active wallets, 354 transactions, a volume of $112.24, and a total platform fee collected of ~$6".

Many users of WazirX were angry, accusing the company of "abandoning the community".

Canadian regulators tighten rules for crypto exchanges

New guidance from the Canadian Securities Administrators requires any crypto asset trading platforms (CTPs) operating in Canada without formal registration to commit to "pre-registration undertakings". These require them to comply with expectations around crypto asset custody and segregation, prohibitions on margin or leverage trading, and a ban from allowing customers to purchase or deposit stablecoins without express permission from the CSA.

Platforms are expected to provide the pre-registration undertaking while working toward registration with Canadian regulators. Companies who don't comply with the new pre-registration requirements will have to close Canadian accounts and prohibit Canadian users from accessing their services.

Friendsies NFT project rug pulls

A 3D figure with a red heart-shaped head with a propeller hat, with a yellow body with black lines on it, holding a pink spiked mace, wearing green shoes, floating in the air in a sunny backgroundFriendsies #2048 (attribution)
After earning $5.3 million in their initial sale, creators of the Friendsies NFT project suddenly announced they would be "pausing" their project due to "market volatility". The project promised buyers "a companion for the metaverse and beyond", that would "be your AR/AI friend to help guide you for life", and that they would eventually develop a "Tomogatchi-like game that is play-to-earn". No game ever emerged, nor did promises of a community treasury or other plans to "build out the brand".

After partnering with the renowned auction house Christies to sell nine early-access mint passes, the NFTs were launched in April 2022. Each one started minting at 3.33 ETH in a Dutch auction, which at the time was around $12,000. Now, the NFTs have been selling for around 0.01 ETH (~$17).

The project's social media accounts went dormant late in 2022. On February 21, 2023, the project announced that "As the project founders, we have decided that it would be best to put a pause on Friendsies and all future digital goods for the time being... However the volatility and challenges of the market have made it very difficult to move this project forward in a way we can be proud of. For now, we have decided that it's best to allow the space to further mature." Some who asked questions like "So no AI friendsies as promised in your roadmap? What's going on?" found themselves blocked, and shortly afterwards the project deleted its Twitter account.

After being called out by crypto sleuth zachxbt for rug-pulling, the Twitter account returned to insist that they were not rug-pulling, and that "we were overwhelmed with hate and threats". Some Friendsies holders also blamed crypto influencers who had promoted the project near the beginning.

Galois Capital shuts down after losing half their money in FTX

One of the largest crypto-focused algorithmic trading funds, Galois Capital, announced that they would be closing up shop in the wake of the FTX collapse. The fund had half its funds on FTX — around $40 million — and could not keep operating as a result.

Galois also sold its claim on FTX to a distressed buyer for around $0.16 on the dollar.

Dexible hacked for around $1.6 million

Decentralized exchange aggregator Dexible disclosed that they had suffered an exploit of one of their smart contracts, which allowed an attacker to steal funds from customer wallets. The exploit impacted 17 traders, most notably the investment firm BlockTower Capital. BlockTower suffered the largest loss, with the attacker stealing 18 million TrueFi tokens, notionally worth around $1.5 million.

The attacker was able to swap their tokens for 931 ETH ($1.57 million), which they then laundered through Tornado Cash.

"There's no excuse for an exploit, but these things happen," the project wrote on Twitter.

NBA star Paul Pierce to pay $1.4 million fine for shilling EthereumMax

Paul Pierce, standing on the court wearing a green sweatband and a Celtics jerseyPaul Pierce in 2008 (attribution)
In the second big-name slapdown from the SEC relating to the EthereumMax token, former Celtics player Paul Pierce has agreed to pay a $1.4 million fine to settle charges that he violated anti-touting provisions of federal securities laws.

Pierce had made posts on Twitter, including writing shortly after he was fired from ESPN that "ESPN I don't need you. I got EthereumMax. I made more money with this crypto in the past month than I did with y'all in a year. TRUTH shall set u Free". The SEC pointed out that although he had been given EMAX tokens prior to the post, they were priced at around $46,000, not nearly the more than $1 million he'd made at ESPN over the previous year. Pierce later made a post claiming that he held more than $2.5 million of EMAX tokens, but the SEC alleged in the lawsuit that "his own personal holdings were in fact far lower" and that Pierce had been provided the screenshot of another person's holdings.

In October 2022, Kim Kardashian paid $1.26 million to settle charges over touting the same cryptocurrency, a fairly unknown token that nevertheless splashed out heavily for influencer and celebrity promotion in what appears to be a pump-and-dump scheme.

Zachxbt reports phishing scammer "Loyalist" has stolen more than $4 million since early 2022

A voxel human figure with short brown hair, a blue-grey longsleeve shirt, grey calf-length pants, and Converse-style sneakers, wearing a gold necklace chain.Meebit #8661, stolen in August 2022 and flipped for $7,500 (attribution)
Crypto sleuth zachxbt has released research indicating that a cryptocurrency and NFT phishing scammer who goes by Loyalist/Lukas/Shibango has stolen more than $4 million of various assets from at least 416 victims from early 2022 until October 2022. zachxbt identified a slew of phishing websites and other phishing scams that stole both NFTs and cryptocurrency from a large number of victims throughout 2022, which he connected to the Eastern European scammer known as Loyalist. The stolen NFTs included more than 25 Yuga Labs Otherdeeds, more than 15 Meebits, and various others.

Although Loyalist had been largely inactive since October, shortly after zachxbt published his research in February 2023, Loyalist moved nearly $1 million in the DAI stablecoin out of one of the wallets identified by zachxbt.

SEC files fraud charges against fugitive Terra/Luna CEO, Do Kwon

The U.S. Securities and Exchange Commission filed charges against Terraform Labs and its CEO, Do Kwon, relating to the May 2022 collapse of the Terra/Luna projects. The complaint accuses Terraform and Kwon of offering unregistered securities and of fraud, and the SEC wrote in a press release that Kwon and the company "orchestrat[ed] a multi-billion dollar crypto asset securities fraud".

According to the SEC, Kwon "repeatedly misled and deceived investors" about the characteristics and stability of Terra and Luna, and tricked investors into believing that a popular Korean mobile payments platform used the Terra blockchain.

Kwon has been on the run from the law since Korean authorities filed a warrant for his arrest in September 2022. An Interpol red notice followed soon after. He is reportedly hiding out in Serbia, and Korean authorities reportedly traveled there in early February to hunt for him.

Platypus Finance stablecoin exploited for $8.5 million ten days after launch

Platypus USD, a stablecoin issued by the Platypus Finance defi protocol, was exploited only ten days after it first launched. The loss was estimated to be around $8.5 million, although crypto researcher zachxbt observed that Tether had blacklisted the attacker contract shortly after the theft.

The exploit was a flash loan attack that allowed them to drain some protocol pools, also causing the stablecoin to lose its dollar peg and drop to around $0.48. A team member reported on the project's Discord that "all operations are paused until we get more clarity".

The following day, the project reported they had recovered $2.4 million of the stolen funds, and were working with crypto sleuth zachxbt, who had leads as to the hacker's identity. Later that month, Platypus announced that French police had arrested two suspects, who had tried to withdraw stolen funds through Binance — to whom they had submitted identification documents for KYC purposes.

Fart noise reportedly sells for $280,000 in Bitcoin's own NFT mania

"Inscription 2042" in grey text on black, with an audio player showing a 1-second-long fileInscription 2042 (attribution)
You thought NFTs were dead? Think again. Perhaps longing for the halcyon days when you could mint an NFT on Ethereum and smile in satisfaction at the carbon emissions you just blasted into the atmosphere, some Bitcoiners came up with Ordinals: the latest iteration of NFTs on Bitcoin, and certainly the most popular. If nothing else, I do have to give them credit for pushing some Bitcoin maxis into paroxysms of fury.

Anyway, Bitcoin seems to be having its own little resurgence of NFT mania. On February 9, an "Ordinals Punk" — the Ordinals version of CryptoPunks — sold for 9.5 BTC (~$218,000). That record has now been broken by Inscription 2042, which is not an image but rather a 1-second-long audio recording of a fart sound. The NFT reportedly sold for 12.3 BTC (~$280,000), though it's tough to verify given the lack of any sort of Ordinals marketplace.

FDIC demands CEX.io stop claiming it's FDIC-insured

The FDIC is continuing its recent crackdown on exchanges claiming they're protected by FDIC insurance, issuing a cease-and-desist to CEX.io. CEX.io, like several other crypto companies including Voyager, FTX US, and Gemini, made claims referring to FDIC insurance that suggested that customer funds might be protected from issues at the company in a similar way that banking customers are protected from bank failures.

Many of these companies have taken the (true) statement that the company's insured depository accounts at various banking institutions are FDIC insured and presented it to customers in a misleading way, and the FDIC wants them to cut it out. The FDIC also demanded websites who published statements like "Is CEX.io Safe? Yes, Cex.io is a safe crypto exchange. Actually, one of the safest on the market since they are FDIC insured..." take them down.

CEX.io is a London-based cryptocurrency exchange with comparatively low trading volume compared to its larger competitors like Binance or Coinbase.

South Korean authorities issue arrest warrant to CEO of Tmon e-commerce platform for shilling Terra

South Korean authorities have issued an arrest warrant for the former CEO of Tmon, a major Korean e-commerce platform. The allege that he was bribed with Luna tokens, which he exchanged for billions of won (worth around US$105 million), to promote Terra: the stablecoin in the Terra/Luna ecosystem.

Terra and Luna dramatically collapsed in May 2022, and South Korean authorities are still hunting for Terra leader Do Kwon, who is reportedly hiding in Serbia. Earlier this month, Korean authorities reportedly traveled to Serbia to try to locate him, but were unsuccessful.

dForce Network exploited for $3.65 million, funds returned

An attacker using flash loans to exploit a common re-entrancy vulnerability siphoned $3.65 million from the dForce defi project on both Arbitrum and Optimism, which are Ethereum layer-2 networks. The exploit, which involves manipulating the oracle price in Curve liquidity pools, is a common one that was first reported to Curve in April 2022 and disclosed in October 2022. It has been used to attack various other projects, including QiDAO.

dForce contacted the hacker via blockchain transaction, offering to negotiate a bounty. Several days later, the project tweeted that the attacker had "c[o]me forward as a whitehat", and that the funds had been fully returned. "We have agreed to offer a bounty and will drop all on-going investigation and law enforcement actions," they announced.

Paxos ordered to stop minting Binance USD stablecoin, SEC sends Wells notice

New York-based crypto company Paxos was ordered by the New York Department of Financial Services to stop minting the Binance USD (BUSD) stablecoin over "several unresolved issues related to Paxos' oversight of its relationship with Binance in regard to Paxos-issued BUSD".

Nearly simultaneously, the SEC sent a Wells notice to Paxos, informing them of imminent enforcement action. According to the Wall Street Journal, the SEC told Paxos they intended to sue the company for violating investor protection laws, and that the SEC believed Binance USD was an unregistered security.

Paxos agreed to stop minting new BUSD tokens (but will continue to honor redemptions), and said in a statement that they would be ending their stablecoin-minting relationship with Binance. As for the SEC, Paxos has promised to "vigorously litigate if necessary", arguing that BUSD is not a security.

Paxos faces investigation over stablecoin offerings

CoinDesk reported that the New York Department of Financial Services is actively investigating Paxos, which issues both the Pax dollar (USDP) and the considerably larger Binance USD (BUSD) stablecoins.

It's not quite clear the extent of the NYDFS investigation, though it joins rumors (denied by Paxos) that they were also being investigated by the US Office of the Comptroller of the Currency (OCC), which regulates banks. Paxos has a provisional banking charter, which it received from the OCC in 2021. It also has a virtual currency license, which is issued by the NYDFS.

Umami Finance halts yields, CEO dumps tokens amidst accusations of rugpull

The Umami Finance defi protocol offered yield products intended for institutional customers. However, on January 31, they announced that they would be halting yields amidst claims that they were concerned about regulatory strategy and undergoing a review.

Shortly after, the project CEO began dumping tokens on the market, cashing out 44,000 UMAMI tokens. These were ostensibly priced at $800,000, though the sell-off crashed the UMAMI price by more than 60% and ultimately netted the CEO around $380,000 of USDC.

Amidst the sell-off, a team member tried to reassure users that "the team resigned" but that also, confusingly, the "treasury assets are safe and in control of the team".

Kraken ends staking, pays $30 million fine in settlement with U.S. SEC

U.S. cryptocurrency exchange Kraken has reportedly agreed to close up shop on its crypto staking operation and pay a $30 million fine to the U.S. Securities and Exchange Commission. This comes shortly after the news that the SEC was probing the exchange, and rumors from Coinbase CEO Brian Armstrong that the SEC was looking to "get rid of crypto staking in the U.S. for retail investors".

According to the SEC, Kraken had failed to register its staking-as-a-service program, which had generated $147 million in revenue.

This is not Kraken's first run-in with authorities, after paying a $360,000 fine to OFAC in November for sanctions violations.

Peer-to-peer Bitcoin exchange LocalBitcoins to shut down after ten years

LocalBitcoins, a Finnish platform that allows individuals to trade Bitcoins with one another peer-to-peer, will be shutting down. The exchange is one of the longest running cryptocurrency exchanges, and for a while functioned as a way for people to trade cash for Bitcoin (and vice versa) more privately. However, in 2019, the exchange introduced KYC requirements.

LocalBitcoins cited "the ongoing very cold crypto-winter" as the rationale for the closure, and stated that new sign-ups would be suspended immediately. Trading will be suspended a week later, and users will have a year to withdraw Bitcoins they stored on LocalBitcoins' wallet product.

Yuga Labs' 3-week-long "Dookey Dash" game tournament ends amidst allegations of widespread cheating

A monkey sits atop what appears to be some kind of underwater motorcycle, navigating through a murky sewer pipe with various obstacles in the distanceDookey Dash (attribution)
Yuga Labs released an endless runner game called "Dookey Dash" (really) where players compete to see how long they can keep their character navigating through a sewer pipe without crashing. Access to the game is granted through "Sewer Pass" NFTs, which can be claimed by people who own Bored Apes or Mutant Apes, but which were also trading on the secondary market for around 3.1 ETH ($5,100).

Yuga Labs has said that, following the end of the three-week-long game tournament, the Sewer Passes with non-zero scores in the game will transform into something new, with the idea that higher scorers may receive more valuable NFTs.

This, of course, incentivized users to try to cheat in the game by creating bots, changing the browser-based game code to eliminate obstacles, or access game seeds that allowed them to predict the layout of a course run. Sewer Pass holders began paying others to play their game for them — either more skilled players, or players who were using these tools. Some were charging up to 2.5 ETH (~$4,200) to obtain scores of 700,000 or more for those who hired them.

Yuga Labs has promised to review gameplay to ensure that those who cheated are disqualified. They've also warned people buying Sewer Passes after gameplay ended that if they buy a pass that is determined to have cheated, it will be worthless. Some are skeptical of Yuga's ability to accurately detect cheaters, and others have expressed concern over false positives in the game's cheat detection that appeared to be caused by slower Internet connections.

Creator of MetaBirkins NFTs loses trademark infringement lawsuit from Hermès

A digitally rendered handbag resembling a Birkin bag, which has been covered in faux fir with a yellow smiley face printMetaBirkin #98 (attribution)
A year ago, the Hermès luxury brand slapped Mason Rothschild, creator of "MetaBirkins" NFTs, with a trademark lawsuit. The suit centers on his NFT collection: a series of 100 digitally rendered, faux-furry handbags resembling the luxury Birkin bag design. The NFTs had enjoyed $1.2 million in trading in their two months of existence before the lawsuit was filed, and Rothschild estimated he made around $125,000 from the project.

Rothschild tried to argue that his work echoes Andy Warhol's Campbell's soup cans and other "brand art".

Hermès, on the other hand, argued that Rothschild was simply a "digital speculator" hawking a "get rich quick" scheme, and trying to profit off consumers' confusion that the NFTs were an official Hermès production. They claimed they have their own plans for NFTs, and that Rothschild impeded those with his project.

Ultimately, the jury found that Rothschild had infringed upon the Hermès trademark, and awarded the company $133,000 in damages.

"[Hermès] feel they have the right to choose what art IS and who IS an artist... Not because of what they create but because their CV doesn't scream artist with a pedigree from a world class art school," accused Rothschild after the decision, though he was not actually the designer of the images used in the NFT project.

Coin Cloud crypto ATM operator files for bankruptcy

A blue crypto ATM, with the CoinCloud logo printed on the side in whiteCoinCloud crypto ATM (attribution)
The US-based company Coin Cloud, which operates crypto ATMs in the US and Brazil, filed for bankruptcy on February 7. They are the second largest crypto ATM operator in the world, and also in the US.

The company disclosed liabilities between $100 million and $500 million, and assets between $50 million and $100 million. In a filing, they reported they had 5,001–10,000 creditors.

By far the largest creditor is Genesis, a crypto lending firm that is also undergoing bankruptcy proceedings. Coin Cloud has a $116 million loan from Genesis, around $108 million of which is unsecured. Coin Cloud also owes a $7.6 million secured debt to crypto lending firm Enigma.

According to Coin Cloud, contributing to their bankruptcy was a $35 million deal with a vendor who they allege sold them faulty ATMs in February 2021, and with whom they are in litigation. Furthermore, in September 2021, the firm providing Coin Cloud's ATM software tried to terminate their software agreement, and pushed a software update that rendered the machines inoperable, causing days- or weeks-long outages. Coin Cloud decided to deploy unfinished ATM software that they had been using internally, and which was quickly hacked for around $6.5 million. Finally, Coin Cloud claims a chief marketing officer they hired lied about his credentials, and then spent $20 million more than he was budgeted.

Webaverse discloses $4 million theft via a mysterious social engineering attack

The metaverse gaming company Webaverse disclosed on February 6 that they had suffered a $4 million theft several months earlier. They outlined what appeared to be a complex scam in which individuals posing as venture capitalists convinced them to meet in person in a hotel lobby in Rome, transfer funds to a new crypto wallet, and show it to them. The Webaverse team appeared to believe that the scammers somehow managed to steal funds from the wallet solely by taking photographs of the new Trust Wallet, with no QR codes or private keys showing.

Trust Wallet published a thread about the theft, characterizing it as a social engineering scam perpetrated by an "organized crime unit from Rome". However, they didn't clearly address the claims about funds being stolen via a photograph of the Trust Wallet. Trust Wallet seemed to suggest they believed that the theft may have been perpetrated via malware transmitted in a PDF containing KYC information.

Webaverse described the incident as "undoubtedly a setback", but expressed belief that they would be able to continue operating.

Binance suspends USD bank transfers

Binance announced that they would be "temporarily suspending USD bank transfers" with two days notice.

This comes in the wake of various crypto exchanges — Binance included — appearing to have difficulties with banking. On January 21, Binance announced that users wouldn't be able to use SWIFT for transfers below $100,000 via Signature Bank. Meanwhile, Crypto.com's Lithuanian payment processor, Transactive, has faced a crackdown from the Lithuanian banking regulator leaving Crypto.com users without access to Euro-denominated deposits and withdrawals.

Logan Paul slapped with a class action lawsuit over CryptoZoo rugpull

A pixel art bear with a duckling(?) headA "Bearling" zoo creature from Paul's promised CryptoZoo game (attribution)
Logan Paul is now facing a class action lawsuit over his CryptoZoo project, a planned NFT game that Paul apparently lost interest in and abandoned — after profiting handsomely, of course, off his fans who put millions into the project.

Scam sleuth CoffeeZilla dug into the project in a multipart YouTube series recently, drawing legal threats from Paul. After plenty of negative publicity, Paul withdrew the legal threats and promised to develop a refund plan for some of the funds that were invested, though it is a small fraction of the money lost in the project.

Rather than wait to see if Paul comes through with refunding only a small portion of their money, a group has formed a class action lawsuit against Paul and others who helped with the project. The lead plaintiff put a total of around $3,000 into the project altogether.

The suit accuses Paul and his team of a whole host of charges including fraud, breach of contract, unjust enrichment, deceptive trade practices, negligence, and fraudulent misrepresentation.

Orion Protocol suffers $2.9 million hack

The decentralized exchange Orion Protocol suffered a loss of 1,757 ETH (about $2.9 million) from the company treasury funds thanks to a reentrancy attack.

Orion Protocol CEO Alexey Koloskov wrote a Twitter thread confirming the attack, but claiming that although they weren't sure how the hack was perpetrated, it wasn't due to the fault of their own code. Koloskov wrote that he thought the issue "might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers."

Bonq defi borrowing project exploited

The Polygon-based defi borrowing protocol Bonq suffered an attack in which 112 million ALBT tokens and around 100 million BEUR tokens were stolen. A flaw in the protocol enabled the attacker to modify oracle prices, allowing them to mint new ALBT and BEUR for significantly less than market price.

The attacker quickly bridged the tokens to the Ethereum chain and swapped them for ETH and USDC, collectively worth around $1.7 million. The price of ALBT plunged around 50%, and the BEUR Euro-pegged stablecoin significantly lost its peg.

Bitcoin community erupts over "Ordinals": Bitcoin-based NFTs

A black pixel-art skull resembling a calavera, on a white backgroundInscription 0, the first Ordinals NFT (attribution)
A recent project called "Ordinals" has the Bitcoin community up in arms. The project is the latest attempt to introduce NFTs to the Bitcoin blockchain, a controversial subject among a group of people with strong ideological beliefs about what Bitcoin should be. Ordinals takes advantage of a change in the blockchain codebase called SegWit that was introduced in 2017, and stores NFT data in a portion of the transaction called the "witness". Some think this is a clever hack, while others think they're abusing the design.

Following the change, Bitcoin block sizes have reached all-time highs nearing 2.5 MB. Some are not thrilled that the size of the chain is ballooning with what they view to be junk data, given the whole thing needs to be recorded forever.

Longtime Bitcoin Core developer Luke Dashjr described Ordinals as a "spam attack" and an "attack on Bitcoin's fungibility", warning they would "break" the major Bitcoin-based projects Lightning and CoinJoin. He has argued that the miners should begin filtering the transactions as spam, which brought strong reactions from some in the community who pushed back that Bitcoin should be censorship resistant. "1) Bitcoin hasn't been censorship-resistant since mining centralisation. 2) Censorship resistance is about censorship, not fighting spam/attacks," he replied. Dashjr's fellow Core developer Adam Back also seemed unimpressed with the project, tweeting about Ordinals' "sheer waste and stupidity".

Ordinals are not the first Bitcoin-based NFTs, but they are the most recent and perhaps the most popular. On February 9, an "Ordinal Punk" — a Bitcoin-based homage to Ethereum's CryptoPunks — sold for 9.5 BTC (~$218,000).

Rally sidechain shuts down with under a day's notice, taking users' tokens with it

Rally is an Ethereum sidechain built to support "social tokens" — typically, tokens intended for fans of various celebrities or groups.

Fans of creators including Felicia Day (actress and famous nerd), Brandon Powell (LA Rams wide receiver), and Portugal. The Man (rock band) may be disappointed, however, because Rally announced with under one day of notice that they would be shutting down. "This means that after today, the site will no longer be supported and you may experience a degradation in services or it may simply become inoperable. Additionally, since NFTs on the Rally sidechain are not transferable to mainnet, these will not be accessible once the site shuts down," they wrote in an email. The project also deleted its Twitter account.

The group behind the Rally Network had raised $57 million in funding in 2021, and was backed by VCs including Andreessen Horowitz.

Bankrupt FTX tries to claw back $446 million from bankrupt Voyager

It's no big secret that there's a lot less money actually floating around in crypto than bogus "market caps" and other numbers would have you believe, but it's being put into stark relief as the various bankrupt crypto firms fight tooth and nail over any scrap of cash that may actually remain.

In FTX's ongoing efforts to dig through the proverbial couch cushions in search of any funds that could be used to fill the gaping hole in its balance sheet, the firm has sued Voyager, a crypto broker that filed for bankruptcy in July, to try to recoup $446 million in funds that were "preferentially transferred" to Voyager when it filed for bankruptcy.

The lawsuit alleges that Voyager served as a "feeder fund" that "solicited retail investors and invested their money with little or no due diligence in cryptocurrency investment funds like Alameda and Three Arrows Capital".

Tesla lost $140 million trading Bitcoin in 2022

Elon Musk's $1.5 billion Bitcoin bet at Tesla turned out to be a bad deal. He sunk the funds into Bitcoin in January 2021, when Bitcoin was trading between $30,000 and $40,000. Simultaneously, he announced that Tesla would begin accepting Bitcoin — an announcement that was quickly reversed when someone apparently pointed out to Musk that Bitcoin is an environmental nightmare.

Tesla sold most of its Bitcoin in Q2 2022, following the grand crypto tradition of buying high and selling low.

Now, according to SEC filings, Tesla suffered a net loss of $140 million in 2022 thanks to the gamble. Their reported $64 million in trading profits were eclipsed by their $204 million loss. Tesla still holds somewhere around 11,000 BTC.

New York regulator investigates Gemini over FDIC claims

The embattled Gemini crypto exchange, which is has $900 million of customer funds locked up in the Genesis bankruptcy and has been charged by the SEC for offering unregistered securities, now has another problem to add to its list. The New York State Department of Financial Services, which is responsible for regulating the exchange portion of Gemini's business, is reportedly looking into whether Gemini misled customers that their funds were protected by FDIC insurance — that is, the insurance typically known for protecting funds placed into accounts with actual banks.

When concerned customers contacted Gemini customer support to ask if their funds were safe at Gemini, in the wake of the collapses throughout the crypto industry, they were reassured by customer support that the fiat currency held by Gemini to back their GUSD stablecoin was held in accounts that were eligible for FDIC insurance. Some customers took this to mean that their holdings with Gemini were safe and protected from the possibility of trouble at Gemini: something they've now discovered was not the case, as customers of Gemini's Earn program cannot withdraw their funds.

Cryptocurrency companies misleading or outright lying to customers about FDIC insurance has been something of a trend this year. In July, the Federal Reserve and FDIC sent a cease-and-desist letter to the bankrupt Voyager cryptocurrency broker, demanding they stop claiming that their USD-denominated funds at the company were protected by FDIC insurance (they weren't). Several weeks later, the FDIC sent a similar letter to FTX US, also demanding they stop making misleading statements about deposit insurance.

Hacked Azuki Twitter account enables theft of pricey NFTs and crypto priced at more than $1.74 million

A green zombie-looking ape with a red warty mouth and sharp teeth, with a turquoise hachimaki and a tie-dye shirtMutant Ape #16924, which most recently sold for ~$23,400 (attribution)
Hackers were able to compromise the Twitter account belonging to the popular Azuki NFT project, which they then used to promote a fake NFT drop to its 334,000 followers. Users who tried to mint the NFTs instead had their wallets emptied of pricey NFTs and cryptocurrencies.

Stolen NFTs included 74 Otherdeeds (floor price ~$2,700 each), 3 Porsche NFTs (floor ~$3,100), 57 Beanz (floor ~$2,600), 12 Doodles (floor ~$10,600), 2 Mutant Apes (floor ~$24,300), and 49 Pudgy Penguins (floor ~$9,200) to the attacker. Altogether, those stolen NFTs could fetch almost ~$1 million if sold at floor price.

One single wallet transferred 750,000 of the USDC stablecoin to the attacker, resulting in a particularly brutal loss for one individual.

Coinbase fined $3.6 million by Dutch central bank

The Dutch central bank levied a €3.3 million ($3.6 million) fine against Coinbase, who began operating in the Netherlands without properly registering. The fine is reportedly unusually large, because of Coinbase's prominence and because it had accumulated a significant number of Dutch customers without the proper registration. Coinbase had been noncompliant from November 2020 to August 2022.

Bithumb executives charged with embezzlement

South Korean prosecutors filed charges against several executives of the Korean cryptocurrency exchange Bithumb. Those charged included its owner, Kang Jong-Hyun, and his sister Kang Ji-Yeon, who rurns Bithumb affiliates Inbiogen and Bucket Studio. The charges included embezzlement, breach of trust, and fraudulent illegal transactions. The charges follow reports that Bithumb and affiliated companies were being investigated for possible tax evasion, though those investigations are a separate matter unrelated to these charges.

In December, the largest Bithumb shareholder, Park Mo, was found dead outside his home in an apparent suicide after he was named as a suspect by prosecutors in an investigation into embezzlement and stock manipulation.

Korean prosecutors had previously charged the former chairman of Bithumb over an alleged $100 million in fraud, though he was acquitted for lack of proof.

Kevin Rose loses pricey NFTs to wallet hack

A rainbow scribble, with a filter applied to make it appear somewhat blurryChromie Squiggle #9639, which Rose bought for 16 ETH (~$26,000) in August 2022 (attribution)
Kevin Rose, perhaps best known as the founder of Digg, but also a prominent crypto investor and entrepreneur, lost a substantial number of pricey NFTs when he apparently signed a malicious transaction. The hacker stole 25 Squiggles NFTs, which are trading at a floor price of 13.3 ETH, putting the estimated price based on the floor price at around 332.5 ETH (~$519,000). Rose acquired the Squiggles for between 6.3 and 16 ETH each (~$10,000 to $25,000).

The thief also stole an Autoglyph NFT, which rarely change hands, but which have most recently sold for around 200 ETH ($312,000). Rose had been offering his Autoglyph for sale for 345 ETH ($539,000), but had yet to find a buyer.

Fortunately for Rose, the hacker was apparently unable to steal a CryptoPunk NFT he owned that resembles a zombie. The rare zombie variant of the already pricey NFT have fetched millions — albeit in periods of stronger interest in NFTs.

FBI pins the Harmony Bridge hack on North Korea

A June 2022 hack saw cryptocurrency notionally worth $100 million stolen from Harmony's Horizon Bridge. At the time, blockchain research firm Ellipsis concluded that there were "strong indications" that the hack had been perpetrated by the North Korea state-sponsored Lazarus hacking group. Lazarus has been responsible for several major crypto hacks before this one, including the massive Axie Infinity hack in March 2022.

Now, the FBI has accused two groups of North Korean hackers — Lazarus and APT38 — of perpetrating the Harmony hack. The groups then used Tornado Cash and RAILGUN to launder the funds.

Porsche bungles NFT roll-out

A photo of a white Porsche 911, pictured from the front onPorsche NFT (attribution)
For some reason, Porsche decided they needed to release a set of Porsche 911 NFTs so that customers could buy "the opportunity to co-create Porsche's future in the Web3 universe" (whatever that means). The set of 7,500 NFTs were available to mint for 0.911 ETH apiece, or around $1,490. If the project sold out, Porsche would have been looking at a windfall of more than $11 million.

Unfortunately for them, things didn't quite go as planned, with collectors balking at the high pricetag. Mints slowed to a crawl far before the 7,500 limit was reached, and the NFTs quickly began trading at a discount on secondary markets (meaning it was cheaper to buy a resold NFT than mint a new one).

Porsche decided to pump the brakes on the mint when fewer than 2,000 had sold. However, they botched that too — they announced they had stopped the mint before they actually did so, which caused the collection's secondary floor price to rise back above the mint price in anticipation of higher scarcity. Observant traders who noticed this were able to arbitrage the price difference, minting new NFTs and immediately flipping them for a profit on secondary markets.

NFT collectors criticized Porsche for appearing to try to jump into web3 without knowing the space, and asking for an exorbitant mint price without a clear plan.

Wormhole hacker becomes the third largest holder of stETH

After the $320 million hack of the Wormhole blockchain bridge in February 2022, much of the funds remained dormant. Now, however, the hacker seems to have returned. On January 23, they took 95,360 ETH (~$157 million) of the 120,000 ETH they stole (now worth substantially less) and used it to lever up a position in stETH. stETH is Lido-staked Ether, an asset representing ETH that has been staked on Ethereum since it moved to the proof-of-stake model.

Ultimately, the Wormhole hacker became the third-largest holder of stETH as a result. The size of the swaps was so large that it moved the stETH market, increasing trading volume by 3000% and temporarily causing the asset to move above its usual 1:1 peg with Ethereum.

The move, which many crypto enthusiasts took as an indication that the Wormhole hacker was a "crypto degen", is unlike the activities of many crypto hackers, who typically try to launder the money and exit into fiat rather than keep it within the crypto ecosystem.

Gemini lays off 10% of staff amid troubles

Gemini performed a 10% layoff, cutting roughly 100 positions. This move followed a 7% layoff in July 2022, and a 10% reduction just a month prior to that.

Gemini has been having a rough time lately, trying to recoup $900 million of their customers' funds from Genesis, and facing charges from the SEC that their Earn product was an unregistered securities offering.

Binance announces that users won't be able to use SWIFT for transfers below $100,000

Binance informed its users that they would no longer be able to perform transactions below $100,000 via the SWIFT financial network. According to Binance, this was because their banking partner, Signature Bank, had announced they were implementing that floor for all cryptocurrency exchange clients.

Signature Bank has suggested it intends to step back somewhat from the crypto industry. It is one of the relatively few US banks that services crypto clients, and provided services to FTX among others.

Patrick McKenzie speculated that the change might have been related to AML/KYC, and Binance's "Bond villain compliance strategy".

Nexo fined $45 million by US SEC

More bad news for Nexo, whose Bulgarian offices were raided a week prior amidst allegations of organized financial crime. Now, the United States SEC and state securities regulators have fined the company a total of $45 million for violations of securities law — only the latest in a string of regulatory enforcement actions against companies offering interest-earning cryptocurrency accounts or lending services.

In a spin attempt rivaling those of Olympic gymnasts, Nexo wrote that the large fine was good, actually: "Nexo believes that the company has been recognized for what it truly is - a pioneer, like Uber and Airbnb, providing disruptive solutions in a fast-paced environment," they wrote.

In February, following similar action against BlockFi, Nexo stopped offering their interest program to new customers in the US. Now, Nexo will also stop offering its lending product to US customers as part of the settlement agreement.

Genesis files for bankruptcy

The Genesis cryptocurrency lending platform filed for bankruptcy, following weeks of turmoil after the FTX collapse. Genesis halted withdrawals shortly after FTX's failure, and shortly afterwards warned of possible bankruptcy if they couldn't raise at least $1 billion in new capital. The past few months have also featured a public conflict between Genesis, along with its parent company DCG and DCG's CEO and founder Barry Silbert, and the Winklevoss twins behind the Gemini crypto exchange.

It remains to be seen what the impact of a Genesis bankruptcy may have on its parent company, Digital Currency Group (DCG). DCG owes Genesis more than $1.65 billion, according to bankruptcy filings, including a $1.1 billion promissory note created to absorb Genesis losses in the Three Arrows Capital collapse.

Founder of Bitzlato crypto exchange charged for processing more than $700 million in illicit funds

US authorities arrested and charged Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange. Although the exchange is relatively unknown, the justice department alleges that it was instrumental to darknet criminal marketplaces, including Hydra Market. The DOJ alleges that users of Hydra Market processed more than $700 million in cryptocurrency through Bitzlato, which also helped to facilitate more than $15 million in ransomware proceeds. Although Bitzlato claimed not to serve users in the United States, the DOJ claims that the exchange "did substantial business with U.S.-based customers".

Three Arrows Capital founders seek funding for an exchange to enable customers to trade claims against firms 3AC helped to bankrupt

Kyle Davies and Su Zhu, the founders of the bankrupt Three Arrows Capital crypto hedge fund, have joined forces with Mark Lamb and Sudhu Arumugam, the founders of the CoinFLEX platform, which is undergoing restructuring due to its own solvency issues. Davies and Zhu are still on the run from liquidators. What a dream team.

The group is seeking $25 million to create a cryptocurrency exchange they're calling "GTX" for now — which they write in the pitch deck is "because G comes after F".

Not only that, but the exchange plans to focus on claims trading — that is, the trading of claims held by creditors against debtors who are undergoing bankruptcy proceedings, like FTX, Celsius, BlockFi, or Mt. Gox (throwback!). The fact that 3AC was a major catalyst in kicking off the string of bankruptcies we saw throughout 2022 was not lost on observers, with Nic Carter of the Castle Island venture capital firm commenting that the endeavor "is akin to arsonists returning to the scene of the crime and offering to charge their victims for buckets of water".

NFT GOD's wallet drained, accounts used to phish others after malware infection

A Mutant Ape with x-ed out eyes, snot on its face, and a green fur coat with skulls sticking out of itMAYC #22284 (attribution)
According to NFT GOD, his computer was infected with malware when he clicked a sponsored link in a Google search when he went to download the streaming software OBS. This is similar to an attack in April 2022 where scammers stole millions using malicious Google ads.

According to NFT GOD, not only did the hackers drain his crypto wallet of his NFTs and crypto, including his beloved Mutant Ape, but they also hijacked his accounts to send out phishing links to his substantial followers.

The person who purchased the stolen ape (for 16.65 ETH, ~$25,800) said he was willing to sell the ape back to NFT GOD for the same price they paid for it, which seemed to be taken as good news by NFT GOD.

LendHub reports $6 million hack

In a Twitter thread, LendHub published a message stating that "hackers stole about 6 million US dollars of assets from Lendhub". They wrote that they had "locked the hacker's attack address", but whatever they meant by this was not enough to stop the thief from transferring 1,100 ETH (~$1,562,000) to Tornado Cash to tumble.

Security firm SlowMist attributed the attack to a token that had been replaced with a new version, but whose original version remained active on the platform. The attacker was able to mint and redeem tokens in the old market, while borrowing against them in the new one, ultimately making off with the majority of the assets on the platform.

Nexo raided by Bulgarian authorities

Bulgarian prosecutors raided more than 15 locations in Sofia, Bulgaria in relation to the Nexo cryptocurrency lender. A spokesperson for the prosecutors has said that the raids are "part of a pre-trial investigation aimed at neutralising an illegal criminal activity of crypto lender Nexo". These activities reportedly include setting up of an organized crime group, tax crimes, money laundering, banking activity without a license and computer fraud. Bulgarian authorities allege that Nexo has processed $94 billion through its platform over the past five years.

Authorities charged four individuals with various crimes shortly after the raid. Two were arrested and released on bail; authorities are still looking for the other two. Police have also confiscated money, computers, and crypto assets.

Within a 24-hour period after the raid was announced, Nexo experienced $45 million in withdrawals — about the same amount they normally process in an entire week — as customers rushed to get their money off the platform.