NFTPerp blows up

A project called NFTPerp was, as the name suggests, a perpetual futures exchange for NFTs, allowing people to take long or short positions against NFTs. It relied on a vAMM — virtual automated market maker — which essentially simulates liquidity without there being any real money in the system. Such a system can be thrown out of whack if there is imbalance in the positions people are taking — for example, if everyone tries to go short on NFTs in a brutal bear market.

So anyway, that's exactly what happened. NFTPerp announced that they would be sunsetting their popular beta project after accruing bad debt.

How they're going about it has been controversial among the successful traders on the platform: essentially, those who were in profit will lose their unrealized gains, while those who had lost money in their trades will have their losses waived. "Nftperp stealing profits from winner [unrealized profit and loss] to backstop losers UPNL is insane to me", wrote one commenter. Another wrote, "If anyone else is considering NFT perps, please have the 'what happens when the illiquid market goes to zero overnight' plans clearly in place from the beginning."

Not to be deterred, the team is already preparing to launch a "v2". May it go as well as their first attempt.

Trader loses $213,000 to phishing scam, blames Twitter

Twitter reply by an account called "@burntteoast", advertising a link to a supposed "Doodles 2" projectDoodles scam (attribution)
Crypto personality LoveMake.eth wrote a Twitter thread about how they fell victim to a phishing scam in which an account appearing to belong to the cofounder of the popular Doodles NFT project advertised a fake project in the replies to a thread by a real cofounder. The Twitter account appeared to be Doodles' cofounder burnttoast, but the handle was actually burntteoast. LoveMake connected their primary wallet, which was immediately drained of 61.5 ETH (~$120,000) and $93,400 in the Tether stablecoin.

LoveMake wrote on Twitter that "I am dyslexic and didn't notice that the Burnt Toast acc was scam. It was very similar to the original & Verified." They appeared to blame Twitter's new verification process, writing, "@Twittersupport can you explain the meaning of the word 'verified'? we're waiting for days every time we change pfp or display name and then I got scammed by verified account with exact the same name and pfp as Doodles founder in million views thread?"

Several days later, they posted a thread again criticizing the prevalence of crypto scammers on Twitter. "I put millions $ into web3 projects, with over 90k$ into Twitter ads. I was rugged many times and finally robbed but not broken. Thanks to twitter the most profitable web3 activity now is a scam. Shouldn't Twitter pay more attention to its own security?"

Angry over the Azuki Elementals fiasco, Azuki holders form a DAO and immediately get exploited

After paying nearly $40 million for a new set of Azuki NFTs, the Azuki community is pissed that they were "dilutive" near-copies of the original Azuki collection. To fight back against the perceived "blatant scamming" by the Azuki creators, holders claiming to have collectively spent millions on Azuki projects formed an Azuki DAO. The DAO created a governance token, $BEAN, which it distributed to Azuki NFT owners. The DAO then embarked on a vote to hire a lawyer, sue Azuki's creator, and demand a refund of the 20,000 ETH (~$38 million) collectively spent on Elementals NFTs.

However, shortly after the DAO was created, the governance token was exploited. Attackers were able to take advantage of a flaw in the smart contract, with two exploiters stealing around 35 ETH (~$69,000). The DAO paused the contract to prevent further thefts.

File this one under "adding insult to injury".

Encryption AI rug pulls for $2 million, developer allegedly blames gambling addiction

A project called "Encryption AI" promised a Telegram bot that would provide a "secure and efficient way to launch tokens". People poured in around $2 million before the developer suddenly withdrew all the funds, crashing the token price by 99%.

The developer reportedly posted a message to Telegram, apologizing for taking the funds. "I must confess that I have fallen into a severe addiction to online gambling and casinos," the developer reportedly wrote. "Despite being only 22 years old, I have struggled to overcome this addiction, and unfortunately, I have lost nearly $300,000 over the past few months, including after the launch of [Encryption AI]."

They added, "Although I cannot guarantee when or if I will be able to make amends and relaunch [Encryption AI], I promise that I will make every effort to become a better person." Oh, well, in that case.

Poly Network exploited again

The name Poly Network may ring a bell, because in August 2021 they were exploited for an (at the time) record-setting $611 million.

Now, it's happened again, and some reports are throwing around even more massive numbers like $42 billion. In reality, the exploiters were able to mint massive quantities of tokens on multiple networks, with their wallet balances showing numbers in the billions. However, complete lack of liquidity for these tokens meant their "billions" are worth substantially less.

According to crypto research firm Beosin, the attackers have so far cashed out around 5,196 ETH (~$10.1 million) in liquid assets. Poly Network suspended services shortly after the attack.

Kraken ordered to turn over user information to U.S. tax investigators

Bad news for wealthy crypto traders on Kraken, who previously might have hoped to evade paying taxes on their past crypto trades. A judge has ordered the exchange to turn over information to the U.S. Internal Revenue Service on users who engaged in at least $20,000 in trades in any year between 2016 and 2020.

Although Kraken argued against the order, describing it as an "unjustified treasure hunt", the judge determined that the IRS was justified in its request, and ordered Kraken to cough up the records. The IRS alleged that although the exchange has more than 4 million users, and has processed $140 billion in trades since its inception in 2011, only 288,330 of those users have filed tax returns.

Huobi patches massive vulnerability after researcher allegedly tries for a year to disclose it

After the Huobi crypto exchange (finally) fixed a massive vulnerability, researcher Aaron Phillips published a blog post explaining what he had found. According to Phillips, two years ago, the exchange accidentally published a file containing Amazon Web Services (AWS) credentials, which could have allowed a bad actor to modify content on their websites and in their CDN, distribute malicious versions of their Android app, access user data and "whale reports" on high-value users, access OTC trade records and user data for OTC traders, and "carry out the largest crypto theft in history". "I had full control over data from almost every aspect of Huobi's business," wrote Phillips.

According to Phillips, it took months before he was able to get in touch with Huobi and convince them to act on the leak. Phillips first notified Huobi of the leak in June 2022, and after repeated efforts to contact the company, the credentials were only revoked in June 2023.

Huobi has tried to downplay the hack, first stating that the user data leak was "on a small scale (4,960 individuals)" and "does not involve sensitive information and does not affect user accounts and fund security". They also claimed the leaked OTC data was test data. "The log shows that only [Phillips] has downloaded, and [Phillips] has also stated that he has deleted. Therefore no leakage is actually caused," they wrote.

According to CoinGecko, Huobi is the seventeenth-largest cryptocurrency exchange by volume.

Cardinal Labs shuts down

A little less than a year after raising $4.4 million in seed funding to build a Solana NFT protocol that allowed for NFT rentals and other such things, Cardinal Labs has announced they're shutting down.

"Product market fit continues to be difficult to find, and the reality is that members of our team are feeling the itch to explore other pursuits," they wrote. "We’d hoped that by now the rest of the world’s industries would have begun adopting blockchain tech at a larger scale, but that still feels a ways away."

Azuki community pays $38 million for recycled artwork that immediately drops in value

Two NFTs side-by side. Both depict anime style women, in profile, with long pink hair and a weapon over their shoulder, with a flower in their hair.Azuki and Azuki Elementals NFTs (attribution)
The blue-chip "Azuki" NFT brand opened sales on June 27 for its latest NFT collection, a 20,000-piece project called "Elementals". Eager to get in on the Azuki action, people snapped up the 2 ETH (~$3,750) NFTs, netting Azuki 20,000 ETH (~$38 million) in primary sales alone. All NFTs were sold in the presale, meaning only existing holders of Azuki NFTs were able to buy in to the new project. As is somewhat common, the artwork itself was not visible prior to sales, meaning people bought the NFTs without knowing what they would look like until the art was revealed.

The mint itself was plagued with issues, with many collectors complaining they weren't able to buy NFTs due to technical difficulties. A team member apologized for the issues, writing that they were "gutted over what happened" but that "we have an amazing reveal experienced planned that will kick off soon".

When the reveal happened, people were disappointed to say the least. They expected a unique look that would not "dilute" the value of the original Azuki collection, and were met with what many feel is a low-effort clone of the original Azukis. Some observed NFTs in the Elementals collection that appeared to be direct duplicates of ones in the original collection, which Azuki later wrote was a "technical glitch" that was quickly corrected. The floor price of the Elemental NFTs, as well as those of other Azuki projects, immediately suffered. While people paid 2 ETH for the NFTs, they're now going for 1.5 ETH (~$2,825) at floor, a 0.5 ETH (~$925) loss. The floor price of the original Azuki collection tanked from ~15 ETH (~$28,200) to ~9 ETH (~$16,920), a 6 ETH ($11,280) loss.

Azuki wrote an apologetic thread on Twitter, writing that they had "missed the mark... the mint process was hectic, the PFPs feel similar and, even worse, dilutive to Azuki." Perhaps they will wipe their tears with some of the 20,000 ETH they're sitting on.

Themis Protocol hacked shortly after going live

Themis Protocol is a lending platform that has had somewhat of an excruciating rollout, with users waiting ever longer for the platform to finally go live as they endured multiphased airdrops but no usable product. On June 16, the project finally launched in beta on Arbitrum, an Ethereum layer 2.

Only eleven days later, on June 27, the team boasted that the project "has grown to over $1m TVL in 2 working days". An hour after that, they announced that they would be suspending the protocol and beginning an immediate investigation into an apparent theft. Themis boasts in its documentation that "security is the highest priority" of the project, and lists multiple audits from PeckShield.

An attacker was apparently able to exploit the project, draining around 220 Themis-wrapped ETH (nominally worth ~$417,000). Due to liquidity issues, they could only swap these for around 94 ETH (~$178,000) and almost $190,000 in stablecoins, for a total haul of around $368,000.

Chibi Finance rug pulls for $1 million

Chibi Finance was a defi project built on the Arbitrum Ethereum layer 2 network. Its Twitter bio described the project as "ChibiVerse For Chads, by Chibis. Compound dem yields!" What's not to love.

On June 27, the developers set the governance role to a malicious smart contract, which used a "panic" function to withdraw funds from the Chibi project. They then quickly swapped the funds to 555 wETH (~$1.05 million), bridged them to the Ethereum main chain, and laundered them through Tornado Cash.

Chibi Finance has since deleted its website and Twitter profile. Meanwhile, some crypto influencers who had promoted the project caught heat for doing so.

Prime Trust placed into receivership

Nevada's Financial Institutions Division and the Prime Trust crypto custodian requested that Prime Trust be placed into receivership, according to the NFID. A week earlier, the NFID had issued a cease and desist, ordering Prime Trust to halt operations and alleging that the company was insolvent.

In the filing, NFID alleges that Prime Trust discovered in December 2021 that it couldn't access some customer wallets, and so "purchased additional digital currency using customer money from its omnibus customer accounts" in order to satisfy withdrawals from said wallets.

Prime Trust reportedly has liabilities of around $82.8 million in fiat currency, plus another $860,000 of digital asset-denominated liabilities. "[Prime Trust] is in an unsafe financial condition and/or is insolvent. Additionally, [Prime Trust's] condition will only progressively worsen as customers continue to withdraw," wrote the regulator.

Eco-travel company We Are Bamboo loses millions of customer funds gambling on crypto

New Zealand-based We Are Bamboo may have been an ethical travel company, but they certainly weren't an ethical handler of customer funds. In late October 2022, the company abruptly announced it would be closing up its eco-travel business — without refunding customer funds due to the force majeure clause of the contract.

Now, a report from the New Zealand Herald suggests that the company's director Colin Salisbury took more than NZ$3.24 million (~US$2 million) in customer funds, put it into multiple cryptocurrency platforms over a period of almost two years, and lost it all. Another ~US$800,000 was lost in at least four fraudulent crypto platforms which just "ceased to exist".

We Are Bamboo tried to blame the collapse of their business on the COVID-19 pandemic and on a group of customers whose "actions and online influence have broken us". "Our intentions here are not to play the victim but simply share with you the levels to which this group has gone to ensure our downfall, and made it their sole purpose to attack us, our families, our staff, and our customers with the intent to destroy Bamboo," they wrote. However, a liquidator in the We Are Bamboo bankruptcy says they discovered the cryptocurrency transactions, which explained the true demise of the company.

Salisbury reportedly engaged in the crypto trading because he was concerned that the US dollar might lose value. Guess he found out the hard way what crypto could do for the value of his customers' funds.

Former NRL star and convict Jarryd Hayne reportedly loses more than $500,000 to a Bitcoin scam run by fellow inmate

Photograph of Jarryd HayneJarryd Hayne (attribution)
Quick tip: if you're in jail and a fellow inmate who is serving twelve years for running a Ponzi scheme asks you to invest in a Bitcoin scheme, don't do it. Then again, on the list of "things Jarryd Hayne shouldn't have done", this ranks fairly low.

Jarryd Hayne is a convicted rapist once known for his careers in rugby league and, briefly, American football. He's serving several years in jail, after being convicted of rape, winning an appeal, being retried, and once again being found guilty.

Hayne is one of several inmates apparently convinced by the Ponzi schemer inmate, Ishan Seenar Sappidee, that he could make them massive returns. Hayne provided around AU$780,000 (~US$521,000) in Bitcoin to the enterprising inmate, who apparently amassed more than AU$2 million (~US$1.3 million)from at least seven inmates.

Alleged SpireBit crypto scam loses one senior his life savings

According to a report from NPR, a crypto investment scam called SpireBit drained the life savings of a 74-year-old man in California. The scheme followed a familiar pattern: an online ad followed by some personalized recruiting convinced the man to put a relatively modest sum into an online account with a platform supposedly showing his crypto investments. After seeing those investments skyrocket, the man was convinced to put in more and more money, seeing massive returns. Only once he had put in his life savings did he try to withdraw, and discovered he could not. Ultimately, he realized the platform was a sham.

SpireBit claimed to be partnered with established companies within and outside of the crypto ecosystem, and took on the name of a real company as its supposed "parent" firm. Its online footprint was convincing at a glance, but a little digging revealed LinkedIn profiles using stock photos as portraits.

After NPR began poking around, the UK's Financial Conduct Authority issued a warning that SpireBit "is an unauthorised firm that uses the details of a genuine FCA-regulated firm when offering products and services. This makes the unauthorised firm appear as if it is regulated."

NPR could not determine how many people had fallen for the scheme, or how much money had been lost in total.

Binance ordered to halt operations in Belgium

Belgium's Financial Services and Markets Authority alleged on June 2023 is violating prohibitions against "offering and providing exchange services in Belgium between virtual currencies and legal currencies, as well as custody wallet services, from countries that are not members of the European Economic Area". The regulator ordered Binance to immediately stop providing "any and all such services" in the country.

The regulator also demanded Binance return all crypto assets to customers, or transfer them to a company authorized in Belgium. They also noted that "The Crown Prosecutor of Brussels has been informed of the acts that are liable to constitute a criminal offence."

$1.25 million stolen in 2 months in Polygon NFT phishing scheme

A phishing scam in which scammers airdropped fake NFTs impersonating real projects has landed the scammers around $1.25 million in the last two months. The scammers have created more than 1,350 fake NFTs appearing to come from real projects including RocketPool, ApeCoin, Polygon, Uniswap, and Aave, then airdropped them to more than 500,000 wallets. When they viewed the NFTs, the victims were directed to phishing sites where they signed malicious signatures.

Around $1.25 million in various assets have been stolen thus far, with the largest single loss exceeding $150,000.

Former Home Improvement child star Zachery Ty Bryan accused of crypto scamming

Headshot of Zachery Ty BryanZachery Ty Bryan (attribution)
What is it with former child stars and the siren song of crypto? Zachery Ty Bryan, who played Brad on the sitcom Home Improvement in the 90s, got rich when he used his earnings to buy in early to Bitcoin thanks to a tip from fellow child star-turned-crypto-mogul, Brock Pierce. Then, he got into selling fake tokens that he said were connected to an agricultural scheme called "Producers Market", which promised to help farmers by "connecting farmers and makers directly to you".

The project was real, and they had in fact brought on Bryan as an advisor and investor. Bryan later stated in a YouTube video that he had "[taken] the majority of my Bitcoin and rolled it into this technology". However, the firm scrapped its plans for an initial coin offering in 2019. Despite this, Bryan continued pitching the ICO to friends and family with the promise of big returns. One investor, a college student, he reeled in after matching with her on the dating app Bumble. Various sources told The Hollywood Reporter they'd lost between $5,000 and $25,000, for a total of almost $50,000.

In October 2020, Producers Market cut ties with Bryan. This coincided with Bryan being arrested for felony strangulation and other charges in regards to a drunken assault on a girlfriend, which he later pled down to misdemeanor menacing and fourth-degree assault.

Ponzi scheme promising a blockchain app to identify dogs by their nose-prints scams investors out of $127 million

A company that promised an app that could identify dogs by their nose-prints — built on the blockchain, of course — has been alleged by South Korean police to be "a typical Ponzi scheme" that lured investors with promises of up to 150% returns in 100 days. The company raised around ₩166.4 billion (~$127 million) from approximately 22,000 people. The victims, according to Korean police, are mostly "in their 60s or older with no expertise in cryptocurrencies".

As for the noseprint reader, well, it was found to be a fake product that (shockingly) didn't use a blockchain at all. The company had also promised to build "theme parks for pets", but had not leased any of the sites it had identified.

Prime Trust is insolvent

The Nevada Financial Institutions Division issued a cease and desist to the Prime Trust crypto custodian. Earlier in the month, the apparently embattled Prime Trust signed a non-binding letter of intent of acquisition with BitGo, but BitGo announced the deal was off on June 22. The same day, Stably announced that they had received a letter from Prime Trust announcing that deposits and withdrawals would be halted, which attributed the move to an order from the NFID.

Now, the cease and desist, filed June 21, has become public. It alleges that "the overall financial condition of [Prime Trust] has considerably deteriorated to a critically deficient level" and that "On or about June 21, 2023, Respondent was unable to honor customer withdrawals due to a shortfall of customer funds". The NFID alleged that Prime Trust "has materially and willfully breached its fiduciary duties to its customers by failing to safeguard assets under its custody and is unable to meet all customer disbursement requests."

Prime Trust had been a partner of the TrueUSD stablecoin, which halted minting on June 10 for undisclosed reasons.

Prime Trust halts withdrawals as acquisition falls through

The planned acquisition by BitGo of the Prime Trust crypto custodian fell through on June 22, as BitGo announced that they had "made the hard decision to terminate its acquisition" after "considerable effort and work to find a path forward". BitGo had announced its intention to acquire Prime Trust on June 8.

Shortly after BitGo's announcement, Prime Trust client Stably announced that they had received a letter from Prime Trust announcing that deposits and withdrawals would be halted. Prime Trust stated that the halt was by order of the Nevada Financial Institution Division, which had been issued the previous day.

Web3 influencer Elena tries to sell NFT collection of stolen art

Pixel art of three test tubes containing green, pink, and gold liquid on a dark purple background. On the right is a screenshot of identical pixel art from vecteezy.com Atomic Ordinals NFT on left; source of stolen artwork on right (attribution)
Web3 influencer Elena announced she would be launching an NFT collection titled "Atomic Ordinals", which would be inscribed on the Bitcoin blockchain. She claimed that the 200 images "fus[ed] my love for medicine and artistic expression fueled by a passion for emerging tech and education." She wrote, "I've spent countless hours pouring my heart and soul into each piece 🥺" The NFTs were set to mint for 0.05 BTC, meaning the collection would have earned her around 10 BTC ($300,000) if it minted out.

As it turned out, Elena had actually directly copied the pixel art from various sources. When accused of copying it, she published a screen capture video claiming to show that she had created the artwork "pixel by pixel", but people were quickly able to find the true sources of the artwork.

Eventually, she came as close to an admission as she is apparently going to get in an announcement that she would be pausing the sale: "I have heard your concerns about the art and I will be working to fix the file quality and any images that might be seen as 'copied' as they were only retraces and I never had any ill intent whatsoever."

Binance cancels registration in the United Kingdom

Binance's footprint is shrinking even further, as the company has canceled its registration with the United Kingdom's Financial Conduct Authority (FCA). This means that the company will not be able to perform any regulated activities in the country.

Binance had applied for registration after being warned by the FCA in July 2021 to seek registration before launching its business in the region.

Since the beginning of June, Binance has also announced it will exit the Netherlands and Cyprus amid regulatory issues.

Financial Times alleges Crypto.com is trading against its own customers

A report out of the Financial Times alleges that the Singapore-based Crypto.com exchange runs proprietary trading and market making teams. This is a controversial activity — though not uncommon in the crypto world — because of the conflicts of interest that are introduced when these functions are combined with those of an exchange. Speaking to CNBC about similar activities by other exchanges, US SEC chair Gary Gensler said, "These trading platforms, they call themselves exchanges, are commingling a number of functions. In traditional finance, we don't see the New York Stock Exchange also operating a hedge fund, making markets."

Sources cited by the FT allege that Crypto.com made "absolutely dramatic sworn statements that Crypto.com was in no way involved in trading" to other trading houses, and claim that employees were asked to lie about the existence of internal market makers. Crypto.com has refuted these allegations, and acknowledged that they run a market maker.

"This is not a controversial practice," Crypto.com said about the controversial practice.

Machi Big Brother sues zachxbt

A grey outline of a penguin with four eyes, on a black backgroundzachxbt's avatar (attribution)
Crypto personality and creator of C.R.E.A.M. Finance Jeffrey Huang, aka "Machi Big Brother", has filed a defamation lawsuit against crypto sleuth zachxbt. Huang alleges that zachxbt has defamed Huang with false claims via a Medium article that accuses Huang of multiple pump-and-dump schemes that enriched Huang to the tune of 22,000 ETH (~$38 million at today's prices).

Huang is also annoyed at zachxbt's observations about the multiple hacks of C.R.E.A.M. Finance, which zachxbt wrote had been exploited three times "due to negligence". "Putting aside that Cream Finance was exploited two, not three times", Huang hilariously writes in the lawsuit, taking issue with the fact that zachxbt supposedly intentionally omitted that some funds were returned and that Huang claims to have been no longer involved with the project by that point. It's not made clear in the lawsuit which of the three hacks recorded on Web3 is Going Just Great — to the tune of $37.5 million (February 2021), $25–30 million (August 2021), and $130 million (October 27, 2021) — supposedly didn't happen.

Wyre finally shuts down

The crypto payments platform Wyre finally announced they would be winding down "due to market conditions". This came after a January announcement from the CEO, where it was not entirely clear whether the company was shutting down or just massively "scaling back".

Wyre had been a partner of Binance US, through which Binance was able to accept USD deposits. However, Binance US is now the target of SEC regulatory action, and has suspended US dollar deposits. Wyre wrote in their announcement that the closure "is not due to any regulatory agency direction". Sure thing.

Binance to leave the Netherlands after failing to obtain license

As they are wont to do, Binance set up shop in the Netherlands without getting permission from the country's regulators. However, after being warned and then fined €3.3 million (~$3.35 million) in January, they apparently finally decided it was time to try to comply with requirements.

Sadly for them, they were unable to obtain a VASP registration in the country, and their "many alternative avenues to service Dutch residents in compliance with Dutch regulations" didn't pan out either. They announced that, effective immediately, they would no longer be accepting new customers from the region. Existing customers in the country will soon be only able to withdraw assets, and will not be able to purchase assets or trade on the platform.

Binance US cuts staff following SEC lawsuit

The US arm of Binance has cut around 50 positions, amounting to approximately 10% of its US employees. In a message to employees, Binance.US CEO Brian Shroder explained, "Because of our preparation for a prolonged and very costly legal battle, the Board asked Management to right-size our organization and reduce our burn rate to ensure long-term viability".

Shroder is, of course, referring to the recent lawsuit from the SEC as well as a lawsuit from the CFTC that was filed in March.

Binance looks to exit Cyprus

Although Binance's Cyprus arm was only registered in October 2022, the company is already looking to deregister in the country. According to Binance, they're pulling back in smaller EU countries in order to "focus on our efforts on fewer regulated entities in the EU", where they will need to come into compliance with the recent MiCA legislation by the time it comes into effect.

CoinEx settles with New York for $1.7 million

The Hong Kong-based cryptocurrency exchange CoinEx has agreed to pay $1.17 million in refunds to investors and $600,000 in penalties for failing to register as a securities and commodities broker-dealer and for falsely representing itself as a crypto exchange. The lawsuit was initially filed in February, and alleged that the company "engaged in repeated and persistent fraudulent practices".

The company is also banned from operating in the state going forward. The agreement requires CoinEx to implement geoblocking to prevent people with New York IP addresses from accessing the platform, and prohibits the company from creating new accounts for US customers or allowing US customers to do anything other than withdraw their assets.

FPG halts withdrawals after $15–20 million hack

The institutional cryptocurrency broker Floating Point Group (FPG) announced to customers on June 14 that they would be suspending all activity on their platform following a "cyber security incident" that had occurred on June 11. "While the loss at this point is still being investigated and analyzed, the number as we understand it today is between $15M-$20M in cryptocurrencies lost," they wrote on Twitter.

The group announced that they were working with "the FBI, the Department of Homeland Security, our regulators and Chainalysis" to investigate the attack. The group had previously earned SOC 2 certification for its cybersecurity controls.

Texas securities regulator alleges in cease-and-desist that Abra crypto lender has been insolvent for months

In an emergency cease-and-desist issued on June 15, the Texas State Securities Board alleged that the Abra crypto lending firm was "insolvent or nearly insolvent" as of interviews conducted on March 31. The filing alleged that Abra and its founder William Barhydt had made investment offerings that were materially misleading, accusing them of securities fraud. Despite not contesting securities regulators' conclusion that Abra was insolvent, Abra repeatedly posted statements on social media such as the one on June 11, where they wrote "Abra is not bankrupt".

According to the complaint, although Abra claimed it stored customer funds with the Fireblocks crypto custodian, they had actually been "secretly transferring assets" to Binance.

The regulator also alleged that Abra had around $30 million in assets with Babel Finance, $30 million with Genesis, and $10 million with Three Arrows Capital — three companies in various stages of liquidation or bankruptcy. They also have $8.8 million with Auros, a firm that was in liquidation but has since exited the process.

Delio crypto lender suspends withdrawals

South Korean cryptocurrency lending platform Delio announced to its customers on June 14 that they would be suspending withdrawals. In a letter to customers, they wrote that the decision was taken in response to the withdrawal suspension by Korean yield platform Haru Invest the previous day, which they said had led to a "sharp increase in market volatility and increased confusion among investors". Haru's suspension had caused a "sudden surge of withdrawals on our end", said Delio CEO James Jung.

Delio, like Haru, advertised yields of more than 10%.

Banq goes banqrupt

Banq, a subsidiary of the Prime Trust crypto custodian, has filed for bankruptcy. Banq is a "crypto-friendly" payment processor based in Nevada, though according to the bankruptcy documents, former CEO Scott Purcell decided to try to pivot the company away from payments and into NFTs without approval from the board of directors. Banq's parent company, Prime Trust, has also been the subject of insolvency rumors recently.

In the bankruptcy filings, Banq alleges that $17.5 million in assets were stolen by former officers, described in the listing as "computers, trade secrets, proprietary information and technology, business records, etc." The transfer allegedly was made to Fortress NFT Group, a rival company founded by the former CEO, CTO, and CPO. A lawsuit from Banq filed against Fortress and the executives in May 2022 alleges that the executives "stole not only Banq's technology, but also significant other value of Banq's, and used the purloined property to launch Defendants Fortress NFT and Planet NFT using Banq's assets, employees, trade secrets and proprietary technology, claiming all of it to be their own." They also claim that the defendants deleted files and engaged in other fraudulent activity to try to cover up the theft.

Haru Invest suspends withdrawals

The South Korean yield platform Haru Invest abruptly suspended withdrawals and deposits on June 13. They wrote in a blog post that they were experiencing "a certain issue" with an unnamed partner, later announcing that "we have discovered through our internal inspection process that certain information provided by a consignment operator was suspected to be false."

The following day, the company named the partner as B&S Holdings (formerly Aventus), and announced that they were taking legal action against the company for filing falsified management reports.

Haru Invest advertised APR in the double digits.

On June 22, Haru laid off 100 employees. Haru explained in a blog post: "after much consideration, it comes with a heavy heart to inform you that we will be minimizing the operations of Haru Invest and its affiliated companies to prevent further damages that are likely to be incurred". Haru's CEO told local media that Haru's offices were empty because employees were working from home for their own safety. After Haru halted withdrawals, they closed their office, and CoinDesk reported that "all company officials disappeared".

BNB Chain team prepares to step in to prevent massive Venus Protocol liquidation

After the massive BNB Chain bridge hack in October 2022, the hacker was able to take out a massive position with the Venus Protocol defi lending project. They borrowed $150 million in stablecoins by putting up 900,000 BNB (~$244 million at the time).

The recent SEC lawsuit against Binance has caused the BNB token to plummet almost 25%, from $305 to ~$230. This puts the hacker's position dangerously close to the liquidation threshold of $220, which could cause substantial impact on the market via cascading liquidations.

In November, BNB Chain passed a governance proposal giving the BNB Chain core team the ability to liquidate the position if it approached the liquidation threshold, meaning they could repay the debt in a more controlled manner that wouldn't dump hundreds of thousands of BNB onto the market all at once.

On June 12 the Venus team tweeted a reminder: "BNBChain core team is ready to take over the $BNB position on Venus as planned if the BNB price hits the liquidation threshold. The liquidator address has prepared $30M already to refund the account loans with more to come if needed. No BNB will be dumped into the market and no shortfall is expected on Venus."

This is not the only bad debt on the Venus platform, which has been described as "opaque" by Protos and has been accused of trying to hide some of its liabilities.

Abandoned Atlantis Loans project exploited for $1.1 million

Although developers abandoned the Atlantis Loans defi lending project in early April due to "financial difficulties", as a self-executing defi protocol it has continued to chug along rather like a zombie. As the developers wrote when they abandoned the project, "Atlantis Loans as a protocol is fully decentralized and the only way to make changes or turn things off will have to be done through the governance."

Evidently, few people continued to pay much attention to the project, because an exploiter was able to come along and perform a governance attack targeting the users who still had active smart contract approvals with the defunct project. They published and voted on a proposal to allow them to upgrade the smart contract in such a way that they could then take advantage of the approvals to transfer the tokens to their own wallet address. Ultimately they made off with around assets notionally worth around $1.1 million.

Sturdy Finance exploited for $775,000

The Sturdy Finance defi lending protocol was exploited, with hackers taking advantage of an oracle manipulation vulnerability to make off with 442 ETH (~$775,000). They subsequently transferred the funds into Tornado Cash. The total loss to the project was somewhat higher: 504 ETH (~$884,000).

Roughly an hour after the attack, the project tweeted that they were aware of the attack, and had paused all markets. On June 19 the project sent a message to the attacker, pleading with them to return the funds and threatening: "There are criminal organizations following the same evidence trails we are. This isn't going away until you return funds. We are your best option out of this."

Minting of TrueUSD stablecoin through Prime Trust halted; TUSD deviates from peg

On June 10, TrueUSD announced on Twitter: "TUSD mints via Prime Trust are paused for further notification." They offered no further explanation. TUSD is the fifth largest stablecoin by market capitalization.

The decision may have been related to insolvency rumors surrounding Prime Trust, a US-based fintech company. On June 8, BitGo announced a non-binding letter of intent to acquire Prime Trust.

After the announcement, the TUSD stablecoin dipped as low as $0.9951. This is a seemingly small deviation from the $1 peg, but in the stablecoin world, such small variances can be serious.

Crypto.com to shut down institutional trading in the US

Singapore's Crypto.com has announced it will be imminently shutting down its institutional exchange service in the US, citing "limited demand from institutions in the U.S. in the current market landscape". The firm will continue to serve retail customers in the country, however.

CFTC awarded default judgment in case against Ooki DAO

Ooki DAO was sued in September of last year for allowing illegal trading of digital assets, engaging in activities only allowed by registered futures commission merchants, and not performing proper KYC. It was a potentially landmark case, as one of the first actions to be taken against a DAO and an opportunity to test various DAOs' claims that by decentralizing governance, they can skirt regulatory enforcement.

Now, a judge has awarded default judgment in the case, requiring the DAO to pay a more than $640,000 penalty, close down its website, and stop trading.

The court held that the Ooki DAO was a "person" under the Commodity Exchange Act and thus could be held liable for violations of the law.

Robinhood to delist Solana, Cardano, Polygon tokens after SEC describes them as securities

Robinhood announced that its crypto exchange will delist the tokens for Solana (SOL), Cardano (ADA), and Polygon (MATIC) after they were described as unregistered securities in lawsuits against Binance and Coinbase. They seem to be the first exchange serving US customers to delist tokens mentioned by the SEC in the lawsuits. On June 12, they were followed by eToro US, who delisted ALGO, MANA, DASH, and MATIC. On June 16, Bakkt delisted SOL, ADA, and MATIC.

While simply claiming in a lawsuit that a crypto token is a security does not necessarily constitute a firm decision that it is so, this has been enough in the past to lead exchanges to remove token listings. The 2020 lawsuit against Ripple and its XRP token led to the token widely being delisted from exchanges serving US customers.

Scammers capitalize on Binance lawsuit fears to pull off Discord phishing scam

Adding insult to injury in Binance's tough couple of days, someone has managed to hijack the Discord vanity URL used by BNB Chain, the blockchain project associated with Binance. The scammers created a fake Discord channel where they have posted a message: "In order to curb the reactionary market's response to patently false SEC accusations, we are hosting a $BNB airdrop on BSC to show our faith in our technology and community!" The scammers urged members to connect their crypto wallets, ostensibly to receive their share of the roughly 100,000 BNB (nearly $30 million) the scammers claimed they'd allocated to the giveaway.

After this was brought to BNB Chain's attention by crypto sleuth zachxbt, they tweeted that they "acted quickly (within 10 minutes) to ban the offending accounts and remove the posts. We've taken steps to secure the server and protect against any further abuse." However, less than an hour later they put out a new tweet announcing that the URL had been hijacked to redirect to a new server.

"This is a scam, and if you connect your wallet, you will lose your funds. Please exercise caution until we are able to confirm a resolution", they wrote.

SEC files complaint against Coinbase

The SEC has clearly been busy. The agency followed up its complaint against Binance by smacking Coinbase with charges the very next day. This isn't terribly unexpected: in late March the SEC hit Coinbase with a Wells notice, which is a formal notice saying "we're about to file a complaint against you, convince us not to." Coinbase decided that instead of any real attempt at convincing them not to, they would use the incident as a PR opportunity to try to win hearts and minds (of the public but also critically in Congress), convincing people that the SEC was being unfair to them and stifling innovation in the United States and all sorts of other things.

The SEC, apparently unconvinced by Coinbase's usual spiel, filed a complaint with five claims for relief involving operating without registering with the SEC and offering unregistered securities by way of providing a cryptocurrency staking program.

Coinbase has responded with its usual bluster, and vowed to fight the lawsuit. They don't really have much choice, given their business is almost entirely predicated on being able to continue operating in the US. A tweet by Coinbase CEO Brian Armstrong refers to "the US congress... introducing new legislation to fix the situation", suggesting he is hoping that Congress might bail him out of the mess he's in. Given the amount of lobbying Coinbase has been doing, and the apparent bought and paid for crypto advocates who sit in Congress, his hopes are not entirely misplaced, but we shall see. As with the lawsuit against Binance, this is not likely to resolve anytime soon, particularly if the companies both decide to fight in court.

SEC files complaint against Binance

The SEC has filed a complaint against Binance, various related companies, and Binance CEO Changpeng "CZ" Zhao. They allege that the company has been acting with "blatant disregard" of US securities laws through their operation of unregistered trading platforms, have performed multiple offers of unregistered securities and investment schemes, and have defrauded investors through material misstatements around supposed controls for manipulative trading activity, such as wash trading, on the Binance platforms.

The complaint echoes some of the allegations made by the CFTC in a March lawsuit, including that Binance.US was primarily a front for Binance's international platform that was used to try to distract US regulators. However, it also goes farther by adding allegations around Binance's lack of controls around market manipulation, which the SEC alleges contradict public statements by Binance that they had sophisticated programs to prevent wash trading and other manipulative actions. The SEC even claims that the CZ-owned and -operated market maker Sigma Chain was engaged in substantial wash trading on the platform.

The SEC lawsuit was also a bit of a bombshell in its naming of some major cryptocurrencies as securities: SOL, ADA, MATIC, FIL, ATOM, SAND, MANA, ALGO, AXS, and COTI. These are the crypto assets associated, respectively, with the Solana, Cardano, Polygon, Filecoin,[d] Cosmos, The Sandbox, Decentraland, Algorand, Axie Infinity, and Coti projects.

Atomic Wallet hacks total over $100 million

Multiple users of the Atomic Wallet software suffered wallet compromises totaling more than $100 million in a spate of hacks suggesting an issue with the wallet itself. Atomic Wallet is a self-custody wallet, a suggested safer alternative than storing crypto assets in accounts controlled by third party companies. In February 2022, a security firm was forced to publicly disclose issues with the Atomic Wallet software after attempting to address them with the company via traditional routes, but went ignored.

Following the thefts, Atomic Wallet tweeted that they were aware of the reports of wallet compromises, and that they were attempting to learn more about the attacks, but had not yet confirmed any method of attack. They've since taken down the wallet software download page, likely out of concern that the software itself has been compromised.

Crypto sleuth zachxbt compiled a list of reported compromised Atomic Wallets, finding that multiple individuals lost multiple millions in the attack. The largest known individual theft so far involved almost $8 million in USDT (Tether); other individuals lost $2.8 million in USDT and 1,897 ETH (~$3.5 million).

Users of Atomic Wallet have been advised to transfer their assets to other wallets.

On June 6, both zachxbt and blockchain research group Elliptic speculated that the laundering strategy by the thieves resembled that of the North Korea-linked Lazarus Group, which has been responsible for other major crypto thefts.

unshETH compromised after private key leaked to GitHub

After a developer leaked private keys to GitHub, someone used them to drain $375,000 from the unshETH defi project. The project emergency paused withdrawals of unshETH ether to prevent further damage.

The leaked key allowed the attacker to transfer ownership of project smart contracts to themselves, though they later returned ownership.

unshETH posted a message to the hacker, demanding they return 90% of the stolen funds. They threatened: "We want to be clear, and this is not a bluff: we know who you and some people connected to you (friends) are, and we will absolutely move forward with law enforcement if you have not returned the money by the deadline above. We don't want to do this to you or have to rope your friends in, and would prefer everything be settled and everyone just move forward, but if we don't get the funds back by the above-mentioned time, we will be left with no choice in order to protect our protocol."

"Sounds exactly like someone bluffing would say", wrote one commenter.

Trust Reserve employees arrested

A Chinese cryptocurrency publication has reported that the staff of Trust Reserve (formerly CNHC Group) were detained by police. A sign on the door of the company's office in Shanghai announced "judicial seizure".

Trust Reserve issues the CNH offshore yuan-pegged stablecoin and the HKDC Hong Kong dollar-pegged stablecoin. The company had received funding from sources including the KuCoin crypto exchange.

Binance delists privacycoins in various European regions, later reverses decision

Seeming to bow to regulatory pressures, Binance announced they would delist various privacycoins including Monero, ZCash, and MobileCoin for some regions. Privacycoins are tokens that aim to obscure more of the information involved in a transaction, in contrast to the very public nature of the wallet addresses and transfer amounts of most cryptocurrency transactions.

Binance did not list the jurisdictions in which it would be ending privacycoin trading, but users in France, Spain, and Poland all reported receiving alerts. This suggested it could be related to the recent passage of the MiCA crypto legislation in the European Union. The resolution states: "The operating rules of the trading platform for crypto-assets shall prevent the admission to trading of crypto-assets that have an inbuilt anonymisation function unless the holders of those crypto-assets and their transaction history can be identified by the crypto-asset service providers operating a trading platform for crypto-assets."

In late June, Binance announced that they had reversed their decision, and would continue to offer the tokens.

Binance reportedly begins layoffs

Crypto giant Binance has reportedly begun layoffs, according to independent crypto reporter Colin Wu, who cited several anonymous sources. The layoffs will amount to around 20% of Binance's 8,000-person workforce, said Wu.

Binance issued a statement that the firings were related to poor performance and "cultural fit", an unlikely explanation for such a substantial cut.

In January 2023, Binance CEO Changpeng Zhao had stated that Binance planned to grow its employee count by 15–30% in 2023, even after more than doubling its employees in 2022. In March, responding to rumors of layoffs, Binance stated that they were "not planning any layoffs" and that in fact they planned to hire more than 500 employees by mid-year.