Arbitrum airdrop plagued by downtime, bugs, and scams

A token airdrop from the popular Arbitrum Ethereum L2 illustrated many of the challenges with airdrops: events where tokens are automatically distributed to a group of crypto wallets, in this case based on how much they had used the platform. The tokens will ultimately be used for community voting on protocol changes, but also have value on the secondary market. Users were eager to snap them up, particularly as users speculated that the price could reach $10/token (as yet it has not, remaining around $1.38).

However, the airdrop had a bumpy start, with scammers latching on to the event to proliferate fake airdrop websites. Phishers reportedly scammed more than 10,000 people using these schemes. At one point, Twitter even suspended the real Arbitrum Twitter account after mistaking it for one of the many phishing accounts. Attackers also compromised a Discord account belonging to an Arbitrum developer, using it to post a phishing link to the official Arbitrum Discord server.

Then, when the time for the airdrop came, the token claiming website crashed on the traffic, as did the Arbitrum block explorer. Those who were able to claim their tokens paid exorbitant gas fees, and some wallets attempting to estimate required gas fees malfunctioned, showing estimates in the billions of dollars.

Finally, the airdrop was widely gamed by people commandeering hacked vanity addresses to receive the airdrop tokens allocated to them, with at least $500,000 worth of tokens reportedly claimed by one attacker. Other attackers scrambled to compete with one another to claim tokens allocated to compromised wallets whose private keys had been shared publicly on Github and elsewhere, trying to be the first to siphon the funds. Two additional exploiters siphoned a combined total of more than 1 million ARB tokens from other wallets. One sold them for 713 ETH ($1.27 million); the other transferred the ARB tokens to other wallets.

US SEC shuts down Beaxy crypto exchange

The U.S. Securities and Exchange Commission charged the Beaxy crypto exchange and its executives for failing to register as a national securities exchange, broker, and clearing agency. They also added charges against Beaxy's founder, Artak Hamazaspyan, and his company for selling an unregulated security (the BXY token) and for misappropriating at least $900,000.

According to the SEC, the BXY token sale raised more than $8 million. At least $900,000 of that was misappropriated by Hamazaspyan, who used it for personal purposes, including gambling.

Some of the defendants agreed to permanent injunctions, and to pay fines of around $166,000 and disgorgement of around $62,800. The agreement also stipulates that the Beaxy platform shut down. The SEC announced they were continuing to litigate charges against Hamazaspyan for securities fraud and against Hamazaspyan and his company for the unregistered securities offering.

$8.9 million stolen from SafeMoon

If the pump-and-dump didn't get you, the liquidity pool compromise might have! Holders of the SafeMoon token were informed that the SafeMoon liquidity pool had been compromised, and $8.9 million had been stolen, after a code upgrade introduced a bug. The attacker was able to take advantage of the bug to artificially inflate the price of the SafeMoon token, then sell it to steal the erroneous "profit".

US CFTC sues Binance and CEO Changpeng Zhao

The US Commodity Futures Trading Commission (CFTC) filed charges against the crypto exchange Binance and its CEO Changpeng "CZ" Zhao for allegedly violating rules around trading and derivatives. Binance is the largest cryptocurrency exchange in the world.

The CFTC has alleged that "Binance has taken a calculated, phased approach to increase its United States presence despite publicly stating its purported intent to 'block' or 'restrict' customers located in the United States from accessing its platform... All the while, Binance, Zhao, and Lim, the platform's Chief Compliance Officer ('CCO'), have each known that Binance's solicitation of customers located in the United States subjected Binance to registration and regulatory requirements under U.S. law. But Binance, Zhao, and Lim have all chosen to ignore those requirements and undermined Binance's ineffective compliance program by taking steps to help customers evade Binance's access controls."

The CFTC is only one of several US groups looking into Binance, with the SEC also reportedly scrutinizing the exchange and the Department of Justice considering charges.

Kokomo Finance rug pulls

The Kokomo Finance project on the Optimism Ethereum layer-2 network rug pulled for $4.5 million in assets. The project positioned itself as a non-custodial lending platform.

After raising user funds, the project's creators drained its liquidity pools. They also convinced users to send funds to them with a technique known as "ice phishing". They then deleted their social media accounts and disappeared.

Latest Sotheby's NFT sale is decidedly tepid

A humanoid robot hangs suspended from cables attached to its back, pressing its hands against the side of the frame of the image"Eternity" by Anyma (attribution)
Despite Sotheby's estimates that the most popular piece in the "Oddly Satisfying" NFT collection would sell for €70,000–€100,000 ($75,500–$108,000), the "Eternity" NFT attained a highest bid of only €50,800 ($54,600). Altogether the full collection brought in $316,000, with 60% of the NFTs going for less than Sotheby's estimates. This is a marked change from the barn burner NFT sales at Sotheby's in 2021, including one in which a CryptoPunks NFT sold for $11.8 million.

It seems perhaps even Sotheby's prestige is not sufficient to overcome the NFT downturn.

Collector accidentally burns their $123,000 CryptoPunk

A pixel art person with light brown skin and a brown mohawk, wearing sunglassesCryptoPunk #685 (attribution)
The new owner of a CryptoPunk, one of the most popular early NFT projects, accidentally burned the NFT they had only just purchased. After spending 77 ETH ($123,434) on the NFT, the owner tried to wrap it so they could borrow against it.

However, some confusing instructions resulted in the owner sending the punk to the burn address, effectively destroying the NFT. "I was trying to wrap it and don't know what I was doing... Thought I was following the directions exactly..." they later wrote. They also later shared that they had borrowed money in order to purchase the CryptoPunk.

US prosecutors file criminal charges against Do Kwon

Only hours after Do Kwon was arrested in Montenegro, federal prosecutors in New York filed eight criminal charges against him: conspiracy to defraud, conspiracy to defraud and engage in market manipulation, and two counts each of commodities fraud, securities fraud, and wire fraud. Prosecutors accuse Kwon of defrauding people by selling LUNA and UST (Terra) based on false claims about the technology, degree of adoption, and effectiveness of the algorithm intended to maintain Terra's stability.

The criminal charges out of the US add to civil charges he's facing from the SEC, as well as an investigation out of South Korea.

Terra/Luna founder Do Kwon arrested

The founder of Terra/Luna, the stablecoin that crashed dramatically in May 2022 and has subsequently been alleged to be a massive fraud, has been arrested in Montenegro.

After the collapse, Kwon became a fugitive. South Korea issued a warrant for his arrest in September, and Interpol issued a red notice. However, he's remained on the lam for some time, reportedly hiding in Serbia for a time — a country with no extradition agreement with South Korea.

Now, officials in Montenegro have announced they arrested Do Kwon, who was attempting to travel through the country using falsified documents. Montenegro is a Balkan country bordering Serbia.

Kraken to suspend ACH transfers after Silvergate collapse

The Kraken cryptocurrency exchange announced to its users that it will be suspending ACH transfers on March 27, as a result of the collapse of its banking partner, Silvergate. Based on their communications, it sounds like they have been unsuccessful in finding a new banking provider since Silvergate's March 8 collapse, which will impact customers' abilities to perform bank transfers to and from the exchange.

SEC sends a Wells notice to Coinbase

The SEC sent Coinbase a Wells notice, which is basically their way of saying "we're about to file a complaint against you, here's your chance to convince us not to."

According to Coinbase, the Wells notice related to "aspects of the company's exchange, our staking service Coinbase Earn, and Coinbase Wallet". It's not terribly surprising that the SEC might have Coinbase Earn in its crosshairs, as it has recently taken action against similar products, such as Kraken's staking service. In the wake of the action against Kraken, Coinbase seemed to try to pre-empt SEC arguments by sending an email to customers emphasizing things like "You earn rewards from the protocol, not Coinbase". It doesn't look like this has shifted the SEC's thoughts much, though.

This should be an interesting saga to watch, partly because Coinbase has expressed willingness in the past to go head to head with the SEC.

Lindsay Lohan, Jake Paul, and other celebrities charged for illegally touting Justin Sun's tokens

Tweet by Lindsay Lohan on February 11, 2021: "Exploring #DeFi and already liking $JST, $SUN on $TRX. Super fast and 0 fee. Good job @justinsuntron"Tweet by Lindsay Lohan, for which she did not disclose she was paid $10,000 (attribution)
Celebrities Lindsay Lohan, Jake Paul, Soulja Boy, Austin Mahone, Kendra Lust, Lil Yachty, Ne-Yo, and Akon were all charged by the SEC for violating anti-touting laws that would require them to disclose if and how much they were being paid to promote securities. The alleged securities in question are TRX and BTT, two tokens both closely tied to Justin Sun, who was also charged in relation to the scheme.

With the exception of Soulja Boy and Mahone, the celebrities paid a total of more than $400,000 in disgorgement, interest, and penalties to settle the charges without admitting or denying them.

Justin Sun charged with offering unregistered securities and market manipulation

Justin Sun stands with his arms crossed in front of a green and blue background with the Tron logoJustin Sun (attribution)
His (former?) Excellency Justin Sun has been charged by the US Securities and Exchange Commission for offering unregistered securities. His businesses, the Tron Foundation and two BitTorrent-related entities, were also named in the complaint. According to the SEC, Sun offered the unregistered securities TRX and BTT, and "fraudulently manipulat[ed] the secondary market for TRX through extensive wash trading". He also allegedly "orchestrat[ed] a scheme to pay celebrities to tout TRX and BTT without disclosing their compensation".

Eight celebrities were also charged with violations of anti-touting law.

SpankPay payments service for sex workers shuts down

Despite people periodically claiming that crypto is a panacea for the many issues that make it difficult for sex workers to get paid, the SpankPay crypto-based payments processor is calling it quits after their payment processor Wyre decided they didn't want to work with them, because their payment processor Checkout.com didn't want to work with them. As it turns out, it's tough to use crypto for censorship-resistance when you still need dollars at the end of the day.

In a tweet announcing the shutdown, SpankPay reassured customers, "Rest assured your money is safe and we'll get it to you as soon as possible" — always a scary thing to hear from a crypto company.

It seems that only the payments processing side of the business is shutting down, with projects including SpankChain and SpankMatch continuing to operate.

General Bytes crypto ATMs exploited for over $1.6 million

A General Bytes Bitcoin ATM, which has a bright orange face with the text "Bitcoin ATM" on it, and a screen showing multiple cryptocurrencies that can be purchased.General Bytes Bitcoin ATM (attribution)
The largest manufacturer of Bitcoin ATMs, General Bytes, disclosed that attackers had stolen more than $1.6 million by exploiting a vulnerability in their software. The company released a statement on March 18 disclosing the breach, and urging operators of their ATMs to immediately upgrade their software to patch the devices.

In addition to standalone servers, General Bytes' cloud service was impacted, and the company announced that it would be permanently shuttering it. "It is theoretically (and practically) impossible to secure a system granting access to multiple operators at the same time where some of them are bad actors," wrote the company in their statement explaining the decision, apparently unaware that this is something software companies find themselves doing all the time.

This exploit was the second breach suffered by General Bytes this year, after hackers exploited a vulnerability in August 2022 that allowed them to steal customer funds. It's unknown how much was stolen in that attack. The company also patched multiple hardware and software issues in their ATMs in September 2021, after Kraken Security Labs discovered issues including poor security practices that would allow attackers to "walk up to an ATM and compromise it".

Thousands lose money to iEarn Bot crypto scam

According to a report by the BBC, a scam called iEarn Bot has impacted thousands of victims across multiple countries. In the scam, victims are convinced to sign up for an "AI intelligent quantitative trading robot" called iEarn Bot, which appears to successfully trade cryptocurrencies on their behalf. However, after a time, victims realize they are not able to withdraw their supposed earnings, nor the funds they've put in.

According to the BBC, dozens of high-profile individuals in Romania, including members of the government and academics, lost money to the scam after it was promoted by technology expert Gabriel Garais — who also says he lost money in the scheme.

iEarn Bot claims to be a US-based company, although its website is full of false information. The person named as the company's founder told the BBC he has nothing to do with the scheme, and companies and institutions listed as "strategic partners" say there is no such partnership.

The BBC identified one cryptocurrency wallet that received payments from around 13,000 others totaling nearly $1.3 million.

Thwarted hacker asks security firm to reimburse gas fees

File this one under "the audacity".

On March 17, blockchain security company BlockSec observed an attacker trying to exploit a vulnerability in the NFT lending project Paraspace. Although they had successfully identified a vulnerability that could have allowed them to steal 2,900 ETH (a bit over $5 million), their attempt to execute the hack failed because they didn't correctly estimate what it would cost them in gas fees.

After observing the attempt, BlockSec executed a whitehat rescue, where they successfully executed the same attack to remove the funds from Paraspace and secure them until they could return them to the project team.

Incredibly, the exploiter sent an on-chain message to BlockSec: "hey man, I am the one who made the contract you just copied, I couldn't make it work for a stupid gas estimation error. since I lost a lot of money trying to make it work, it would be cool to get at least some of them back... best of luck". Altogether, the would-be attacker spent around 0.7 ETH (~$1,200) on gas fees while trying to pull off the hack.

International group of law enforcement agencies shuts down ChipMixer

Law enforcement from the United States, Germany, and the European Union worked together to take down the ChipMixer cryptocurrency tumbler, which they allege had been used to launder $3 billion since 2017 related to "ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes". The US Department of Justice also charged an individual with money laundering, operating an unlicensed money transmitting business, and identity theft in connection with the project.

According to the US DOJ, ChipMixer had been used to process, among other things, proceeds of the massive March 2022 Axie Infinity hack by a North Korean cybercrime group.

US law enforcement seized two domains and a Github account tied to the organization, and German law enforcement seized ChipMixer's back-end servers and $46 million in cryptocurrency.

Phishers take advantage of fears surrounding the USDC de-peg

When USDC deviated from its dollar peg on March 10, phishers were quick to devise a scheme to take advantage of holders' fears. A group launched a website appearing to be the blog belonging to Circle, the company that backs USDC. On the fake blog, they announced a supposed defi exchange where users would be able to exchange their USDC for stablecoins like Tether.

Holders trying to use the exchange approved transactions which they didn't realize allowed the phishers to drain their ETH. So far, the scammers have stolen around 74 ETH ($130,500).

Over $35 million lost as contagion from Euler hack spreads throughout defi

Contagion from the massive exploit of the Euler project has spread to around a dozen defi projects, including Balancer, Angle Protocol, Yearn Finance, InverseFinance, and others. Some are still evaluating if and how they may be affected, and how much they've lost.

Around $11.9 million of tokens were sent from the Balancer defi liqiuidity project to Euler during the attack, prompting Balancer to pause the project.

The Angle Protocol decentralized stablecoin project also disclosed that almost half of the total value locked in the project — around $17.6 million in the USDC stablecoin — were sent to Euler during the hack.

Meta pulls the plug on NFTs

In a Twitter thread, Meta (formerly Facebook) Head of Commerce and Fintech Stephane Kasriel announced that they would be "down digital collectibles (NFTs) for now to focus on other ways to support creators, people, and businesses". Meta had only launched its support for NFTs in Facebook and Instagram partway through last year — a bit late to the NFT craze, which had largely cooled by that point.

Mark Zuckerberg had once talked about eventually using NFTs for Meta's metaverse projects, suggesting that eventually "the clothing that your avatar is wearing in the metaverse, you know, [could] be basically minted as an NFT and you can take it between your different places". It sounds like that plan may no longer be on the table now.

Euler Finance exploited for almost $200 million

The decentralized lending platform Euler Finance suffered a flash loan attack in which an exploiter stole $197 million from the project. The attacker stole $8.7 million in the Dai stablecoin, $18.5 million in wrapped Bitcoin, $135.8 million in Lido staked Ethereum (stETH), and $33.8 million in the USDC stablecoin. Although Euler was well known for its many code audits, the project had later added a vulnerable function that had not been as heavily audited.

Euler announced that they were aware of the exploit, and were "working with security professionals and law enforcement".

On April 3, Euler Finance announced that they had completed successful negotiations, and that "all of the recoverable funds taken from the Euler protocol on March 13th have now been successfully returned by the exploiter". Unfortunately, based on on-chain transfers, this appeared to only be around $31 million.

Regulators shut down crypto-friendly Signature Bank

Two days after the collapse of Silicon Valley Bank and four days after the collapse of Silvergate Bank, the New York Department of Financial Services announced they had taken possession of Signature Bank, a New York-based bank that was a major bank partner for cryptocurrency companies. The bank was placed into receivership with the Federal Deposit Insurance Corporation (FDIC). According to a Signature board member, a bank run of billions of dollars began on Friday after the seizure of Silicon Valley Bank.

A joint statement from federal regulators announced that "All depositors of this institution will be made whole... no losses will be borne by the taxpayer. Shareholders and certain unsecured debtholders will not be protected. Senior management has also been removed."

The shutdown of Signature and the collapse of Silvergate leave many companies in the crypto industry without much access to the US banking system.

PeopleDAO loses $120,000 after payment spreadsheet is shared publicly

PeopleDAO is the successor to ConstitutionDAO, a group that made an ill-fated attempt to buy a copy of the US Constitution in November 2021. When the accounting lead for PeopleDAO accidentally shared an editable accounting spreadsheet link in a public Discord channel, an enterprising member of the Discord decided to take advantage. They inserted a row with their own wallet address for a 76 ETH (~$120,000) payment, then hid the row so it wouldn't display to the other viewers.

When team leads reviewed the spreadsheet to sign off on the payments, they didn't see the row, and there was no rollup showing total payments or anything else that would've helped them catch the malicious activity. The transactions were uploaded to a tool allowing asset transfers via CSV, and the required six out of nine multisig members approved the transaction.

PeopleDAO have reported that they're working with various security researchers to track the funds, and have reported the theft to the FBI and FTC.

USDC loses peg to the dollar

The major stablecoin USDC lost its peg to the US dollar on March 10. Earlier that day, the collapse of the Silicon Valley Bank sent shockwaves through the financial system, and some in crypto were concerned about possible contagion to crypto companies. In particular, it was known that some of Circle's cash reserves backing USDC were stored at SVB, but it wasn't clear quite how much. After some delay, Circle disclosed that $3.3 billion of their roughly $10 billion in cash reserves were stored with SVB.

That evening, Coinbase announced they would be pausing USDC redemptions for dollars until the following Monday, claiming it was only because in times of high volume, they needed to process transfers via the traditional banking system. Despite their stated reason, this deepened fears about the stability of USDC, which is supported in part by Coinbase.

The price of USDC began to wobble on smaller, less liquid exchanges like Gemini and Kraken before the issue was reflected more widely. However, most exchanges were showing USDC trading at prices between $0.90 and $0.98 later that night — a noticeable departure from USDC's normally fairly steady peg.

A sustained de-peg would wreak havoc on the crypto industry, where USDC is the second largest stablecoin and boasted a $43 billion market cap (at least before substantial outflows surrounding the SVB concern). Other stablecoins even have exposure to USDC, with both FRAX and DAI using USDC for significant portions of their collateral.

Someone attempting to swap ~$2 million in 3CRV token ends up with $0.05 due to apparent Kyber issue

Someone tried to swap around 2.03 million 3CRV tokens (priced at around $1.97 million) for stablecoins using the KyberSwap decentralized exchange protocol. However, due to an apparent flaw in which the protocol routed the trade through a project with very little liquidity. The trade suffered from massive slippage, and was frontrun by an MEV bot. The MEV bot made off with a nice $34,400, and the trader wound up with only five cents in the Tether stablecoin.

Kyber seemed to acknowledge that the issue was on their end, tweeting that "We have been in touch with him and are investigating the issue. We will provide an update soon."

Coinbase pauses redemptions of USDC for dollars

The collapse of the Silicon Valley Bank on March 10 led to concerns over the stability of the stablecoin USDC, after it was revealed that a portion (later specified at $3.3 billion) of its cash reserves were kept with SVB. This led to somewhat of a run on USDC, which began wobbling from its dollar peg down to as low as $0.95 on some exchanges.

On the evening of the tenth, Coinbase announced that they would be "temporarily pausing USDC:USD conversions over the weekend while banks are closed," stating that "during periods of heightened activity, conversions rely on USD transfers from the banks that clear during normal banking hours".

"Your assets remain safe & available for on-chain sends," they said: cold comfort for those who are afraid their USDC may not be worth $1 come Monday.

Coinbase is one of the firms behind USDC, and its decision to stop processing redemptions is likely to add to the concern over the stablecoin's... stability.

Bankrupt BlockFi has at least $227 million at collapsed Silicon Valley Bank

BlockFi, which has been in bankruptcy since shortly after the November FTX collapse, appears to have exposure to the collapsed Silicon Valley Bank. According to a court filing, approximately $227 million in BlockFi funds has been kept in one of several accounts the company maintained at Silicon Valley Bank. The account is a money market mutual fund, meaning it is not FDIC insured.

The US Trustee reportedly warned BlockFi counsel on March 6 that the company needed to "immediately take steps to safeguard these funds in compliance with" the depository agreement, because a MMMF was not in compliance. BlockFi responded that the account was FDIC insured (up to the FDIC's $250,000 limit), but the Trustee maintains that that is not accurate.

Silicon Valley Bank collapse causes crypto contagion concerns

Although it doesn't seem that it was exposure to the crypto industry that did in Silicon Valley Bank (unlike with fellow failed bank Silvergate), the crypto industry has been showing signs of concern that SVB's collapse may impact crypto businesses. In particular, there are fears around the fact that Circle, the company that backs the major USDC stablecoin, kept some of its cash reserves with SVB. Circle disclosed that around $3.3 billion, or around one-third of USDC's $9.88 billion in cash reserves backing USDC, was kept with Silicon Valley Bank.

SVB was also the preferred bank for various giants in the crypto VC world, including Andreessen Horowitz and Sequoia Capital. Pantera Capital also used SVB as a custodian.

Huobi Token flash crashes by 90%

Huobi Token, the token tied to the Huobi cryptocurrency exchange, experienced a flash crash in which the token price tumbled 90% from $4.60 to around $0.31 within about a ten-minute span. HT does not have a ton of liquidity, and so Huobi-linked executive Justin Sun reported that a "few users trigger[ed] a cascade of forced liquidations in the spot and HT contract markets".

Sun also announced that he had transferred $100 million to Huobi to provide more liquidity. He also announced that "Huobi will bear all leverage-through position losses on the platform resulted from this market volatility event of HT."

Although the token recovered quickly, the flash crash sparked rumors that Huobi was insolvent.

Blockchain.com shutters asset management arm

After launching an asset management business less than a year ago, Blockchain.com has announced they will be shuttering it. They blamed the ongoing "crypto winter" as contributing to the decision. The UK-based firm had planned to offer "algorithm-based risk-managed exposure" to Bitcoin, which may have proven challenging in a year of declining Bitcoin prices.

New York Attorney General sues KuCoin, claims ETH is a security

New York Attorney General Letitia James announced a lawsuit against the Seychelles-based KuCoin crypto exchange, after finding that users could trade on the exchange despite it not being registered in the state.

The NYAG took the additional step of alleging that ETH is a security. Many have argued that Bitcoin and ETH, the native token of Ethereum, are not securities because they are "sufficiently decentralized". The NYAG, however, wrote in the press release announcing the lawsuit that, "This action is one of the first times a regulator is claiming in court that ETH, one of the largest cryptocurrencies available, is a security. The petition argues that ETH, just like LUNA and UST, is a speculative asset that relies on the efforts of third-party developers in order to provide profit to the holders of ETH."

The NYAG is also going after KuCoin for offering a lending and staking product, a category of product that has recently been a focus of various enforcement actions. They claim that KuCoin did not comply with a subpoena.

Hedera Network halts access after exploit

The Hedera network turned off access to the Hedera mainnet on March 9 after observing "smart contract irregularities". They subsequently confirmed that the Hedera smart contract service had been attacked by exploiters who were able to transfer individual users' tokens to their own accounts. Some individuals using cold wallets even claimed their tokens had been stolen.

Hedera has not disclosed how much had been stolen. Total value locked (TVL) on the network dropped 33% from $36.1 million to $24.6 million.

Some balked at Hedera's ability to simply turn off user access to the network, despite claiming to be a decentralized project.

Turkish electric vehicle company Togg announces presale via NFT, then scraps the plan after customers have already bought in

Rendering of a red SUV-style car, with text below it reading, "NFT'nizi seçmeye hazır mısınız?"Promotional image for Togg's NFT collection, captioned "Ready to choose your NFT?" (attribution)
Turkish electric vehicle startup Togg announced that interested customers would be able to buy obtain pre-order rights for the limited run of their "100 Year Special Series" cars if they purchased one of the 2023 NFTs they planned to mint on the Avalanche blockchain. Based on rarity, NFTs began minting at between 10 and 30 AVAX ($200-$600) depending on rarity, which prospective customers purchased at its ~$20 price in anticipation of the early February sale. Many customers purchased considerably more AVAX, anticipating fierce bidding wars.

However, shortly after the NFT sales began, the platform crashed. Then, very soon after the sale began and Togg began addressing the issues with the platform, a series of earthquakes devastated portions of Turkey. As a result, Togg announced they would be postponing the sale until a later announcement.

On March 8, Togg announced that they had canceled their plans to conduct the pre-order process by NFT drawing, and that any NFT holders would not be prioritized in the pre-order.

This infuriated some customers who had purchased AVAX solely intending to use it to obtain a pre-order slot — particularly because AVAX is now priced below $15, meaning those who've been holding AVAX since purchasing it have lost 25%.

Gemini reportedly loses banking with JPMorgan

Both CoinDesk and Reuters have reported that JPMorgan Chase & Co. will be ending its banking relationship with Winklevoss-led Gemini cryptocurrency exchange. Gemini responded to the reports by tweeting "Despite reporting to the contrary, Gemini's banking relationship remains intact with JPMorgan," though they notably made no statements about whether they expect that to remain true going forward.

It's hard to say why JPMorgan might have severed ties with Gemini — it could be related to recent statements from regulatory agencies frowning on banks taking crypto companies as clients, although Coinbase noted that it continues to have an active banking relationship with JPMorgan.

JPMorgan is not Gemini's only banking partner, so despite the blow to Gemini, this will not cut them off from banking.

Silvergate bank collapses

California-based Silvergate bank had pivoted almost entirely to serving crypto clients, a move that proved fatal to them in the wake of the FTX collapse and ensuing contagion. On March 8, they announced that they would be shutting down. Although their shutdown is considered to be a "voluntary liquidation", they had little other choice after a bank run, increasing regulatory pressure on banks serving the crypto industry, and a general dearth of new clients in the crypto downturn.

Silvergate's collapse may worsen crypto's already tenuous relationship with US banks. Silvergate was one of the few "crypto-friendly" banks, and the clients it previously served — among them, Crypto.com, Bitstamp, and Paxos — may face challenges finding a reliable replacement.

Lido token price tanks after podcaster spreads inaccurate rumor of Wells notice

Chart of the LDO token price from March 2 to March 5, showing a decline from around $3 to a low of $2.45 before recovering to around $2.60LDO price from March 2 to March 5, via CoinMarketCap (attribution)
It doesn't take much to tank a token price, particularly lately as fear of SEC action in the Ethereum staking world has run high. Popular podcaster David Hoffman speculated on his Bankless podcast on March 3 that "I have wind that many, many, many Wells notices have been issued to many of the defi apps, orgs that we all know and love" in the last week, describing it as a "carpet bombing" and adding that "I think Lido got one". Although he clarified that they were only rumors, it was enough to spark panic, and the LDO token fell almost 20%, from around $3 down to around $2.45.

Hoffman later retracted the statement in a long tweet and apologized, and the LDO price recovered somewhat, though not to its initial level. However, he continued to claim that "there is at least one confirmed Wells Notice that has gone out recently, that isn't known to the public", but wrote that "the idea of a mass recent carpet bomb isn't correct".

WSJ alleges Tether, Bitfinex, and related companies used falsified documents to obtain banking

A report from the Wall Street Journal made serious allegations against the stablecoin operator Tether, sister company Bitfinex, and the web of companies behind it. According to journalists, companies behind Tether "turned to shadowy intermediaries, falsified documents and shell companies to get back in" to the global banking system in late 2018, after a series of governmental actions cut them and their banking partners off from the financial system.

Among other allegations, the WSJ outlined how Tether was repeatedly denied accounts at New York's Signature Bank, and so ultimately got an executive at an aviation fuel broker called AML Global to open an account that appeared to be used to fraudulently process transactions on behalf of Tether and Bitfinex.

Tether is the largest stablecoin in circulation, though its entire existence has been marred by questions around its legitimacy and the status of its claimed reserves.

Silvergate crypto-focused bank faces crisis

Silvergate is a US bank that shifted its business toward primarily serving crypto clients. Following the collapse of FTX, there have been concerns over Silvergate's exposure to the losses experienced within the crypto industry. Short sellers piled in, making Silvergate the most shorted stock in late February.

On March 1, Silvergate revealed that they would miss the deadline to file their annual report with the SEC, which they blamed on regulatory inquiries. They also revealed even more losses, which added to the massive $887 million in losses they experienced in Q4 2022. They also disclosed that they were having to evaluate whether the bank was going to be able to survive.

Silvergate's stock plunged on the news, worsening its already marked decline in price over 2022–23. Some crypto firms began distancing themselves from the bank, as well: Coinbase announced on March 2 that they would no longer be transacting with Silvergate "in light of recent developments and out of an abundance of caution". Galaxy Digital, Paxos, CBOE, Gemini, Crypto.com, and Bitstamp also announced they would cease transfers to and from Silvergate, and Circle announced they would be "unwinding certain services with them".

Developers accuse Binance of stealing their hackathon idea after Binance launches similar AI NFT product

Tweet by BNB Chain: "The grand prize winners of our third track, Lifestyle in #Web3, is the wonderful team Chatcasso 🥇

Chatcasso is a guided platform that allows users to easily and conveniently mint NFTs using only text input through the use of AI technology.

[9/11]"Tweet by BNB chain in January 2023 announcing the hackathon winner (attribution)
If you're thinking about entering into a BNB Chain hackathon, you might want to think again. On March 1, Binance announced a new "Bitcasso" product: a tool for users to create NFTs via AI image-generation.

Shortly after its launch, a group of developers accused Binance of stealing an idea they had presented at a December 2022 BNB Chain hackathon. Those developers had been awarded first place and $5,000 for "Chatcasso", a nearly identical tool.

Binance has refuted the allegations of theft, with a spokesperson acknowledging the "similarities" but claiming that "Bicasso was designed and developed independently more than two weeks before the BNB hackathon".

"It's disheartening to see a company that claims to support innovation and development steal from the very people who are working hard to build the ecosystem. Who would feel safe entering a hackathon? I don't." wrote one of the developers from the team. The developer also stated that they had not signed any contracts that would have assigned the rights to their work to the company, as is the case in some hackathons.

BitBNS discloses that they were hacked in February 2022, hid it as "system maintenance"

An investigation by crypto sleuth zachxbt uncovered that the Indian crypto exchange BitBNS had been hacked on February 1, 2022, but hid it from users. After experiencing a $7.5 million theft, the exchange tweeted "system maintenance in progress", suggesting they were having problems with Amazon Web Services.

After zachxbt's investigation, BitBNS admitted that they had hidden the hack from customers. "Law enforcement advised us that the users should be educated about the incident only after the investigation is completed or reaches a dead end," said BitBNS CEO Guarav Dahake, who also said that some funds were ultimately recovered thanks to law enforcement and cooperation from other exchanges.

FTX co-founder Nishad Singh pleads guilty, agrees to co-operate against SBF

Portrait of Nishad SinghNishad Singh (attribution)
Nishad Singh, a co-founder of FTX and its former director of engineering, has agreed to plead guilty to six criminal charges and co-operate against his former boss, Sam Bankman-Fried. Singh has pled guilty to one count of wire fraud, three counts of conspiracy to commit fraud, one count of conspiracy to commit money laundering and one count of conspiracy to defraud the United States by violating campaign finance laws.

In direct messages to a Vox journalist in November 2022, shortly after the FTX bankruptcy, Bankman-Fried wrote that Singh had left, and that he was feeling "ashamed and guilty" because customer deposits were missing.

According to bankruptcy filings, Singh had received a $543 million loan from Alameda Research. Some of this may have gone towards illegal political donations, which Singh admitted in court to making, saying they were intended to bolster Bankman-Fried's and FTX's influence among politicians.

Two BNB-based projects attacked for around $700,000 each

Two BNB-based defi projects have been exploited for around $700,000 each in attacks that one of the projects has claimed were perpetrated by the same group. First, an attacker siphoned more than 2,400 BNB (~$728,000) from the Dungeonswap defi project.

Later, 80% of funds in the liquidity pool for the defi project LaunchZone were suddenly drained, tanking the LZ token price over 80% to $0.026 from its previous price of around $0.15. The stolen funds were priced at around $700,000.

Some questioned if LaunchZone had rug-pulled. However, the project claimed that "$LZ is being hacked from [Dungeonswap] exploiter" and urged its users to "please keep calm". They also announced that they had paused trading and transfers of the LZ token.

Large Algorand holders have wallets drained

Over a period of several days, around 25 accounts on the Algorand blockchain have been drained of funds. The attack appears to be targeted at high-value accounts, and over 13 million ALGO (~$3.3 million) has been drained so far.

John Woods, the CTO of the Algorand Foundation, acknowledged the spate of hacks, writing, "I agree that there's too many of these hacks to be a coincidence". However, he stated that he was confident it was not an issue with Algorand itself. The Algorand wallet provider MyAlgo subsequently urged users to withdraw funds from wallets that use mnemonic phrases for recovery, suggesting that there may have been an issue with their software.

hideyoapes suffers $200,000 wallet drain

An illustration of an ape with cream-colored fur. Its eyes are half-lidded and its mouth is open in a grimace or smile. It has a tuft of brown hair on its head.Bored Ape #5917 was the most expensive NFT stolen, selling for 68.6868 wETH (~$112,750) (attribution)
"I still don't quite understand what happened here", wrote hideyoapes.eth after their wallet was drained of around 30 NFTs. They had previously owned several pricey NFTs from the various Yuga Labs collections, including a Bored Ape, Mutant Ape, three Bored Ape Kennel Club NFTs, a SewerPass, and two Otherdeeds.

The thief sold all the NFTs and then transferred the proceeds from the sales to their own wallet. Altogether they made off with 127.3 wETH (~$208,000).

On Twitter, hideyoapes explained that they had downloaded and installed the MetaMask wallet extension from MetaMask's official website. "I didn’t think anything of it because it was the legit site and verified chrome app. While I was sleeping all my assets were sold," they wrote. At this point, it's not clear how exactly the hack was perpetrated.

Solana tries turning it off and on again (twice)

It's just like mid-2022 again! As transactions slowed to a crawl, developers embarked on a "coordinated restart" — a euphemism for the rather centralized way this supposedly decentralized network has to routinely go about fixing itself.

One "coordinated restart" apparently wasn't enough, because a second one followed later that day. Developers reportedly didn't know why the blockchain suddenly began to slow, though it followed shortly after validators began adopting a new version of Solana code, pointing to a possible culprit in the new release. The new version had reportedly operated for six months on the testnet before it began to be deployed.

Other theories were also considered, as reported by CoinDesk: "One leading theory was that a 'fat block' gunked up the blockchain's mechanics."

The outage is reminiscent of the ones that plagued the network through 2022, leading some to question whether it could be suitable for replacing critical infrastructure.

Per a court order, Oasis rewrites the rules for Jump Crypto to recover stolen assets

In a world where "code is law", crypto users don't necessarily expect that the smart contracts might change out from under them — particularly given contracts are often assumed to be immutable once they're deployed. However, for various reasons including the need to patch bugs in deployed contracts, some projects use upgradable smart contracts.

This decision was what allowed Jump Crypto to obtain a court order requiring the Oasis platform to "upgrade" a smart contract in such a way that Jump Crypto could remove stolen funds from where the hacker had placed them on the Oasis protocol. Oasis released a defensive statement, writing that their cooperation in the recovery was "only possible due to a previously unknown vulnerability in the design of the admin multisig access", and that "we will be making no further comment at this time". Oasis is a frontend for the MakerDAO project, which was originally started as part of MakerDAO but later spun into a separate entity, though it still appears to enjoy preferred status by MakerDAO.

The stolen funds in question were the proceeds of the February 2022 Wormhole bridge exploit, in which attackers stole 120,000 wETH (then ~$326 million; now $192 million). After the hack, Wormhole's parent company Jump Crypto plugged the hole left by the hack with their own funds. Since then, the attackers have been moving the funds throughout the cryptocurrency ecosystem, even taking out a highly-leveraged position on in Lido-staked Ether last month.

Ultimately, Jump was able to recover around $140 million via their "counter-exploit". While many celebrated the recovery, some were concerned about the precedent of a so-called defi platform changing a smart contract to remove funds from a wallet at the direction of a court. Some described the upgradability as a "backdoor". "If they'd do it for Jump, what does that say about possible coercion via state actors?" wrote one trader on Twitter.

Metroverse blockchain game implodes

An isometric rendering of a square tile on which there are multiple city buildings including skyscrapers and futuristic structures, rendered in neon colors.Block #6086 (attribution)
The Metroverse NFT-based game caught the end of the 2021–22 crypto bull market, minting the Genesis collection in January 2022. The project sold out quickly, netting the project creators 2,000 ETH (~$6.3 million) from the mint alone, not to mention 5% royalties on the 25,361 ETH in trading volume since. The project promised to deliver a "land trading NFT strategy game" with mechanics they said would be "similar to Sim City", and flashy artwork drew in an excited fanbase.

Ultimately, the project delivered a game that was a far cry from Sim City, and which only a small subset of players designated as "leaders" could even play. As interest in NFTs and crypto prices began to fall, the community became increasingly dissatisfied with the project creators, who they felt had delivered a subpar game, engaged in an additional cashgrab mint, and took actions like performing a reverse-split of the token which they believed harmed secondary market prices.

Tensions emerged between the project team and the community, with the project team dismissing all criticism as "FUD" and accusing their community members of "sabotage", and community members accusing the project team of rug-pulling and failing to listen to feedback. The team shut down the project Discord, claiming that the community was only making it harder for them to do what they had promised to do, and saying that the attacks were damaging to their mental health. The team promised to complete the last item on the roadmap, but stated that they would not be continuing to develop the project or add additional roadmap items due to the current NFT markets and the "non-stop attacks from the community".

Very shortly after closing the Discord, the project team changed their mind and announced that they would be closing the project entirely. They announced that the upcoming battle would be the last available to play, but that they would be airdropping tokens to players as promised in the last item on the roadmap, and open-sourcing the code. Multiple project team members deleted their social media, and project AMAs were wiped from the Metroverse YouTube channel.

These gestures were far from enough to satisfy an angry community, some of whom threatened to dox the anonymous team behind the game or take legal action against the founders. The team themselves fired back with legal threats, contacting community members to tell them that they believed their conversations on a separate Discord server involved illegal activities that are "not only morally reprehensible but may also constitute serious criminal offenses".

Some community members claimed to have spent tens of thousands of dollars on the project. "I spen[t] like 25 eth at 3k" wrote one. "I spen[t] 250k" shared another.

Crypto investment scheme with links to UK Parliament vanishes

The Guardian published a report on Phoenix Community Capital, a cryptocurrency investment project that solicited investments in part based on credibility it built by ingratiating itself with parliament. The firm drew in approximately 8,000 investors, some of whom put in tens of thousands of pounds, before vanishing in September: the website went offline, and portfolio accounts became inaccessible. A post to the company's Twitter account reported the firm was "under new management", but the new company has said they have no obligation to make previous investors whole.

The firm built credibility by sponsoring an APPG — all-party parliamentary group — and its co-founder, Luke Sullivan, was active as a speaker for parliamentary groups and events hosted by MPs. The firm promoted itself based on these ties to the UK government, including by publishing a blog post about how they "brought the Metaverse to the Palace of Westminster".

Some investors say they have lost more than $100,000 each. One such investor is Alan Rogers, a former Premier League footballer who sunk around $50,000 into the rather Ponzi-looking scheme.

Sam Bankman-Fried indicted on four new charges in criminal case

Sam Bankman-Fried pictured from the shoulders upSam Bankman-Fried (attribution)
Sam Bankman-Fried, the founder and former CEO of the now-bankrupt FTX exchange, was already facing eight criminal charges for offenses including wire fraud, securities fraud, money laundering, and campaign finance violations. Now, US prosecutors have slapped him with four more charges including conspiracy to operate an unlicensed money-transmitting business and conspiracy to commit bank fraud.

The new indictment includes additional information about Bankman-Fried's alleged fraud. The indictment details SBF's attempts to circumvent due diligence by US banks by creating a fake company called North Dimension. Via North Dimension, SBF diverted funds to FTX, which was unable to get a bank account.

Bankman-Fried has entered a not guilty plea to the original eight charges, but has not yet entered a plea for the additional four.

These criminal charges add to securities fraud and other civil charges from the SEC, as well as civil charges out of the CFTC. Both civil cases have been stayed pending the outcome of the criminal case.