Crypto researcher identifies massive wallet draining operation

Crypto researcher Tayvano posted a Twitter thread about a massive, mysterious wallet draining operation that has siphoned more than 5,000 ETH (~$9.88 million at today's prices) as well as other tokens and NFTs from wallets across more than eleven blockchains since December 2022. The operation appears to target more sophisticated crypto users, but the mechanism of attack is unclear. The researcher hypothesized that "someone has got themselves a fatty cache of data from 1+ yr ago & is methodically draining the keys as they parse them from the treasure trove", but emphasized that that was only speculation.

Co-founders of company best known for Bella Hadid NFTs begin $77 million court battle against each other

3-D artwork of a humanoid robot shaped like a woman, all white with a red circle on the chest, wearing a bomber jacket with "Japan" on the arm. The robot has Giga Hadid's face, which is wearing a futuristic visor and earphones. The background is the Japanese flag.A "Cy-B3lla" NFT (attribution)
Krzysztof Gagacki and Edmond Truong are co-founders of Rebase.gg, some sort of augmented reality app where people go hunting for NFTs. They're best known for helping to create a "Cy-B3lla" NFT collection with model Bella Hadid, which launched in mid-2022. Speaking about skepticism of celebrity NFT projects to Vogue in June 2022, Hadid said, "Where that skepticism comes from is the people who just want to have a money grab. To me, it’s so much bigger than that. I want it to be a collective. It’s not a one-stop shop—this is a real passion."

Although the project promised to provide ongoing access to Bella Hadid and various other perks, the project website has already dropped offline, the Twitter account hasn't posted since October 2022, and the Discord is a ghost town save for occasional questions about whether the project is dead. Hadid made $1.5 million for her involvement in the project.

Things at Rebase seem to have devolved, because now Gagacki has filed suit against Truong, alleging that he "has gone rogue". The suit alleges that Truong tried to oust Gagacki from the company, stole around $2 million from a shared wallet, and damaged Gagacki's reputation. In particular, Gagacki is concerned that Truong is attempting to launch the project on the Arbitrum network without Gagacki's involvement, and that tokens minted there "could reach many times over the Rebase app's last round valuation of $150,000,000" without being shared with Gagacki.

Altogether, Gagacki is claiming damages of no less than $77 million, representing the stolen funds, the value of the app, and the profits from the possible Arbitrum deal.

SEC charges Bittrex with operating an unregistered exchange

Several weeks after Bittrex announced it would be winding down its US operations by the end of April, citing the US "regulatory and economic environment", the SEC filed charges against the company and its co-founder and former CEO William Shihara for operating an unregistered national securities exchange, broker, and clearing agency.

The complaint also alleges that Bittrex and Shihara had coordinated with token issuers to dodge potential SEC action by having them remove public "problematic statements" predicting price, describing an expectation of profit, or describing offerings in terms of investments.

Hundred Finance exploited for $7.4 million

An attacker was able to manipulate the exchange rate between tokens and their interest-bearing equivalents on the Hundred Finance system on the Optimism layer-2 network, ultimately siphoning around $7.4 million from the project.

Hundred Finance announced that they were trying to communicate with the attacker to try to convince them to return some of the funds.

This was not the first exploit to impact Hundred Finance: in March 2022, both Hundred Finance and Agave Finance were targeted with a flash loan attack by a hacker who stole a total of $12 million from the two projects.

Bitrue crypto exchange hacked for $23 million

The Singapore-based Bitrue crypto exchange suffered a hack on April 14 in which attackers siphoned tokens including Ethereum, Shiba Inu, and MATIC (the token for the Polygon network). Altogether the stolen funds were estimated at around $23 million.

Bitrue didn't release details on how the attack had been achieved, but explained that one of their hot wallets had been impacted. They announced that they would be pausing withdrawals for several days as they investigated the incident, and that they would be compensating affected users.

NFT collector Franklin claims to have been scammed for 2,000 ETH ($4.2 million)

A gold-furred illustrated ape wearing a red visor and red shirt resembling a foodservice uniform. Its eyes are closed and it's on a grey backgroundBored Ape #1726, used by franklinisbored as a profile picture (attribution)
Franklin, aka franklinisbored, has come to be known as one of the most prolific collectors of Bored Apes. At times, he's held more than fifty of the NFTs, and he can often be spotted snapping up cheap apes. However, on April 13 he sold quite a few of his collection.

Franklin disclosed on Twitter that "Due to an unfortunate IRL issue, I have had to sell off a lot of BAYC apes to pay off BendDAO loans while the liquidity was available". He had recently sold 27 of the Bored Apes. He later wrote, "I got rug pulled on an investment I put almost 2000 ETH into, thinking it was credible due to who else invested (not naming anyone for privacy reasons). Someone used our $$ as a casino gambling Ponzi and flushed it down the drain. Please learn any lessons possible from this." 2,000 ETH is worth around $4.23 million at today's ETH prices.

People immediately began to speculate about what project he could be referring to. Some wondered if perhaps he was trying to cover up losses on the Rollbit crypto casino, which he was known to use, and where he could be observed on-chain depositing more than 6,000 ETH (~$12.7 million) since the beginning of the year alone. Later in the day, he wrote another tweet: "For partial transparency: My personal PnL [profit and loss] of my Rollbit gambles is about -650 ETH total. So yes I lost a lot of money myself on Rollbit, but that didn’t require me to sell off today." At today's prices, 650 ETH is around $1.375 million.

Franklinisbored expressed that he would be taking a break from NFT trading and social media following the incident: "I won't get involved in NFT trading/twitter for a while, and will just focus on my private life for the time being with my remaining apes."

Yearn Finance exploited for more than $11 million

A bug in a token issued by the Yearn Finance defi protocol resulted in a loss that has been estimated at around $11.6 million. An attacker was able to use a 10,000 USDT deposit to mint more than 1.2 quadrillion yUSDT, a wrapped version of the Tether (USDT) stablecoin. Losses were limited somewhat by the fact that only older versions of the Yearn protocol were vulnerable to the bug, and the version had been "frozen" since December 2022.

The attacker began swapping tokens out for other stablecoins shortly after the exploit, moving them into lending projects like Aave and laundering them through the Tornado Cash cryptocurrency mixer. There were early concerns that Aave itself was impacted by an exploit, but it was later clarified that Aave had simply been used to swap tokens involved in the Yearn exploit, and did not appear to itself be vulnerable.

This is not the first exploit involving Yearn Finance, which was hacked for $11 million in 2021, and which lost around $1.4 million in connection to the massive Euler Finance attack in March 2023.

Nicole Behnam pumps and dumps: "There were mistakes made in a wallet that I controlled"

A poorly drawn pixel art shiba inu dog with half-lidded eyes, a shiny black pompadour, and its tongue sticking out, holding some sort of wire with red, green, and blue ends in its paw.Blocky Doge 3 #8691 (attribution)
New passive voice Hall of Fame contender just dropped: "There were mistakes made in a wallet that I controlled." You would think someone who got their start as a writer might know better.

Writer, journalist, and now web3 influencer Nicole Behnam helped pump Dogecoin founder Billy Marcus' new free-to-mint "Blocky Doge 3" NFT project, writing on Twitter, "No roadmap or utility? I'm in 👀" and talking it up on large Twitter spaces. A wallet belonging to her then received 250 NFTs from Marcus early on, then dumped around 220 of the NFTs on the market all at once, tanking the secondary market price while earning her around 20 ETH (~$38,000). At the moment, the NFTs are selling for an average of 0.031 ETH apiece (~$59).

After being found out, she wrote on Twitter that "There were mistakes made in a wallet that I controlled," but claimed that she had tried to make it up by returning the profits and buying up low-priced NFTs. "How the last 24 hours went down was not cool and I’m doing my best to rectify the situation," she wrote. "Listening, learning, moving forward." Shortly afterwards, she was removed from a "NFT100" list that had published only days prior by NFT Now, for what they described as violations of their ethics policy.

Ren Protocol transfers all assets to FTX bankruptcy team

In February 2021, the Ren project announced that it had been acquired by Alameda Research so that Alameda could "[help] accelerate the decentralisation" of the project.

Now, the Ren team has announced that they have transferred all assets on the Ren Protocol "to the FTX Debtors' cold storage wallets for safeguarding".

The announcement mentioned "possible shutdowns of infrastructure and systems," possibly referring to Ren's plans — announced shortly after the FTX collapse — to "move on from Alameda" by launching "Ren 2.0" and sunsetting the 1.0 version. However, there has been little public evidence that Ren 2.0 has been progressing.

Goblintown NFT images all changed to an illustrated middle finger in protest about royalties

An illustration of a middle finger with legs, and with other middle fingers emerging from where its hands and genitals would be. At the top of the image reads: "Fuck royalties. Fuck supporting building and creatives. Flipping is the heart of what makes Web3 special. Honor the flipper, fuck the community. Long live the slow rug." At the bottom: "Goblintown, Illuminati, The187, and Grumpls will be migrating to new contracts before Monday the 17th of April. All holders will be airdropped identical replacement NFTs."New Goblintown artwork (attribution)
There has been an ongoing controversy in the NFT world over creator royalties. Although NFTs are often talked up as being good for artists because they enable royalties to be paid even after the initial sale, these payments are rarely enforced by the smart contract and are instead up to marketplaces to enforce. In the last six months or so, NFT marketplaces have emerged that follow a "royalty optional" model, sparking a race to the bottom where OpenSea and other incumbents have also cut royalty protections to remain competitive.

Although NFTs are often thought to be immutable, permanent links to their associated artwork, that's often not the case in practice. Many NFTs store metadata off-chain, or otherwise enable after-the-fact changes.

Goblintown is a collection of NFTs that launched in May 2022, quickly going viral and sparking a phenomenon of Twitter spaces where members spent hours making goblin noises into their microphones. Originally free to mint, the NFTs began selling for thousands of dollars on the secondary market. Now they trade for around 0.38 ETH (~$800) apiece.

In an apparent protest against the willingness of traders and marketplaces to stop honoring royalties, Truth Labs (the group behind Goblintown) changed the artwork for Goblintown and all of their NFT collections to an illustration of a dancing middle finger, with smaller middle fingers emerging from where its arms and genitals would be. The new image reads, "Fuck royalties. Fuck supporting building and creatives. Flipping is the heart of what makes Web3 special. Honor the flipper, fuck the community. Long live the slow rug." At the bottom, the image states: "Goblintown, Illuminati, The187, and Grumpls will be migrating to new contracts before Monday the 17th of April. All holders will be airdropped identical replacement NFTs." The new NFTs will enforce royalties on-chain, preventing marketplaces from allowing users to circumvent them.

Some embraced the new NFTs, while others accused Truth Labs of "rugging". Some people were horrified by the fact that NFTs that they owned could be changed after the fact without their consent, a fact they were not previously aware of. One owner wrote, "So your telling me I spent $1,000s of dollars and have 10 goblintowns for them all to now be dudes shaking their weiners?"

Niantic shutters its web3 project after less than six months

A digital rendering of a foil-wrapped packet of trading cards, in gold and black. The logo says "Ingress 2022 Epiphany Dawn".Ingress Trading Post card pack (attribution)
Niantic, the creator of the popular Ingress and Pokémon Go augmented reality games, announced it will be shutting down its "Trading Post" product for NFT trading cards that it had launched only months before. "Trading Post was an experimentation effort to explore the world of digital collectibles, and while we believe that web3 has the potential to create meaningful experiences in the future, we plan to shift focus to other priorities," they wrote. Owners of the NFTs were told they have sixty days to "download" their cards, and that trading would be disabled in 30 days.

The announcement seemed to come as a relief to many in the Ingress community, with commenters remarking on the "scammy" nature of NFTs. Some wrote that they liked the idea, but that the web3 factor felt like it was "shoehorned" in. "I'll miss the Trading Post, please never bring NFTs or in fact any blockchain into future projects, or if you do at the very very least make it actually matter to the thing it's being put into, but still preferably just don't," said one.

GDAC exchange hacked for assets notionally worth more than $14 million

Hackers made off with 61 BTC, 350.5 ETH, 10 million WEMIX, and 220,000 USDT from a hot wallet belonging to the South Korean cryptocurrency exchange GDAC. Altogether, the assets are notionally worth around $13 million. The stolen assets represented 23% of funds custodied on the GDAC exchange.

GDAC halted deposits and withdrawals shortly after the attack, and stated that they had reported the exploit to South Korean law enforcement to investigate.

Terraport Finance hacked for $2 million less than two weeks after launch

Terraport Finance is a defi project built on, believe it or not, the Terra blockchain. Yes, the same Terra blockchain on which the Terra/Luna projects were built. Despite the massive collapse of the flagship project in May 2022, there are still a number of Terra projects operating, and even some new projects being developed.

Terraport Finance launched on March 31, apparently having gone live without any sort of audit. On April 10, Terraport disclosed that an attacker had apparently managed to drain all project liquidity pools, making off with assets priced at around $2 million.

Trader loses 14,377 $APE (~$61,000) when they sell their Bored Ape

An illustration of an ape with cream colored fur, wearing a hawaiian shirt on an orange background.Bored Ape #7810, who came with a $60k bonus (attribution)
The former owner of Bored Ape #7810 presumably intended to agree to sell the ape to another buyer for 70 ETH (~$130,900). However, it's unlikely they intended for that buyer to also be able to access the staked $APE they had accrued. With this particular staking mechanism, the Bored Ape effectively serves as the "key" to the staked ApeCoin, and so it transferred to the NFT's new owner right along with the NFT.

0xSifu loses more than $2.7 million to SushiSwap hack

0xSifu, also known as Michael Patryn, also known as Omar Dahani, is the once-pseudonymous chief developer of the Wonderland protocol. His identity was discovered by zachxbt in January 2022, when the crypto sleuth revealed that "0xSifu" was Patryn, a man with a history of financial crimes who was previously involved with QuadrigaCX, an exchange which lost over $150 million in customer funds in 2018.

Today, Sifu himself was the victim of a theft as a bug in the SushiSwap decentralized exchange allowed a hacker to make off with around 1,800 ETH (more than $3.3 million) belonging to him. According to SushiSwap leader Jared Grey, around 300 ETH (~$557,000) of Sifu's funds were subsequently recovered.

Analysts have found that almost 200 addresses on the Ethereum network have approved the vulnerable contract, and around 2,000 addresses approved the vulnerable contract on Arbitrum, Polygon, and other chains. It's not yet clear how much was stolen in total. SushiSwap leader Grey urged users via Twitter to revoke approval for the vulnerable smart contract.

Bitcoin mining firm sues business partner after they allegedly lose $500,000 in Bitcoin to fraudster

Bitcoin mining firm Sphere 3D has filed a biting lawsuit against its partner, Gryphon Digital Mining. According to Sphere 3D, Gryphon's CEO was fooled by multiple spoofing attacks in which fraudsters pretending to be Sphere 3D executives instructed him to transfer 26 Bitcoin (~$500,000). Sphere 3D further alleges that "Gryphon panicked when Sphere suggested that the incident be reported to law enforcement, including the Federal Bureau of Investigations ('FBI'), insisted that the issue could be handled between the parties, and demanded that no one report the theft to the authorities."

The lawsuit also alleges that Gryphon has " dutifully collected its exorbitant Management Fee while shirking its duties under the MSA and delivering abhorrent management services" and "skimm[ed] off the top (i.e., st[ole]) from Sphere's assets".

dYdX exchange announces it will shut down Canadian operations

dYdX announced that it would be shutting down its decentralized derivatives exchange in Canada. They gestured toward regulatory issues in the post, writing that, "We hope that the regulatory climate in Canada will change over time to allow us to resume services in the country."

Canada has become more strict on cryptocurrency exchanges in recent months, particularly following the collapse of FTX.

Someone steals the Bored Ape belonging to former NFL star Dez Bryant

An illustrated ape with leopard print fur, wearing a crown, shades, and a sailor suit. It has its mouth wide in a grimace and is on a bright orange background.Bored Ape #2902 (attribution)
The latest ape escape has affected Dez Bryant, a former NFL player now turned "web3 innovator". Bryant was the proud owner of Bored Ape #2902, an ape with leopard print skin wearing shades, a sailor shirt, and a crown. However, on April 7, Bryant was apparently hacked, and the thief stole not only his ape but Moonbirds, World of Women, and RumbleKongLeague NFTs (one each) and some various cryptocurrencies.

The Bored Ape would likely fetch somewhere around $125,000 if resold. The other three NFTs would likely resell for somewhere around $8,700. Together with around $3,400 in stolen tokens, Bryant's total loss is around $139,000.

After some observers spotted the suspicious-looking transactions, Bryant confirmed on Twitter: "Yes my ape was stolen and I don't know how this is crazy".

Gemholic raises 921 ETH (~$1.7 million) in a token sale only to realize funds are stuck

The Gemholic project raised 921 ETH (~$1.7 million) in a token sale only to discover there was no way for them to transfer those funds out of the smart contract. The project is built on the zkSync layer 2, and the smart contract developers implemented their transfer function using .transfer() — a common function used with Ethereum projects that is not supported by zkSync.

The zkSync project evidently came to the rescue of Gemholic, announcing that they would change the protocol in a new release to add support for Solidity functions such as .transfer(), which will ultimately free Gemoholic's locked funds.

Binance closes its derivatives arm in Australia

Binance announced it would be closing its derivatives business in Australia "following recent engagement with ASIC", referring to the Australian Securities and Investments Commission. The subsequent day, Reuters reported that ASIC had withdrawn Binance's financial services license at Binance's request, related to an ongoing investigation into Binance. The investigation has been underway since at least February, and involves misclassification of some Binance retail customers as wholesale users. Though Binance has forfeited its license, the investigation is ongoing.

Binance will continue to operate its spot exchange product in Australia, but customers will no longer be able to trade derivatives on the platform after April 21.

Someone accidentally spends 100 ETH (~$190,000) on a free NFT

A pink, orange, and yellow 3D gem with the OpenSea logo on the top facetOpenSea Gemesis NFT (attribution)
OpenSea launched a collection of "Gemesis" NFTs to celebrate the launch of their Pro platform and their acquisition of Gem, a rival NFT platform. Anyone who bought NFTs from the Gem platform was eligible to mint the NFT for free. The NFTs have been trading on the secondary market for around 0.06 ETH (~$110).

A trader apparently trying to bid $100 for one of the NFTs seems to have mistakenly entered 100 ETH, or around $190,000. The trade was of course quickly accepted by a seller who made a tidy 1666x the typical floor price.

Some have speculated the massive offer was money laundering, but the fact that the bid was an open offer that could be accepted by anyone seems to make that theory less likely.

Sentiment protocol hacked for almost $1 million

The Sentiment liquidity protocol on the Arbitrum blockchain was attacked on April 4 for almost $1 million in various tokens, including wrapped Bitcoin and Ether, and several different stablecoins.

The attacker apparently took advantage of a re-entrancy vulnerability to execute the theft, then swapped the tokens and bridged them to the Ethereum main chain.

Sentiment tweeted that they were aware of the attack and investigating what had happened. They also stated that they were working with law enforcement. Later that evening, they sent a message to the hacker, offering to let them keep 10% of the stolen funds as a bounty if they returned the rest. Sentiment was audited by two crypto security firms.

On April 6, Sentiment announced that the exploiter had returned 90% of the funds, keeping $95,000 and receiving a promise from the organization that they would not try to prosecute the theft.

Paxful abruptly shuts down

Paxful, a peer-to-peer marketplace where people could trade Bitcoin, Tether (USDT), and USDC, suddenly announced on April 4 that they would be immediately suspending the marketplace. "We are not sure if it will come back," wrote CEO Ray Youssef.

Youssef was vague as to the reasons for the closure, writing that "While I cannot share the full story now, I can say that we unfortunately have had some key staff departures. Also, regulatory challenges for the industry continue to grow, especially in the peer-to-peer market and most heavily in the U.S."

Youssef later elaborated in a Twitter Space, explaining that he feared for the safety of user funds because of a lawsuit from his co-founder, who he also accused of "[driving] away all of our senior level staff".

Some had trouble withdrawing funds from the platform, though this seemed to be due to the overload. Youssef tweeted, "Paxful database is a bit overloaded now as everyone is withdrawing funds. It is making transfers slow. I promise funds r safe and they will clear soon".

On May 8, Paxful came back online, though it was unclear whether or in what capacity the business would continue to operate going forward.

Rumor tweet by crypto influencer causes BNB and Bitcoin sell-off

Crypto influencer Cobie made a wild guess on April 3 that an Interpol red notice might be issued for Changpeng "CZ" Zhao, the CEO of Binance. Binance has recently been hit with a civil complaint out of the US CFTC, whose contents are causing many to reasonably speculate that CZ might face criminal charges from the US in the near future.

Cobie decided he wanted to make a record of his prediction, so he tweeted the SHA-256 hash of the string "Interpol Red Notice for CZ". Typically, this would allow him to later reveal the seed, allowing him to prove after the fact that he had indeed made a correct prediction. Why? I don't know. Bragging rights I guess?

Anyway, according to Cobie, one of Cobie's inner circle leaked the seed, and the contents of Cobie's prediction were widely circulated on Twitter. Some thought the prediction was inside knowledge of events that had already transpired. Someone else began circulating a doctored screenshot of the Interpol website, purporting to show a red notice. People began offloading their BNB tokens (the native token for Binance and Binance's blockchain), causing a sudden 3% dip in the token price. Bitcoin also fell on the news.

Over $25 million taken from an MEV bot by malicious validator

It's a dog-eat dog-world in the crypto universe, where everyone's trying to steal money from everyone else.

MEV bots are a phenomenon that became popular in recent times: bots that use various techniques to extract value by inspecting pending blockchain transactions and then sending advantageous transactions of their own. In this case, a bot was performing a "sandwich attack": sending transactions just before and just after a pending transaction, which manipulate the price of the underlying asset, allowing the bot operator to "steal" value from the victim — "steal" in quotes, because there is some debate over whether MEV bots are really stealing, or are operating within the rules laid out for them.

In order to manipulate prices in this way, they have to put a substantial amount of money at risk. A "rogue" Ethereum validator appeared to replace some of the transactions that were being executed by the bot, leading to a loss of WBTC, USDT, Dai, and WETH totaling a bit over $25 million.

First Arbitrum DAO vote spirals into disaster: DAO rejects $1 billion spending proposal, but Arbitrum already started spending

After a bumpy start to the airdrop that distributed governance tokens to Arbitrum users, the first use of those governance tokens arguably went even worse. Arbitrum submitted a proposal for DAO members to vote on various governance processes, as well as the distribution of 750 million ARB tokens to an "Administrative Budget Wallet" — tokens that were priced at around $1 billion.

The vote, which still has a day left before completion, is currently standing at 75% against and 25% in support. However, it was discovered that Arbitrum had already begun spending those 750 million tokens, including via the movement of a substantial amount of tokens, and "conversion of some funds into stablecoins for operational purposes".

Another Arbitrum team member subsequently published a post in which they claimed that the proposal was not really a vote but rather a "ratification" of decisions that had already been made by the Arbitrum team, leading many to question what the DAO was even for in the first place. Others questioned the fact that Arbitrum was receiving so much money to use however they liked, not subject to DAO approval.

Things got even messier when the Arbitrum Twitter account "clarified" that "40M $ARB tokens have been allocated as a loan to a sophisticated actor in the financial markets space", and the rest had been sold off for "operational costs". The loan of $52 million worth of ARB to an unnamed actor and the conversion of another $13 million to stablecoins led some to accuse the Arbitrum team of "selling off", cashing in far more than would likely be required for foundation costs in a brief period of time.

Dynasty Loop NFT games studio allegedly owes millions to employees

Dynasty Loop is a Montreal-based video games studio launched in 2020 to create NFT games. In March, gaming news outlet Polygon reported that the studio allegedly owed more than $2 million to its employees in unpaid wages and other expenses. Employees also told Polygon that they'd been asked to return equipment and couldn't access the office space, but that Dynasty Loop had told them they had not been laid off.

In April, four employees filed a lawsuit against the company, claiming around CAD$519,000 in unpaid wages.

Allbridge cross-chain bridge exploited for around $574,000

The Allbridge cross-chain bridge project was exploited for around 283,000 BUSD and 291,000 USDT (~$574,000). The thief was able to manipulate a vulnerability in the project's smart contract that allowed them to manipulate the price of assets in the Allbridge liquidity pool.

Allbridge announced that they were investigating the theft, and were working with law enforcement. Meanwhile, the project suspended operations and announced that they were preparing a user compensation plan.

Bittrex crypto exchange to close US operations

Bittrex, one of the oldest and largest cryptocurrency exchanges serving US customers, announced that it would be shuttering its US platform. "It's just not economically viable for us to continue to operate in the current U.S. regulatory and economic environment," explained CEO Ritchie Lai, who went on to blame "unclear" regulatory requirements that are "enforced without appropriate discussion or input". The exchange gave its customers until April 30 to withdraw their funds.

In October 2022, Bittrex was fined a combined $29 million by the US Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN). The OFAC fine pertained to Bittrex's service of users based in Crimea, Cuba, Iran, Sudan, and Syria, who altogether performed $263 million in transactions using the platform. FinCEN's fine was imposed as a result of alleged "willful violations" of requirements around anti-money laundering and suspicious activity reports.

Bittrex will continue operations outside of the US, and currently operate in Europe, South America, and elsewhere.

Arbitrum airdrop plagued by downtime, bugs, and scams

A token airdrop from the popular Arbitrum Ethereum L2 illustrated many of the challenges with airdrops: events where tokens are automatically distributed to a group of crypto wallets, in this case based on how much they had used the platform. The tokens will ultimately be used for community voting on protocol changes, but also have value on the secondary market. Users were eager to snap them up, particularly as users speculated that the price could reach $10/token (as yet it has not, remaining around $1.38).

However, the airdrop had a bumpy start, with scammers latching on to the event to proliferate fake airdrop websites. Phishers reportedly scammed more than 10,000 people using these schemes. At one point, Twitter even suspended the real Arbitrum Twitter account after mistaking it for one of the many phishing accounts. Attackers also compromised a Discord account belonging to an Arbitrum developer, using it to post a phishing link to the official Arbitrum Discord server.

Then, when the time for the airdrop came, the token claiming website crashed on the traffic, as did the Arbitrum block explorer. Those who were able to claim their tokens paid exorbitant gas fees, and some wallets attempting to estimate required gas fees malfunctioned, showing estimates in the billions of dollars.

Finally, the airdrop was widely gamed by people commandeering hacked vanity addresses to receive the airdrop tokens allocated to them, with at least $500,000 worth of tokens reportedly claimed by one attacker. Other attackers scrambled to compete with one another to claim tokens allocated to compromised wallets whose private keys had been shared publicly on Github and elsewhere, trying to be the first to siphon the funds. Two additional exploiters siphoned a combined total of more than 1 million ARB tokens from other wallets. One sold them for 713 ETH ($1.27 million); the other transferred the ARB tokens to other wallets.

US SEC shuts down Beaxy crypto exchange

The U.S. Securities and Exchange Commission charged the Beaxy crypto exchange and its executives for failing to register as a national securities exchange, broker, and clearing agency. They also added charges against Beaxy's founder, Artak Hamazaspyan, and his company for selling an unregulated security (the BXY token) and for misappropriating at least $900,000.

According to the SEC, the BXY token sale raised more than $8 million. At least $900,000 of that was misappropriated by Hamazaspyan, who used it for personal purposes, including gambling.

Some of the defendants agreed to permanent injunctions, and to pay fines of around $166,000 and disgorgement of around $62,800. The agreement also stipulates that the Beaxy platform shut down. The SEC announced they were continuing to litigate charges against Hamazaspyan for securities fraud and against Hamazaspyan and his company for the unregistered securities offering.

$8.9 million stolen from SafeMoon

If the pump-and-dump didn't get you, the liquidity pool compromise might have! Holders of the SafeMoon token were informed that the SafeMoon liquidity pool had been compromised, and $8.9 million had been stolen, after a code upgrade introduced a bug. The attacker was able to take advantage of the bug to artificially inflate the price of the SafeMoon token, then sell it to steal the erroneous "profit".

US CFTC sues Binance and CEO Changpeng Zhao

The US Commodity Futures Trading Commission (CFTC) filed charges against the crypto exchange Binance and its CEO Changpeng "CZ" Zhao for allegedly violating rules around trading and derivatives. Binance is the largest cryptocurrency exchange in the world.

The CFTC has alleged that "Binance has taken a calculated, phased approach to increase its United States presence despite publicly stating its purported intent to 'block' or 'restrict' customers located in the United States from accessing its platform... All the while, Binance, Zhao, and Lim, the platform's Chief Compliance Officer ('CCO'), have each known that Binance's solicitation of customers located in the United States subjected Binance to registration and regulatory requirements under U.S. law. But Binance, Zhao, and Lim have all chosen to ignore those requirements and undermined Binance's ineffective compliance program by taking steps to help customers evade Binance's access controls."

The CFTC is only one of several US groups looking into Binance, with the SEC also reportedly scrutinizing the exchange and the Department of Justice considering charges.

Kokomo Finance rug pulls

The Kokomo Finance project on the Optimism Ethereum layer-2 network rug pulled for $4.5 million in assets. The project positioned itself as a non-custodial lending platform.

After raising user funds, the project's creators drained its liquidity pools. They also convinced users to send funds to them with a technique known as "ice phishing". They then deleted their social media accounts and disappeared.

Latest Sotheby's NFT sale is decidedly tepid

A humanoid robot hangs suspended from cables attached to its back, pressing its hands against the side of the frame of the image"Eternity" by Anyma (attribution)
Despite Sotheby's estimates that the most popular piece in the "Oddly Satisfying" NFT collection would sell for €70,000–€100,000 ($75,500–$108,000), the "Eternity" NFT attained a highest bid of only €50,800 ($54,600). Altogether the full collection brought in $316,000, with 60% of the NFTs going for less than Sotheby's estimates. This is a marked change from the barn burner NFT sales at Sotheby's in 2021, including one in which a CryptoPunks NFT sold for $11.8 million.

It seems perhaps even Sotheby's prestige is not sufficient to overcome the NFT downturn.

Collector accidentally burns their $123,000 CryptoPunk

A pixel art person with light brown skin and a brown mohawk, wearing sunglassesCryptoPunk #685 (attribution)
The new owner of a CryptoPunk, one of the most popular early NFT projects, accidentally burned the NFT they had only just purchased. After spending 77 ETH ($123,434) on the NFT, the owner tried to wrap it so they could borrow against it.

However, some confusing instructions resulted in the owner sending the punk to the burn address, effectively destroying the NFT. "I was trying to wrap it and don't know what I was doing... Thought I was following the directions exactly..." they later wrote. They also later shared that they had borrowed money in order to purchase the CryptoPunk.

US prosecutors file criminal charges against Do Kwon

Only hours after Do Kwon was arrested in Montenegro, federal prosecutors in New York filed eight criminal charges against him: conspiracy to defraud, conspiracy to defraud and engage in market manipulation, and two counts each of commodities fraud, securities fraud, and wire fraud. Prosecutors accuse Kwon of defrauding people by selling LUNA and UST (Terra) based on false claims about the technology, degree of adoption, and effectiveness of the algorithm intended to maintain Terra's stability.

The criminal charges out of the US add to civil charges he's facing from the SEC, as well as an investigation out of South Korea.

Terra/Luna founder Do Kwon arrested

The founder of Terra/Luna, the stablecoin that crashed dramatically in May 2022 and has subsequently been alleged to be a massive fraud, has been arrested in Montenegro.

After the collapse, Kwon became a fugitive. South Korea issued a warrant for his arrest in September, and Interpol issued a red notice. However, he's remained on the lam for some time, reportedly hiding in Serbia for a time — a country with no extradition agreement with South Korea.

Now, officials in Montenegro have announced they arrested Do Kwon, who was attempting to travel through the country using falsified documents. Montenegro is a Balkan country bordering Serbia.

Kraken to suspend ACH transfers after Silvergate collapse

The Kraken cryptocurrency exchange announced to its users that it will be suspending ACH transfers on March 27, as a result of the collapse of its banking partner, Silvergate. Based on their communications, it sounds like they have been unsuccessful in finding a new banking provider since Silvergate's March 8 collapse, which will impact customers' abilities to perform bank transfers to and from the exchange.

SEC sends a Wells notice to Coinbase

The SEC sent Coinbase a Wells notice, which is basically their way of saying "we're about to file a complaint against you, here's your chance to convince us not to."

According to Coinbase, the Wells notice related to "aspects of the company's exchange, our staking service Coinbase Earn, and Coinbase Wallet". It's not terribly surprising that the SEC might have Coinbase Earn in its crosshairs, as it has recently taken action against similar products, such as Kraken's staking service. In the wake of the action against Kraken, Coinbase seemed to try to pre-empt SEC arguments by sending an email to customers emphasizing things like "You earn rewards from the protocol, not Coinbase". It doesn't look like this has shifted the SEC's thoughts much, though.

This should be an interesting saga to watch, partly because Coinbase has expressed willingness in the past to go head to head with the SEC.

Lindsay Lohan, Jake Paul, and other celebrities charged for illegally touting Justin Sun's tokens

Tweet by Lindsay Lohan on February 11, 2021: "Exploring #DeFi and already liking $JST, $SUN on $TRX. Super fast and 0 fee. Good job @justinsuntron"Tweet by Lindsay Lohan, for which she did not disclose she was paid $10,000 (attribution)
Celebrities Lindsay Lohan, Jake Paul, Soulja Boy, Austin Mahone, Kendra Lust, Lil Yachty, Ne-Yo, and Akon were all charged by the SEC for violating anti-touting laws that would require them to disclose if and how much they were being paid to promote securities. The alleged securities in question are TRX and BTT, two tokens both closely tied to Justin Sun, who was also charged in relation to the scheme.

With the exception of Soulja Boy and Mahone, the celebrities paid a total of more than $400,000 in disgorgement, interest, and penalties to settle the charges without admitting or denying them.

Justin Sun charged with offering unregistered securities and market manipulation

Justin Sun stands with his arms crossed in front of a green and blue background with the Tron logoJustin Sun (attribution)
His (former?) Excellency Justin Sun has been charged by the US Securities and Exchange Commission for offering unregistered securities. His businesses, the Tron Foundation and two BitTorrent-related entities, were also named in the complaint. According to the SEC, Sun offered the unregistered securities TRX and BTT, and "fraudulently manipulat[ed] the secondary market for TRX through extensive wash trading". He also allegedly "orchestrat[ed] a scheme to pay celebrities to tout TRX and BTT without disclosing their compensation".

Eight celebrities were also charged with violations of anti-touting law.

SpankPay payments service for sex workers shuts down

Despite people periodically claiming that crypto is a panacea for the many issues that make it difficult for sex workers to get paid, the SpankPay crypto-based payments processor is calling it quits after their payment processor Wyre decided they didn't want to work with them, because their payment processor Checkout.com didn't want to work with them. As it turns out, it's tough to use crypto for censorship-resistance when you still need dollars at the end of the day.

In a tweet announcing the shutdown, SpankPay reassured customers, "Rest assured your money is safe and we'll get it to you as soon as possible" — always a scary thing to hear from a crypto company.

It seems that only the payments processing side of the business is shutting down, with projects including SpankChain and SpankMatch continuing to operate.

General Bytes crypto ATMs exploited for over $1.6 million

A General Bytes Bitcoin ATM, which has a bright orange face with the text "Bitcoin ATM" on it, and a screen showing multiple cryptocurrencies that can be purchased.General Bytes Bitcoin ATM (attribution)
The largest manufacturer of Bitcoin ATMs, General Bytes, disclosed that attackers had stolen more than $1.6 million by exploiting a vulnerability in their software. The company released a statement on March 18 disclosing the breach, and urging operators of their ATMs to immediately upgrade their software to patch the devices.

In addition to standalone servers, General Bytes' cloud service was impacted, and the company announced that it would be permanently shuttering it. "It is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors," wrote the company in their statement explaining the decision, apparently unaware that this is something software companies find themselves doing all the time.

This exploit was the second breach suffered by General Bytes this year, after hackers exploited a vulnerability in August 2022 that allowed them to steal customer funds. It's unknown how much was stolen in that attack. The company also patched multiple hardware and software issues in their ATMs in September 2021, after Kraken Security Labs discovered issues including poor security practices that would allow attackers to "walk up to an ATM and compromise it".

Thousands lose money to iEarn Bot crypto scam

According to a report by the BBC, a scam called iEarn Bot has impacted thousands of victims across multiple countries. In the scam, victims are convinced to sign up for an "AI intelligent quantitative trading robot" called iEarn Bot, which appears to successfully trade cryptocurrencies on their behalf. However, after a time, victims realize they are not able to withdraw their supposed earnings, nor the funds they've put in.

According to the BBC, dozens of high-profile individuals in Romania, including members of the government and academics, lost money to the scam after it was promoted by technology expert Gabriel Garais — who also says he lost money in the scheme.

iEarn Bot claims to be a US-based company, although its website is full of false information. The person named as the company's founder told the BBC he has nothing to do with the scheme, and companies and institutions listed as "strategic partners" say there is no such partnership.

The BBC identified one cryptocurrency wallet that received payments from around 13,000 others totaling nearly $1.3 million.

Thwarted hacker asks security firm to reimburse gas fees

File this one under "the audacity".

On March 17, blockchain security company BlockSec observed an attacker trying to exploit a vulnerability in the NFT lending project Paraspace. Although they had successfully identified a vulnerability that could have allowed them to steal 2,900 ETH (a bit over $5 million), their attempt to execute the hack failed because they didn't correctly estimate what it would cost them in gas fees.

After observing the attempt, BlockSec executed a whitehat rescue, where they successfully executed the same attack to remove the funds from Paraspace and secure them until they could return them to the project team.

Incredibly, the exploiter sent an on-chain message to BlockSec: "hey man, I am the one who made the contract you just copied, I couldn't make it work for a stupid gas estimation error. since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck". Altogether, the would-be attacker spent around 0.7 ETH (~$1,200) on gas fees while trying to pull off the hack.

International group of law enforcement agencies shuts down ChipMixer

Law enforcement from the United States, Germany, and the European Union worked together to take down the ChipMixer cryptocurrency tumbler, which they allege had been used to launder $3 billion since 2017 related to "ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes". The US Department of Justice also charged an individual with money laundering, operating an unlicensed money transmitting business, and identity theft in connection with the project.

According to the US DOJ, ChipMixer had been used to process, among other things, proceeds of the massive March 2022 Axie Infinity hack by a North Korean cybercrime group.

US law enforcement seized two domains and a Github account tied to the organization, and German law enforcement seized ChipMixer's back-end servers and $46 million in cryptocurrency.

Phishers take advantage of fears surrounding the USDC de-peg

When USDC deviated from its dollar peg on March 10, phishers were quick to devise a scheme to take advantage of holders' fears. A group launched a website appearing to be the blog belonging to Circle, the company that backs USDC. On the fake blog, they announced a supposed defi exchange where users would be able to exchange their USDC for stablecoins like Tether.

Holders trying to use the exchange approved transactions which they didn't realize allowed the phishers to drain their ETH. So far, the scammers have stolen around 74 ETH ($130,500).

Over $35 million lost as contagion from Euler hack spreads throughout defi

Contagion from the massive exploit of the Euler project has spread to around a dozen defi projects, including Balancer, Angle Protocol, Yearn Finance, InverseFinance, and others. Some are still evaluating if and how they may be affected, and how much they've lost.

Around $11.9 million of tokens were sent from the Balancer defi liqiuidity project to Euler during the attack, prompting Balancer to pause the project.

The Angle Protocol decentralized stablecoin project also disclosed that almost half of the total value locked in the project — around $17.6 million in the USDC stablecoin — were sent to Euler during the hack.

Meta pulls the plug on NFTs

In a Twitter thread, Meta (formerly Facebook) Head of Commerce and Fintech Stephane Kasriel announced that they would be "down digital collectibles (NFTs) for now to focus on other ways to support creators, people, and businesses". Meta had only launched its support for NFTs in Facebook and Instagram partway through last year — a bit late to the NFT craze, which had largely cooled by that point.

Mark Zuckerberg had once talked about eventually using NFTs for Meta's metaverse projects, suggesting that eventually "the clothing that your avatar is wearing in the metaverse, you know, [could] be basically minted as an NFT and you can take it between your different places". It sounds like that plan may no longer be on the table now.