Sam Altman's Worldcoin project incentivizes a black market for biometric data taken from people in developing nations

"Show me the incentive and I will show you the outcome."

Sam Altman's Worldcoin project, a dystopian effort to use chrome orbs to scan the irises of people (often in developing nations) in exchange for vague promises of crypto compensation, is encountering even more difficulties. In April 2022, BuzzFeed News and MIT Technology Review both published in-depth reporting on some of the technical and ethical issues the project has run up against.

Now, the project is facing reports that people in China, who are not allowed to sign up legitimately, have been purchasing iris scans from individuals in Africa and Southeast Asia in order to circumvent the restriction. According to the news outlet BlockBeats, Chinese individuals have been engaging in "eyeball speculation": buying biometric data scanned en masse from villagers in Cambodia, Kenya, and elsewhere by people who then sell it for $30 or less, allowing the buyer to receive the associated Worldcoin payout (currently ~$20).

Worldcoin has said they are rolling out various measures to try to discourage this activity, including changing the in-person sign-up process. However, the project acknowledged that they have not figured out how to prevent this, writing: "Despite these precautions, it is important to acknowledge that they do not entirely safeguard against collusion or other attempts to bypass the one-person-one-proof principle. To address these challenges, innovative ideas in mechanism design and the attribution of social relationships will be necessary."

Former Fabric CFO accused of siphoning $35 million into his crypto startup and losing it all

Black and white headshot of Nevin ShettyNevin Shetty (attribution)
Nevin Shetty, the former chief financial officer of the Fabric e-commerce platform, was federally indicted for wire fraud after allegedly misappropriating $35 million from Fabric to put into his cryptocurrency platform HighTower. Shetty stole the money in April 2022, shortly after being told he would be fired from Fabric for performance reasons.

According to the grand jury indictment, Shetty planned to put the funds into cryptocurrency positions that "could have yielded returns of 20 percent or more annually", and planned to return 6% to Fabric, keeping the difference. This so-called "investment" contradicted the conservative investment strategy that Shetty had helped to draft for Fabric, and he concealed both the existence of the transfer and his involvement with HighTower.

Shetty "lost virtually all of [Fabric's] money" "within a matter of weeks", at which point he fessed up to Fabric. Shetty had placed all of the funds into protocols based around the Terra stablecoin, which collapsed dramatically only a month later.

Shetty has pled not guilty, and has been released on bond.

Traders lose more than $15 million to phishing website impersonating crypto exchange HitBTC

Blockchain security firm SlowMist has reported that a phishing website appearing to be the real cryptocurrency exchange HitBTC has stolen more than $15 million worth of Bitcoin, Tether, and Ether from users believing it to be the real thing. Users who didn't notice they were accessing a site with the URL hitbt2c.lol instead of hitbtc.com approved transactions to swap their crypto assets, only to find the site drained their wallets.

South Korean legislator Kim Nam-kuk resigns over allegations of improper crypto dealings

Photograph of Kim Nam-kukKim Nam-kuk (attribution)
South Korean lawmaker Kim Nam-kuk has resigned over a cryptocurrency scandal. On May 8, 2023, The Korea Times reported that Kim cashed out around 800,000 Wemix tokens priced at around ₩6 billion (~$4.5 million) in previously unreported cryptocurrency assets shortly before Korea's March 2022 imposition of the travel rule, which requires disclosures around the identities of those involved in large crypto transactions. Kim denied the allegations, claiming he had simply moved the assets to another exchange. Other legislators and citizens expressed shock at Kim's apparent crypto wealth, as he had portrayed himself as someone who was not affluent.

Other concerns arose regarding the discovery of the assets. Some were worried about possible conflicts of interest, particularly in relation to Kim's 2021 proposal of a bill that would delay taxation of crypto profits. Others were worried about the source of the funds used by Kim for crypto trading; Kim claims he did not receive money from anyone to use for trading, and obtained the money through the sale of stocks.

On May 10, the Democratic Party recommended Kim sell his crypto holdings, and launched an investigation. Kim said later that day that he would perform the sales, and "transparently disclose data to the investigation team and undergo the inquiry faithfully".

On May 14, Kim resigned from the Democratic Party "for a while", continuing to deny the allegations but expressing wishes to not burden the party and its members over the controversy.

The subsequent day, Korean authorities raided the offices of Korean crypto exchanges Bithumb and Upbit in connection to the scandal, seeking transaction records and other information. Kim was reported to use those services for his crypto wallets.

a16z-backed Mecha Fight Club NFT robot cockfighting game put on ice as maker pivots to AI

A robotic chicken with a white and blue chassisMechaFightClub #6185 "Jacques Strap" (attribution)
A year ago, Andreessen Horowitz general partner Arianna Simpson wrote about the firm's investment into Irreverent Labs. Simpson had joined their first $5 million funding round, and Andreessen Horowitz led their $40 million Series A. The company had yet to produce any product, but successfully pitched Simpson on what she described as "some sort of chicken game".

Now, the company has announced that the project will be paused "for the indefinite future", blaming "lack of clarity" and "regulatory confusion" in the United States. The company simultaneously announced "SOL 4 Cocks", in which they will repurchase the Mecha Fight Club NFTs for 18 SOL (~$380). The NFTs had originally minted for 6.969 SOL (~$290 on mint date).

Irreverent Labs' website and social media now describe the company as an AI firm building "text to 3D and video prediction tools that facilitate the creation of AI-generated 3D content".

Fractional NFT ownership platform Tessera shuts down

If you've found yourself thinking "man, I wish I could buy a hundredth of an NFT", you now have one fewer options. Andy Chorlian, co-founder and CEO of fractional NFT platform Tessera — originally called Fractional — announced that it and its sibling company Escher will be winding down. In the announcement, he wrote that it was related to their "financial situation", and that "we wanted to make this decision while we're still in a financial position to do this responsibly".

The decision was announced only a few weeks after the US Department of Justice announced charges against a group of individuals including Chorlian. Chorlian was charged with conspiracy to commit securities price manipulation and wire fraud in connection to an alleged scheme to manipulate the market for the HYDRO crypto token. If convicted, Chorlian faces a maximum of five years in prison.

Citing regulatory concerns, Bakkt delists 25 of 36 crypto tokens on newly acquired Apex Crypto

The American corporation Bakkt recently acquired Apex Crypto, a Chicago-based crypto trading service. Bakkt shares a majority owner with the New York Stock Exchange. Shortly after the deal closed, Bakkt delisted 70% of the tokens on the platform, including major tokens Aave (AAVE), ApeCoin (APE), Avalanche (AVAX), Chainlink (LINK), Fantom (FTM), Filecoin (FIL),[d] Maker DAO (MKR), Stellar (XLM), and others.

A spokesperson stated that the delisting was a reaction to "the most up-to-date regulatory guidance and the latest industry developments". The decision is likely related to mounting industry pressure, and statements from SEC Chair Gary Gensler that most crypto assets are securities.

Binance exits Canada

Binance announced they would be exiting Canada, "proactively withdrawing" ahead of stablecoin regulation and crypto investment limits. As is becoming a trend in the industry, crypto exchanges and other platforms appear to be finding investor protection to be fundamentally incompatible with their business model.

This is only the latest in a string of events involving regulatory pressure on Binance. In April, Binance canceled the acquisition of the bankrupt Voyager platform by its Binance.US arm, citing a "hostile and uncertain regulatory climate in the US". This move came shortly after a March lawsuit from the US CFTC against Binance and its CEO. Elsewhere, Binance closed its derivatives arm in Australia in April, citing issues with the Australian securities regulator.

Aragon DAO faces governance crisis

As the Aragon Association took steps to "progressively decentralize" their centralized project by assigning more control to the Aragon DAO, they encountered some challenges. Aragon, somewhat ironically, is a platform for creating and running DAOs that has been "stewarded" by the Aragon Association, a non-profit run by a small committee.

In June and October 2022, the Aragon DAO — that is, all holders of the $ANT token or (later) their delegates — voted on several proposals supporting a move to place the Aragon treasury under DAO control. The treasury is a pool of crypto assets currently priced at around $174 million. However, the tokens continued to remain under control of the Aragon Association.

On May 9, 2023, the Aragon Association announced that they would not be following through with the treasury change, and instead would be "repurposing the Aragon DAO into a grants program". They attributed the decision to "coordinated social engineering and 51% attack" on the DAO that began shortly after a small portion of the treasury assets were transferred.

A week before the announcement, Aragon also banned a group of token holders from the group's Discord channel. Aragon characterized the group as appearing "coordinated" and alleged the group was "engaging in harassment". They claimed the group were members of the "Risk Free Value Raiders", which they described as "a sophisticated, well-resourced, and coordinated group of actors that target crypto projects with an imbalance between the value of their token and treasury". They also accused the group and its members of coordinating governance attacks on other DAOs, including Invictus DAO and Mango Markets. Aragon wrote that they believed the RFV Raiders were aiming to "[extract] value from Aragon for financial profit" rather than pursue the DAO's goals of supporting developers building DAO infrastructure.

One of the banned members told a different story, publishing and later taking down a statement in which he claimed that they were trying to get answers to questions about why the Aragon team was so slow to enact the DAO vote. "We find these bans, failure to empower the community with treasury transfers, and overall lack of transparency to be frustrating and against the ethos of both what DAOs are meant to be and what Aragon team members have repeatedly said they stood for. However, these actions have become a common pattern for Aragon," he wrote.

On May 11, Aragon apologized for how they handled the crisis, unbanned the banned Discord members, and announced that they would "keep following a gradual [treasury] transfer approach, making sure it aligns with the mission of the project", but continued to characterize the members as attackers and reiterated that "we won’t stand for hostile and coordinated attacks".

Blockchain-based diamond tracking firm Everledger collapses

Everledger was an Australian company that hoped to use blockchains to track provenance of diamonds, other precious gems, fine wines, and other luxury goods. Things apparently didn't pan out, though, when an investor's planned funding fell through and the company was placed into voluntary administration.

Everledger had in the past raised US$37 million in funding. AUD$3 million (~US$2 million) of that funding came from the Australian government's blockchain grants program in 2021.

Bittrex files for bankruptcy

A bit over a month after Bittrex announced it was closing US operations, and less than a month after the US SEC charged the company with operating an unregistered exchange, Bittrex has filed for Chapter 11 bankruptcy protection. According to court filings, the company has assets and liabilities both within the $500 million and $1 billion range, and has more than 100,000 creditors.

Bittrex used to be a much larger presence in the US, enjoying more than 20% of US market share in 2018. It has since dropped to below 1%.

The entity that filed for bankruptcy in the US is Bittrex, Inc., which is separate from Bittrex Global. "This announcement does not impact Bittrex Global, which will continue operations as normal for its customers outside the U.S.," said a Bittrex spokesperson.

Ethereum user pays 64 ETH ($118,000) transaction fee on 84 ETH ($155,000) swap

Value:
84 ETH
$156,107.28
Transaction Fee:
64.012561122708491262 ETH
$118,962.22
Gas Price:
418,859.102002987 Gwei (0.000418859102002987 ETH)Etherscan screenshot showing transaction fee (attribution)
A recent surge in memecoin popularity has caused Ethereum transaction fees to skyrocket. One trader paid the price, eating a 64 ETH ($118,000) transaction fee just to perform a simple swap of 84 ETH to another token. Welcome to the future of finance.

Deus Finance suffers third hack

Deus Finance suffered yet another hack as around $7 million was taken from the protocol. This was not the first time the platform had been targeted, suffering a $3 million exploit in March 2022 and a $13.4 million exploit in April 2022. Then, in May 2022, Deus Finance's algorithmic stablecoin lost its intended dollar peg in the wake of the Terra collapse and never recovered.

In the most recent hack, around $7 million was stolen as attackers discovered a vulnerability in the contracts of the DEI token. Some of the attackers were apparent whitehats, who executed the exploit to safeguard the funds until they could be returned to a secure address. As of May 8, $5.5 million of the $7 million stolen had been returned.

Xirtam rug pulls

A project called Xirtam, built on the Arbitrum blockchain, raised 1,909 ETH (~$3.2 million) in several fundraising rounds in April 2023. Then, on May 4, the project rug pulled. Founders drained the funds from the project, then deposited them into Binance. This turned out to have been a huge mistake for them, as Binance was able to freeze the stolen assets.

On September 6, Binance announced that they were working to return the frozen 1,909 ETH to the people who had purchased it in the funding rounds.

WallStreetBets coin tanks 90% after insider dumps holding

WallStreetBets is a subreddit that became popular during the pandemic-fueled everyone-should-become-a-daytrader era, and is known for its memestocks and its users who often make enormously risky gambles on the stock market. The only surprise to me in this particular incident is that it took this long for them to rally around a crypto token, because it's a match made in heaven.

The WSB coin launched as an "official memecoin of r/wallstreetbets". The whitepaper explains the token allocation, saying that "It's the fairest launch memecoin you will find with no team allocation and no presale. Just a free airdrop and some coins for the community. 10% of the $WSB supply is reserved as a treasury for the r/wallstreetbets sub to do with as they please. I’m sure they will spend it wisely and definitely not waste it gambling or convincing each other to drink their own urine." Compelling!

The token launched, and quickly achieved a $50 million "market cap". However, on May 3 the token suddenly lost 90% of its value as one of the token creators, "zjz", dumped a massive quantity of the tokens allocated to the team, trading them for 334 ETH (~$635,000).

zjz has claimed that he only sold the tokens because another creator — "WSBMod" — was secretly draining the token by creating huge airdrops and then claiming them for himself. WSBMod, on the other hand, claims that zjz's actions were theft, and has threatened to involve the police and FBI.

Crypto sleuth zachxbt has since gotten involved in the fray, and along with another prominent crypto figure has joined a multi-sig wallet to try to help secure the funds' return without giving any of the creators involved in the dispute unilateral control.

Former OpenSea executive convicted of fraud and money laundering in NFT insider trading case

Nate Chastain, the former Head of Product for the popular OpenSea NFT marketplace, was convicted by a jury of fraud and money laundering for illegally profiting from his insider knowledge of which NFTs would be featured on the site. The two charges each carry a maximum sentence of twenty years in prison.

Chastain was asked to resign by OpenSea in September 2021 after a Twitter user discovered apparent evidence that he had been engaging in insider trades. He was arrested and charged with money laundering in June 2022.

Chastain unsuccessfully argued in his defense that information about which NFTs would be prominently featured on OpenSea wasn't insider knowledge, and "nobody told Nate that he couldn't use or share that information". However, prosecutors argued that attempt to use anonymous accounts to make the trades suggested that he knew what he was doing was wrong.

This case has been described as the first NFT-related insider trading case, and could set a precedent for other similar charges.

OKX suddenly drastically limits withdrawals for users who haven't completed KYC

As regulatory groups have started to pay more attention to crypto platforms, it hasn't been terribly unusual to see them tighten their identification requirements — particularly for customers engaging in high-value transactions. However, the Seychelles-based OKX exchange suddenly and without warning implemented a $5,000 total withdrawal limit for users of its crypto exchange that hadn't provided detailed identification (KYC), leaving some users who were unwilling to provide such identification with large sums of crypto assets trapped on the exchange. Previously, users who had submitted only the base level of identification were able to deposit or withdraw $50,000 per day. These users weren't notified of the change, even when they deposited funds, and only discovered the new limit when they went to withdraw or heard about it on social media.

It's not clear when precisely the change went into effect, but reports of the limitation began appearing in April 2023.

Crypto is the end of Storybook Brawl

Storybook Brawl, a card based autobattler game that was beloved by Sam Bankman-Fried, took its servers offline on May 1. The game had no connection to the crypto industry until its studio was acquired by FTX Ventures in March 2022. This was not taken well by its existing playerbase, who left a flood of negative reviews on Steam based on the developers' intentions to incorporate cryptocurrencies and NFTs. According to SBF, Storybook Brawl was going to be "the vanguard for the ethical integration of gaming and crypto transactions."

The end of FTX seems to have directly spelled the end of Storybook Brawl, which stopped announcing updates in November. However, Protos has pointed out that the game may likely be auctioned off as a part of FTX bankruptcy proceedings.

CZ smacks down Justin Sun for trying to game SUI airdrop

Justin Sun stands with his arms crossed in front of a green and blue background with the Tron logoJustin Sun (attribution)
"Binance LaunchPool are meant as air drops for our retail users, not just for a few whales," tweeted Changpeng "CZ" Zhao, the CEO of Binance, after seeing an alert showing that Justin Sun had transferred $56 million to Binance. "LaunchPool" is a process in which Binance users can farm various tokens — now including SUI — and receive rewards. "Our team told Justin, if he uses any of these to grab the LaunchPool Sui token, we will 'take action against it'. SMH." wrote CZ.

Indeed, it later turned out that Sun's team had farmed around 279,000 SUI (SUI does not yet have a reliable dollar price because it is set to launch later this month). Sun blamed the event on a TUSD market maker, writing, "Regrettably, some of our team members were not fully aware of the intended purpose for these funds and inadvertently used a portion of them to participate in exchange campaigns. Upon realizing this error, we immediately contacted the exchange team and arranged for a full refund of the funds." Those replying to his comment seemed more than a little skeptical that the incident was truly a mistake.

Level Finance exploited for ~$1.1 million

The Level Finance decentralized perpetual exchange was exploited after an attacker discovered a vulnerability in one of the project's smart contracts. They were able to drain 214,000 LVL tokens, which they swapped to 3,345 BNB ($1.1 million). The contract had been audited by Obelisk and Quantstamp, but neither firm apparently discovered the vulnerability.

The attack caused the LVL token to drop substantially in price, plunging from around $9.00 to as low as $4.20 before recovering to around $7 — a loss of 22%.

Poloniex pays $7.6 million settlement for sanctions violations

A US entity that previously controlled the Poloniex crypto exchange has agreed to pay a $7.6 million fine to settle allegations that it violated US sanctions against Crimea, Cuba, Iran, Sudan, and Syria. The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) alleges that between January 2014 and November 2019, Poloniex allowed citizens in those jurisdictions to use the platform, despite knowing their locations thanks to KYC and IP address information. OFAC alleges that there were nearly 66,000 apparent sanctions violations, which amounted to more than $15 million in transactions.

Poloniex was a US-based crypto exchange founded in 2014, which in 2018 was purchased by Circle, who intended to get rid of the illegal activity for which it was known. However, when they discovered that the customers who used Poloniex no longer wanted to use it once they were subjected to scrutiny, they sold the platform to Justin Sun in late 2019, who relocated it to the Seychelles and shut down US operations. It appears that the OFAC fine will apply to the US entity most recently controlled by Circle, and not to Justin Sun's operation.

In August 2021, Poloniex also paid more than $10.3 million to settle allegations from the U.S. Securities and Exchange Commission that it had operated as an unlicensed exchange.

Individuals lose millions in "permit phishing" scams

Between March and April 2023, the Scam Sniffer organization has identified at least $7.7 million stolen by so-called "permit phishers". These attackers convince their victims to sign malicious crypto transactions that use the "permit" functionality, which allows the attackers to siphon funds from the crypto wallets. This type of attack has existed for over a year, but there have been some high-value instances of the attack lately.

On March 11, ScamSniffer tweeted that they had detected 162 instances of the scam, totaling almost $4 million stolen, over the prior two days. On March 24, an individual wallet lost $4 million. Similar attacks on April 19, April 21, and April 30 saw individual wallets lose $449,000, $1.04 million, and $2.28 million, respectively.

0VIX Protocol exploited for $2 million

The 0VIX defi protocol on the Polygon blockchain was exploited for around $2 million. This was a substantial portion of the project's roughly $6.4 million TVL around the time of the hack. The attack was perpetrated by an attacker who manipulated an oracle, which then allowed them to execute a flash loan attack on the project.

The protocol was paused following the attack. 0VIX later tweeted that they had been collaborating with security firms to investigate the hack, and had offered to let the attacker keep $125,000 if they returned the remaining funds in a bug bounty agreement that would also involve 0VIX not pursuing legal action.

Hacker steals Bitcoins from Russia, destroys them or donates them to Ukraine

A thief has identified nearly 1,000 Bitcoin addresses they believe to have been used in connection with Russian hacking activity. This is partly backed by analysis from the blockchain research group Chainalysis, which has linked some of the wallets to Russian Solarwinds attackers and those pushing election disinformation. The thief took control of some of the wallets, destroying $300,000 worth of Bitcoin as they left messages in the transactions to make their allegations.

The thief's activity began shortly before the Russian invasion of Ukraine. After the invasion, the thief stopped destroying the Bitcoin and instead began transferring it to addresses identified for Ukrainian aid.

CFTC imposes record $3.4 billion fine on Bitcoin scammer

After finding that the South African businessman Cornelius Johannes Steynberg had run Mirror Trading International as a multi-level marketing scheme, in which he accepted 29,421 Bitcoin from at least 23,000 Americans, the CFTC has imposed a record fine. Those 29,421 BTC were priced at $1.7 billion in March 2021 — around the end of Steynberg's multi-year scam. Today they're priced at around $863 million, but unfortunately for Steynberg, the CFTC isn't using today's prices to calculate their penalties.

Steynberg has been ordered to pay a total of $3.4 billion — $1.7 billion in restitution and another $1.7 billion penalty. Steynberg was arrested in Brazil in December 2021 on an INTERPOL arrest warrant, where he has remained since pending extradition.

FBI raids home of FTX exec Ryan Salame

Headshot of Ryan SalameRyan Salame (attribution)
The FBI raided the home of Ryan Salame, the former co-CEO of FTX Digital Markets (FTX's Bahamian subsidiary). Salame was close with Sam Bankman-Fried, although it came out in bankruptcy proceedings that Salame had contacted Bahamian securities regulators during the FTX collapse to tip them off to the improper transfer of FTX client funds to Alameda Research.

Salame was also a major donor to Republican candidates in the 2022 midterm elections, splashing out around $24 million in campaign contributions. However, court filings suggest that much of the money donated to political and other causes by FTX executives may truly have been misappropriated customer funds.

Salame is, at the moment at least, not facing charges in connection to the FTX collapse. In July 2023, the Wall Street Journal reported that the search was likely a part of an investigation into Salame and his girlfriend Michelle Bond over possible campaign finance violations pertaining to Bond's 2022 congressional campaign, and was not related to FTX.

Belgian crypto lender Bit4You suspends activities

The only Belgian crypto platform, the Bit4You crypto lender, announced they would be suspending activities after the CoinLoan crypto exchange was ordered to suspend activities after being declared insolvent.

"To date we have no indication that the virtual currencies held on behalf of our customers with CoinLoan will not be recovered," they wrote in their announcement. Reassuring!

AT&T customers suffer crypto wallet compromises reportedly totaling $15–$20 million

TechCrunch reported that attackers were able to gain access to AT&T email accounts which they then used to gain access to customers' cryptocurrency accounts. Various customers reported their accounts at exchanges including Coinbase and Gemini had been drained. One individual victim lost $134,000 from their Coinbase account.

An anonymous source corresponding with TechCrunch claims that the total amount of cryptocurrency stolen is somewhere between $15 million and $20 million. The tipster also claimed that the hackers have the ability to gain access to any AT&T account via the AT&T employee portal; AT&T has denied this and instead claimed that "the bad actors used an API access."

"Rogue developers" make off with $1.82 million from Merlin

The brand new Merlin DEX had only just launched on the zkSync Ethereum layer-2, with a public token sale beginning on April 25. The following day, they suddenly asked users to revoke permissions to the project, saying they believed there was an exploit. They later wrote: "it is with deepest regret that we have to notify you of a major fault in the structural integrity and controls of the Merlin Platform. In the early hours of this morning the several members of the Back-End Team drained all of our Contracts."

The Merlin DEX had been audited by the CertiK security firm, which stated it was working with the remaining team members to try to trace the thieves. Meanwhile, they wrote that they would be working to compensate affected users.

Some didn't seem to buy the story that the theft was carried out by a few rogue developers, accusing the entire Merlin project team of rug-pulling.

CoinLoan suspends withdrawals

The Estonian crypto exchange CoinLoan announced they were immediately suspending all operations, including withdrawals. The action came after CoinLoan was declared insolvent by an Estonian court, which mandated they suspend activities pending permission from the court.

Protos speculated that the suspension could be related to Vauld, an exchange that collapsed last July. Vauld is rumored to have tens of millions of assets on CoinLoan.

The same day as Vauld's collapse, CoinLoan implemented a withdrawal limit of $5,000/day.

Binance cancels Voyager acquisition

After surmounting various obstacles to acquire the assets of the bankrupt Voyager Digital crypto lending firm, Binance.US abruptly backed out of the $1.3 billion deal.

Binance cited "hostile and uncertain regulatory climate" as its reason for calling off the acquisition. A recent lawsuit from the CFTC against Binance and its CEO Changpeng "CZ" Zhao likely contributed to the cancellation, as it seems clear that Binance is being increasingly scrutinized by US regulatory and law enforcement bodies.

The acquisition had been supported by a massive majority of Voyager creditors, who were looking forward to recovering 73% of their assets trapped on the platform. Now that number is uncertain, but likely to be a good deal lower. Attorneys for Voyager estimated the recovery now would likely be between 40 and 65%.

Ordinals Finance rug pulls for at least $1 million

Ordinals Finance was a short-lived project, emerging in late February with promises to help build out a defi ecosystem on the Bitcoin blockchain.

On April 24, the project developer withdrew 256 million OFI tokens and swapped them to ETH worth around $1 million. They then laundered the funds through the Tornado Cash crypto mixer. The project creator deleted the project's Twitter account and took down its website.

"First BRC-20 wallet" UniSat launches, is immediately exploited

Over on the Bitcoin blockchain, people are abuzz over the launch of "BRC-20": a similar concept to the ERC-20 token on Ethereum that allows people to create their own tokens. The standard, which first emerged in early March, is built atop the controversial Ordinals inscription technique that was developed in January. Coins including $ORDI, $PEPE, and $MEME have been created on a blockchain that previously only supported the Bitcoin token.

Not everything has gone smoothly, though. As developers rushed to release wallets to support these new tokens, the UniSat wallet claimed to be the first. However, shortly after it launched, the developers made the Chrome extension inaccessible. They later revealed that the code had contained a vulnerability that exposed it to double-spend attacks. "Currently, we have preliminary investigation results, and out of all 383 transactions, 70 transactions have been identified as affected," they wrote.

It's not yet clear how much was stolen, but the UniSat team promised to compensate affected users. They later tweeted that they had determined the identity of the thief, though the funds have not yet been returned.

€1.5 million stolen in celeb-backed French NFT rug pull that promised to make a movie called Plush

A 3D rendering of a brown fuzzy teddy bear, sitting, wearing a pink and zebra-print suit and hat, holding a spiral lollipopPlush #1253 (attribution)
Around 770 people were convinced to spend a combined almost €1.5 million (~$1.66 million) on NFTs of teddy bears, which sold for around €1,250 each (~$1,380). Buyers were told they would become "co-producers" of the Plush animated film, which would star Kev Adams and other French comedians as voice actors. Adams led the promotion of the NFT project, along with a mysterious figure called "Fabi". Other French celebrities and influencers were also involved in touting the project, and Bella Thorne and Amaury Nolasco were listed on the site as "US voices" for the project.

The NFT buyers — er, "co-producers" — were promised credit in the film credits, voting rights on the script, and a split of 80% of the profits. "Although there is nothing guaranteed, on average, you will make six to seven times what you put in 24 months. Which is huge, when you think, you go to the Caisse d'Epargne, a traditional bank, and you make less than 1% in the year," said one promotional video.

A report from French investigative newspaper Mediapart discovered that the project was backed by a Dubai-registered company called "Illuminart", which played on confusion between its name and that of the France-based Universal Studios subsidiary Illumination. An Illuminart marketing campaign even used Illumination titles, such as The Lorax, Minions, and Despicable Me, and their box office proceeds to suggest Plush buyers were in for a 516% profit.

Meanwhile, the project has gone silent, and its Twitter account last posted in September 2022. NFTs are no longer offered for sale on the official project website, and Illuminart's business license has expired.

Kyiv Post alleges misappropriation of funds by Ukraine DAO

The Ukraine flag2,258 ETH (~$4.2 million at today's prices) was raised via the sale of an NFT of the Ukraine flag (attribution)
Ukraine DAO is a project that emerged shortly after the Russian invasion of Ukraine, aiming to raise cryptocurrency funds to support Ukrainians. Despite the name, it is not a DAO in the typical sense where token holders have voting rights in the project. The initiative has raised millions in donations, and at least $5 million has gone to the Ukrainian government or legitimate charities. The group's website claims $7 million has been donated in total.

However, the Kyiv Post has recently been asking questions about the organization. Earlier in April, the newspaper published an article claiming that the group had fabricated its claims that it was supported by Ukrainian governmental bodies. Now, they've published another article claiming that at least $500,000–$700,000 of funds seem to have been misappropriated.

One point of contention has been that the organization claims that 100% of money raised is donated, but in reality the project leader Alona Shevchenko takes a $5,000/month salary. This led to a split between Shevchenko and Pussy Riot's Nadya Tolokonnikova, who had once been active in promoting Ukraine DAO.

The Kyiv Post has raised questions about other transactions from the Ukraine DAO wallet, which went to other leaders of the project, or to centralized exchanges.

Shevchenko a London-based Ukrainian, who has in the past led the FreeRossDAO — a project to raise funds to support Ross Ulbricht, the jailed creator of the crypto-powered darknet Silk Road marketplace. Shevchenko's most recent project is Iran DAO, which claims to support "Iran's women-led revolution".

Blur NFT platform bug allows old bids to be accepted

The Blur NFT marketplace appeared to become vulnerable to a bug in which old, canceled bids could still be accepted. This meant that people who had placed bids on NFTs when they were selling for higher prices, then canceled them, suddenly found those purchases going through — in some cases on NFTs that were selling for considerably less.

Blur disabled bid acceptance functionality while investigating the bug. Amusingly, this led people to begin placing huge bids they knew couldn't be accepted in order to farm Blur points, some kinds of which are awarded based on bids rather than purchases.

It's not clear how much money was lost due to the bug, but Blur cofounder "Pacman" announced that "any losses will be refunded once the issue is resolved".

Crypto researcher identifies massive wallet draining operation

Crypto researcher Tayvano posted a Twitter thread about a massive, mysterious wallet draining operation that has siphoned more than 5,000 ETH (~$9.88 million at today's prices) as well as other tokens and NFTs from wallets across more than eleven blockchains since December 2022. The operation appears to target more sophisticated crypto users, but the mechanism of attack is unclear. The researcher hypothesized that "someone has got themselves a fatty cache of data from 1+ yr ago & is methodically draining the keys as they parse them from the treasure trove", but emphasized that that was only speculation.

Co-founders of company best known for Bella Hadid NFTs begin $77 million court battle against each other

3-D artwork of a humanoid robot shaped like a woman, all white with a red circle on the chest, wearing a bomber jacket with "Japan" on the arm. The robot has Giga Hadid's face, which is wearing a futuristic visor and earphones. The background is the Japanese flag.A "Cy-B3lla" NFT (attribution)
Krzysztof Gagacki and Edmond Truong are co-founders of Rebase.gg, some sort of augmented reality app where people go hunting for NFTs. They're best known for helping to create a "Cy-B3lla" NFT collection with model Bella Hadid, which launched in mid-2022. Speaking about skepticism of celebrity NFT projects to Vogue in June 2022, Hadid said, "Where that skepticism comes from is the people who just want to have a money grab. To me, it’s so much bigger than that. I want it to be a collective. It’s not a one-stop shop—this is a real passion."

Although the project promised to provide ongoing access to Bella Hadid and various other perks, the project website has already dropped offline, the Twitter account hasn't posted since October 2022, and the Discord is a ghost town save for occasional questions about whether the project is dead. Hadid made $1.5 million for her involvement in the project.

Things at Rebase seem to have devolved, because now Gagacki has filed suit against Truong, alleging that he "has gone rogue". The suit alleges that Truong tried to oust Gagacki from the company, stole around $2 million from a shared wallet, and damaged Gagacki's reputation. In particular, Gagacki is concerned that Truong is attempting to launch the project on the Arbitrum network without Gagacki's involvement, and that tokens minted there "could reach many times over the Rebase app's last round valuation of $150,000,000" without being shared with Gagacki.

Altogether, Gagacki is claiming damages of no less than $77 million, representing the stolen funds, the value of the app, and the profits from the possible Arbitrum deal.

SEC charges Bittrex with operating an unregistered exchange

Several weeks after Bittrex announced it would be winding down its US operations by the end of April, citing the US "regulatory and economic environment", the SEC filed charges against the company and its co-founder and former CEO William Shihara for operating an unregistered national securities exchange, broker, and clearing agency.

The complaint also alleges that Bittrex and Shihara had coordinated with token issuers to dodge potential SEC action by having them remove public "problematic statements" predicting price, describing an expectation of profit, or describing offerings in terms of investments.

Hundred Finance exploited for $7.4 million

An attacker was able to manipulate the exchange rate between tokens and their interest-bearing equivalents on the Hundred Finance system on the Optimism layer-2 network, ultimately siphoning around $7.4 million from the project.

Hundred Finance announced that they were trying to communicate with the attacker to try to convince them to return some of the funds.

This was not the first exploit to impact Hundred Finance: in March 2022, both Hundred Finance and Agave Finance were targeted with a flash loan attack by a hacker who stole a total of $12 million from the two projects.

Bitrue crypto exchange hacked for $23 million

The Singapore-based Bitrue crypto exchange suffered a hack on April 14 in which attackers siphoned tokens including Ethereum, Shiba Inu, and MATIC (the token for the Polygon network). Altogether the stolen funds were estimated at around $23 million.

Bitrue didn't release details on how the attack had been achieved, but explained that one of their hot wallets had been impacted. They announced that they would be pausing withdrawals for several days as they investigated the incident, and that they would be compensating affected users.

NFT collector Franklin claims to have been scammed for 2,000 ETH ($4.2 million)

A gold-furred illustrated ape wearing a red visor and red shirt resembling a foodservice uniform. Its eyes are closed and it's on a grey backgroundBored Ape #1726, used by franklinisbored as a profile picture (attribution)
Franklin, aka franklinisbored, has come to be known as one of the most prolific collectors of Bored Apes. At times, he's held more than fifty of the NFTs, and he can often be spotted snapping up cheap apes. However, on April 13 he sold quite a few of his collection.

Franklin disclosed on Twitter that "Due to an unfortunate IRL issue, I have had to sell off a lot of BAYC apes to pay off BendDAO loans while the liquidity was available". He had recently sold 27 of the Bored Apes. He later wrote, "I got rug pulled on an investment I put almost 2000 ETH into, thinking it was credible due to who else invested (not naming anyone for privacy reasons). Someone used our $$ as a casino gambling Ponzi and flushed it down the drain. Please learn any lessons possible from this." 2,000 ETH is worth around $4.23 million at today's ETH prices.

People immediately began to speculate about what project he could be referring to. Some wondered if perhaps he was trying to cover up losses on the Rollbit crypto casino, which he was known to use, and where he could be observed on-chain depositing more than 6,000 ETH (~$12.7 million) since the beginning of the year alone. Later in the day, he wrote another tweet: "For partial transparency: My personal PnL [profit and loss] of my Rollbit gambles is about -650 ETH total. So yes I lost a lot of money myself on Rollbit, but that didn’t require me to sell off today." At today's prices, 650 ETH is around $1.375 million.

Franklinisbored expressed that he would be taking a break from NFT trading and social media following the incident: "I won't get involved in NFT trading/twitter for a while, and will just focus on my private life for the time being with my remaining apes."

Yearn Finance exploited for more than $11 million

A bug in a token issued by the Yearn Finance defi protocol resulted in a loss that has been estimated at around $11.6 million. An attacker was able to use a 10,000 USDT deposit to mint more than 1.2 quadrillion yUSDT, a wrapped version of the Tether (USDT) stablecoin. Losses were limited somewhat by the fact that only older versions of the Yearn protocol were vulnerable to the bug, and the version had been "frozen" since December 2022.

The attacker began swapping tokens out for other stablecoins shortly after the exploit, moving them into lending projects like Aave and laundering them through the Tornado Cash cryptocurrency mixer. There were early concerns that Aave itself was impacted by an exploit, but it was later clarified that Aave had simply been used to swap tokens involved in the Yearn exploit, and did not appear to itself be vulnerable.

This is not the first exploit involving Yearn Finance, which was hacked for $11 million in 2021, and which lost around $1.4 million in connection to the massive Euler Finance attack in March 2023.

Nicole Behnam pumps and dumps: "There were mistakes made in a wallet that I controlled"

A poorly drawn pixel art shiba inu dog with half-lidded eyes, a shiny black pompadour, and its tongue sticking out, holding some sort of wire with red, green, and blue ends in its paw.Blocky Doge 3 #8691 (attribution)
New passive voice Hall of Fame contender just dropped: "There were mistakes made in a wallet that I controlled." You would think someone who got their start as a writer might know better.

Writer, journalist, and now web3 influencer Nicole Behnam helped pump Dogecoin founder Billy Marcus' new free-to-mint "Blocky Doge 3" NFT project, writing on Twitter, "No roadmap or utility? I'm in 👀" and talking it up on large Twitter spaces. A wallet belonging to her then received 250 NFTs from Marcus early on, then dumped around 220 of the NFTs on the market all at once, tanking the secondary market price while earning her around 20 ETH (~$38,000). At the moment, the NFTs are selling for an average of 0.031 ETH apiece (~$59).

After being found out, she wrote on Twitter that "There were mistakes made in a wallet that I controlled," but claimed that she had tried to make it up by returning the profits and buying up low-priced NFTs. "How the last 24 hours went down was not cool and I’m doing my best to rectify the situation," she wrote. "Listening, learning, moving forward." Shortly afterwards, she was removed from a "NFT100" list that had published only days prior by NFT Now, for what they described as violations of their ethics policy.

Ren Protocol transfers all assets to FTX bankruptcy team

In February 2021, the Ren project announced that it had been acquired by Alameda Research so that Alameda could "[help] accelerate the decentralisation" of the project.

Now, the Ren team has announced that they have transferred all assets on the Ren Protocol "to the FTX Debtors' cold storage wallets for safeguarding".

The announcement mentioned "possible shutdowns of infrastructure and systems," possibly referring to Ren's plans — announced shortly after the FTX collapse — to "move on from Alameda" by launching "Ren 2.0" and sunsetting the 1.0 version. However, there has been little public evidence that Ren 2.0 has been progressing.

Goblintown NFT images all changed to an illustrated middle finger in protest about royalties

An illustration of a middle finger with legs, and with other middle fingers emerging from where its hands and genitals would be. At the top of the image reads: "Fuck royalties. Fuck supporting building and creatives. Flipping is the heart of what makes Web3 special. Honor the flipper, fuck the community. Long live the slow rug." At the bottom: "Goblintown, Illuminati, The187, and Grumpls will be migrating to new contracts before Monday the 17th of April. All holders will be airdropped identical replacement NFTs."New Goblintown artwork (attribution)
There has been an ongoing controversy in the NFT world over creator royalties. Although NFTs are often talked up as being good for artists because they enable royalties to be paid even after the initial sale, these payments are rarely enforced by the smart contract and are instead up to marketplaces to enforce. In the last six months or so, NFT marketplaces have emerged that follow a "royalty optional" model, sparking a race to the bottom where OpenSea and other incumbents have also cut royalty protections to remain competitive.

Although NFTs are often thought to be immutable, permanent links to their associated artwork, that's often not the case in practice. Many NFTs store metadata off-chain, or otherwise enable after-the-fact changes.

Goblintown is a collection of NFTs that launched in May 2022, quickly going viral and sparking a phenomenon of Twitter spaces where members spent hours making goblin noises into their microphones. Originally free to mint, the NFTs began selling for thousands of dollars on the secondary market. Now they trade for around 0.38 ETH (~$800) apiece.

In an apparent protest against the willingness of traders and marketplaces to stop honoring royalties, Truth Labs (the group behind Goblintown) changed the artwork for Goblintown and all of their NFT collections to an illustration of a dancing middle finger, with smaller middle fingers emerging from where its arms and genitals would be. The new image reads, "Fuck royalties. Fuck supporting building and creatives. Flipping is the heart of what makes Web3 special. Honor the flipper, fuck the community. Long live the slow rug." At the bottom, the image states: "Goblintown, Illuminati, The187, and Grumpls will be migrating to new contracts before Monday the 17th of April. All holders will be airdropped identical replacement NFTs." The new NFTs will enforce royalties on-chain, preventing marketplaces from allowing users to circumvent them.

Some embraced the new NFTs, while others accused Truth Labs of "rugging". Some people were horrified by the fact that NFTs that they owned could be changed after the fact without their consent, a fact they were not previously aware of. One owner wrote, "So your telling me I spent $1,000s of dollars and have 10 goblintowns for them all to now be dudes shaking their weiners?"

Niantic shutters its web3 project after less than six months

A digital rendering of a foil-wrapped packet of trading cards, in gold and black. The logo says "Ingress 2022 Epiphany Dawn".Ingress Trading Post card pack (attribution)
Niantic, the creator of the popular Ingress and Pokémon Go augmented reality games, announced it will be shutting down its "Trading Post" product for NFT trading cards that it had launched only months before. "Trading Post was an experimentation effort to explore the world of digital collectibles, and while we believe that web3 has the potential to create meaningful experiences in the future, we plan to shift focus to other priorities," they wrote. Owners of the NFTs were told they have sixty days to "download" their cards, and that trading would be disabled in 30 days.

The announcement seemed to come as a relief to many in the Ingress community, with commenters remarking on the "scammy" nature of NFTs. Some wrote that they liked the idea, but that the web3 factor felt like it was "shoehorned" in. "I'll miss the Trading Post, please never bring NFTs or in fact any blockchain into future projects, or if you do at the very very least make it actually matter to the thing it's being put into, but still preferably just don't," said one.

GDAC exchange hacked for assets notionally worth more than $14 million

Hackers made off with 61 BTC, 350.5 ETH, 10 million WEMIX, and 220,000 USDT from a hot wallet belonging to the South Korean cryptocurrency exchange GDAC. Altogether, the assets are notionally worth around $13 million. The stolen assets represented 23% of funds custodied on the GDAC exchange.

GDAC halted deposits and withdrawals shortly after the attack, and stated that they had reported the exploit to South Korean law enforcement to investigate.

Terraport Finance hacked for $2 million less than two weeks after launch

Terraport Finance is a defi project built on, believe it or not, the Terra blockchain. Yes, the same Terra blockchain on which the Terra/Luna projects were built. Despite the massive collapse of the flagship project in May 2022, there are still a number of Terra projects operating, and even some new projects being developed.

Terraport Finance launched on March 31, apparently having gone live without any sort of audit. On April 10, Terraport disclosed that an attacker had apparently managed to drain all project liquidity pools, making off with assets priced at around $2 million.

Trader loses 14,377 $APE (~$61,000) when they sell their Bored Ape

An illustration of an ape with cream colored fur, wearing a hawaiian shirt on an orange background.Bored Ape #7810, who came with a $60k bonus (attribution)
The former owner of Bored Ape #7810 presumably intended to agree to sell the ape to another buyer for 70 ETH (~$130,900). However, it's unlikely they intended for that buyer to also be able to access the staked $APE they had accrued. With this particular staking mechanism, the Bored Ape effectively serves as the "key" to the staked ApeCoin, and so it transferred to the NFT's new owner right along with the NFT.