Chibi Finance rug pulls for $1 million

Chibi Finance was a defi project built on the Arbitrum Ethereum layer 2 network. Its Twitter bio described the project as "ChibiVerse For Chads, by Chibis. Compound dem yields!" What's not to love.

On June 27, the developers set the governance role to a malicious smart contract, which used a "panic" function to withdraw funds from the Chibi project. They then quickly swapped the funds to 555 wETH (~$1.05 million), bridged them to the Ethereum main chain, and laundered them through Tornado Cash.

Chibi Finance has since deleted its website and Twitter profile. Meanwhile, some crypto influencers who had promoted the project caught heat for doing so.

Prime Trust placed into receivership

Nevada's Financial Institutions Division and the Prime Trust crypto custodian requested that Prime Trust be placed into receivership, according to the NFID. A week earlier, the NFID had issued a cease and desist, ordering Prime Trust to halt operations and alleging that the company was insolvent.

In the filing, NFID alleges that Prime Trust discovered in December 2021 that it couldn't access some customer wallets, and so "purchased additional digital currency using customer money from its omnibus customer accounts" in order to satisfy withdrawals from said wallets.

Prime Trust reportedly has liabilities of around $82.8 million in fiat currency, plus another $860,000 of digital asset-denominated liabilities. "[Prime Trust] is in an unsafe financial condition and/or is insolvent. Additionally, [Prime Trust's] condition will only progressively worsen as customers continue to withdraw," wrote the regulator.

Eco-travel company We Are Bamboo loses millions of customer funds gambling on crypto

New Zealand-based We Are Bamboo may have been an ethical travel company, but they certainly weren't an ethical handler of customer funds. In late October 2022, the company abruptly announced it would be closing up its eco-travel business — without refunding customer funds due to the force majeure clause of the contract.

Now, a report from the New Zealand Herald suggests that the company's director Colin Salisbury took more than NZ$3.24 million (~US$2 million) in customer funds, put it into multiple cryptocurrency platforms over a period of almost two years, and lost it all. Another ~US$800,000 was lost in at least four fraudulent crypto platforms which just "ceased to exist".

We Are Bamboo tried to blame the collapse of their business on the COVID-19 pandemic and on a group of customers whose "actions and online influence have broken us". "Our intentions here are not to play the victim but simply share with you the levels to which this group has gone to ensure our downfall, and made it their sole purpose to attack us, our families, our staff, and our customers with the intent to destroy Bamboo," they wrote. However, a liquidator in the We Are Bamboo bankruptcy says they discovered the cryptocurrency transactions, which explained the true demise of the company.

Salisbury reportedly engaged in the crypto trading because he was concerned that the US dollar might lose value. Guess he found out the hard way what crypto could do for the value of his customers' funds.

Former NRL star and convict Jarryd Hayne reportedly loses more than $500,000 to a Bitcoin scam run by fellow inmate

Photograph of Jarryd HayneJarryd Hayne (attribution)
Quick tip: if you're in jail and a fellow inmate who is serving twelve years for running a Ponzi scheme asks you to invest in a Bitcoin scheme, don't do it. Then again, on the list of "things Jarryd Hayne shouldn't have done", this ranks fairly low.

Jarryd Hayne is a convicted rapist once known for his careers in rugby league and, briefly, American football. He's serving several years in jail, after being convicted of rape, winning an appeal, being retried, and once again being found guilty.

Hayne is one of several inmates apparently convinced by the Ponzi schemer inmate, Ishan Seenar Sappidee, that he could make them massive returns. Hayne provided around AU$780,000 (~US$521,000) in Bitcoin to the enterprising inmate, who apparently amassed more than AU$2 million (~US$1.3 million)from at least seven inmates.

Alleged SpireBit crypto scam loses one senior his life savings

According to a report from NPR, a crypto investment scam called SpireBit drained the life savings of a 74-year-old man in California. The scheme followed a familiar pattern: an online ad followed by some personalized recruiting convinced the man to put a relatively modest sum into an online account with a platform supposedly showing his crypto investments. After seeing those investments skyrocket, the man was convinced to put in more and more money, seeing massive returns. Only once he had put in his life savings did he try to withdraw, and discovered he could not. Ultimately, he realized the platform was a sham.

SpireBit claimed to be partnered with established companies within and outside of the crypto ecosystem, and took on the name of a real company as its supposed "parent" firm. Its online footprint was convincing at a glance, but a little digging revealed LinkedIn profiles using stock photos as portraits.

After NPR began poking around, the UK's Financial Conduct Authority issued a warning that SpireBit "is an unauthorised firm that uses the details of a genuine FCA-regulated firm when offering products and services. This makes the unauthorised firm appear as if it is regulated."

NPR could not determine how many people had fallen for the scheme, or how much money had been lost in total.

Binance ordered to halt operations in Belgium

Belgium's Financial Services and Markets Authority alleged on June 2023 is violating prohibitions against "offering and providing exchange services in Belgium between virtual currencies and legal currencies, as well as custody wallet services, from countries that are not members of the European Economic Area". The regulator ordered Binance to immediately stop providing "any and all such services" in the country.

The regulator also demanded Binance return all crypto assets to customers, or transfer them to a company authorized in Belgium. They also noted that "The Crown Prosecutor of Brussels has been informed of the acts that are liable to constitute a criminal offence."

$1.25 million stolen in 2 months in Polygon NFT phishing scheme

A phishing scam in which scammers airdropped fake NFTs impersonating real projects has landed the scammers around $1.25 million in the last two months. The scammers have created more than 1,350 fake NFTs appearing to come from real projects including RocketPool, ApeCoin, Polygon, Uniswap, and Aave, then airdropped them to more than 500,000 wallets. When they viewed the NFTs, the victims were directed to phishing sites where they signed malicious signatures.

Around $1.25 million in various assets have been stolen thus far, with the largest single loss exceeding $150,000.

Former Home Improvement child star Zachery Ty Bryan accused of crypto scamming

Headshot of Zachery Ty BryanZachery Ty Bryan (attribution)
What is it with former child stars and the siren song of crypto? Zachery Ty Bryan, who played Brad on the sitcom Home Improvement in the 90s, got rich when he used his earnings to buy in early to Bitcoin thanks to a tip from fellow child star-turned-crypto-mogul, Brock Pierce. Then, he got into selling fake tokens that he said were connected to an agricultural scheme called "Producers Market", which promised to help farmers by "connecting farmers and makers directly to you".

The project was real, and they had in fact brought on Bryan as an advisor and investor. Bryan later stated in a YouTube video that he had "[taken] the majority of my Bitcoin and rolled it into this technology". However, the firm scrapped its plans for an initial coin offering in 2019. Despite this, Bryan continued pitching the ICO to friends and family with the promise of big returns. One investor, a college student, he reeled in after matching with her on the dating app Bumble. Various sources told The Hollywood Reporter they'd lost between $5,000 and $25,000, for a total of almost $50,000.

In October 2020, Producers Market cut ties with Bryan. This coincided with Bryan being arrested for felony strangulation and other charges in regards to a drunken assault on a girlfriend, which he later pled down to misdemeanor menacing and fourth-degree assault.

Ponzi scheme promising a blockchain app to identify dogs by their nose-prints scams investors out of $127 million

A company that promised an app that could identify dogs by their nose-prints — built on the blockchain, of course — has been alleged by South Korean police to be "a typical Ponzi scheme" that lured investors with promises of up to 150% returns in 100 days. The company raised around ₩166.4 billion (~$127 million) from approximately 22,000 people. The victims, according to Korean police, are mostly "in their 60s or older with no expertise in cryptocurrencies".

As for the noseprint reader, well, it was found to be a fake product that (shockingly) didn't use a blockchain at all. The company had also promised to build "theme parks for pets", but had not leased any of the sites it had identified.

Prime Trust is insolvent

The Nevada Financial Institutions Division issued a cease and desist to the Prime Trust crypto custodian. Earlier in the month, the apparently embattled Prime Trust signed a non-binding letter of intent of acquisition with BitGo, but BitGo announced the deal was off on June 22. The same day, Stably announced that they had received a letter from Prime Trust announcing that deposits and withdrawals would be halted, which attributed the move to an order from the NFID.

Now, the cease and desist, filed June 21, has become public. It alleges that "the overall financial condition of [Prime Trust] has considerably deteriorated to a critically deficient level" and that "On or about June 21, 2023, Respondent was unable to honor customer withdrawals due to a shortfall of customer funds". The NFID alleged that Prime Trust "has materially and willfully breached its fiduciary duties to its customers by failing to safeguard assets under its custody and is unable to meet all customer disbursement requests."

Prime Trust had been a partner of the TrueUSD stablecoin, which halted minting on June 10 for undisclosed reasons.

Prime Trust halts withdrawals as acquisition falls through

The planned acquisition by BitGo of the Prime Trust crypto custodian fell through on June 22, as BitGo announced that they had "made the hard decision to terminate its acquisition" after "considerable effort and work to find a path forward". BitGo had announced its intention to acquire Prime Trust on June 8.

Shortly after BitGo's announcement, Prime Trust client Stably announced that they had received a letter from Prime Trust announcing that deposits and withdrawals would be halted. Prime Trust stated that the halt was by order of the Nevada Financial Institution Division, which had been issued the previous day.

Web3 influencer Elena tries to sell NFT collection of stolen art

Pixel art of three test tubes containing green, pink, and gold liquid on a dark purple background. On the right is a screenshot of identical pixel art from vecteezy.com Atomic Ordinals NFT on left; source of stolen artwork on right (attribution)
Web3 influencer Elena announced she would be launching an NFT collection titled "Atomic Ordinals", which would be inscribed on the Bitcoin blockchain. She claimed that the 200 images "fus[ed] my love for medicine and artistic expression fueled by a passion for emerging tech and education." She wrote, "I've spent countless hours pouring my heart and soul into each piece 🥺" The NFTs were set to mint for 0.05 BTC, meaning the collection would have earned her around 10 BTC ($300,000) if it minted out.

As it turned out, Elena had actually directly copied the pixel art from various sources. When accused of copying it, she published a screen capture video claiming to show that she had created the artwork "pixel by pixel", but people were quickly able to find the true sources of the artwork.

Eventually, she came as close to an admission as she is apparently going to get in an announcement that she would be pausing the sale: "I have heard your concerns about the art and I will be working to fix the file quality and any images that might be seen as 'copied' as they were only retraces and I never had any ill intent whatsoever."

Binance cancels registration in the United Kingdom

Binance's footprint is shrinking even further, as the company has canceled its registration with the United Kingdom's Financial Conduct Authority (FCA). This means that the company will not be able to perform any regulated activities in the country.

Binance had applied for registration after being warned by the FCA in July 2021 to seek registration before launching its business in the region.

Since the beginning of June, Binance has also announced it will exit the Netherlands and Cyprus amid regulatory issues.

Financial Times alleges Crypto.com is trading against its own customers

A report out of the Financial Times alleges that the Singapore-based Crypto.com exchange runs proprietary trading and market making teams. This is a controversial activity — though not uncommon in the crypto world — because of the conflicts of interest that are introduced when these functions are combined with those of an exchange. Speaking to CNBC about similar activities by other exchanges, US SEC chair Gary Gensler said, "These trading platforms, they call themselves exchanges, are commingling a number of functions. In traditional finance, we don't see the New York Stock Exchange also operating a hedge fund, making markets."

Sources cited by the FT allege that Crypto.com made "absolutely dramatic sworn statements that Crypto.com was in no way involved in trading" to other trading houses, and claim that employees were asked to lie about the existence of internal market makers. Crypto.com has refuted these allegations, and acknowledged that they run a market maker.

"This is not a controversial practice," Crypto.com said about the controversial practice.

Machi Big Brother sues zachxbt

A grey outline of a penguin with four eyes, on a black backgroundzachxbt's avatar (attribution)
Crypto personality and creator of C.R.E.A.M. Finance Jeffrey Huang, aka "Machi Big Brother", has filed a defamation lawsuit against crypto sleuth zachxbt. Huang alleges that zachxbt has defamed Huang with false claims via a Medium article that accuses Huang of multiple pump-and-dump schemes that enriched Huang to the tune of 22,000 ETH (~$38 million at today's prices).

Huang is also annoyed at zachxbt's observations about the multiple hacks of C.R.E.A.M. Finance, which zachxbt wrote had been exploited three times "due to negligence". "Putting aside that Cream Finance was exploited two, not three times", Huang hilariously writes in the lawsuit, taking issue with the fact that zachxbt supposedly intentionally omitted that some funds were returned and that Huang claims to have been no longer involved with the project by that point. It's not made clear in the lawsuit which of the three hacks recorded on Web3 is Going Just Great — to the tune of $37.5 million (February 2021), $25–30 million (August 2021), and $130 million (October 27, 2021) — supposedly didn't happen.

Wyre finally shuts down

The crypto payments platform Wyre finally announced they would be winding down "due to market conditions". This came after a January announcement from the CEO, where it was not entirely clear whether the company was shutting down or just massively "scaling back".

Wyre had been a partner of Binance US, through which Binance was able to accept USD deposits. However, Binance US is now the target of SEC regulatory action, and has suspended US dollar deposits. Wyre wrote in their announcement that the closure "is not due to any regulatory agency direction". Sure thing.

Binance to leave the Netherlands after failing to obtain license

As they are wont to do, Binance set up shop in the Netherlands without getting permission from the country's regulators. However, after being warned and then fined €3.3 million (~$3.35 million) in January, they apparently finally decided it was time to try to comply with requirements.

Sadly for them, they were unable to obtain a VASP registration in the country, and their "many alternative avenues to service Dutch residents in compliance with Dutch regulations" didn't pan out either. They announced that, effective immediately, they would no longer be accepting new customers from the region. Existing customers in the country will soon be only able to withdraw assets, and will not be able to purchase assets or trade on the platform.

Binance US cuts staff following SEC lawsuit

The US arm of Binance has cut around 50 positions, amounting to approximately 10% of its US employees. In a message to employees, Binance.US CEO Brian Shroder explained, "Because of our preparation for a prolonged and very costly legal battle, the Board asked Management to right-size our organization and reduce our burn rate to ensure long-term viability".

Shroder is, of course, referring to the recent lawsuit from the SEC as well as a lawsuit from the CFTC that was filed in March.

Binance looks to exit Cyprus

Although Binance's Cyprus arm was only registered in October 2022, the company is already looking to deregister in the country. According to Binance, they're pulling back in smaller EU countries in order to "focus on our efforts on fewer regulated entities in the EU", where they will need to come into compliance with the recent MiCA legislation by the time it comes into effect.

CoinEx settles with New York for $1.7 million

The Hong Kong-based cryptocurrency exchange CoinEx has agreed to pay $1.17 million in refunds to investors and $600,000 in penalties for failing to register as a securities and commodities broker-dealer and for falsely representing itself as a crypto exchange. The lawsuit was initially filed in February, and alleged that the company "engaged in repeated and persistent fraudulent practices".

The company is also banned from operating in the state going forward. The agreement requires CoinEx to implement geoblocking to prevent people with New York IP addresses from accessing the platform, and prohibits the company from creating new accounts for US customers or allowing US customers to do anything other than withdraw their assets.

FPG halts withdrawals after $15–20 million hack

The institutional cryptocurrency broker Floating Point Group (FPG) announced to customers on June 14 that they would be suspending all activity on their platform following a "cyber security incident" that had occurred on June 11. "While the loss at this point is still being investigated and analyzed, the number as we understand it today is between $15M-$20M in cryptocurrencies lost," they wrote on Twitter.

The group announced that they were working with "the FBI, the Department of Homeland Security, our regulators and Chainalysis" to investigate the attack. The group had previously earned SOC 2 certification for its cybersecurity controls.

Texas securities regulator alleges in cease-and-desist that Abra crypto lender has been insolvent for months

In an emergency cease-and-desist issued on June 15, the Texas State Securities Board alleged that the Abra crypto lending firm was "insolvent or nearly insolvent" as of interviews conducted on March 31. The filing alleged that Abra and its founder William Barhydt had made investment offerings that were materially misleading, accusing them of securities fraud. Despite not contesting securities regulators' conclusion that Abra was insolvent, Abra repeatedly posted statements on social media such as the one on June 11, where they wrote "Abra is not bankrupt".

According to the complaint, although Abra claimed it stored customer funds with the Fireblocks crypto custodian, they had actually been "secretly transferring assets" to Binance.

The regulator also alleged that Abra had around $30 million in assets with Babel Finance, $30 million with Genesis, and $10 million with Three Arrows Capital — three companies in various stages of liquidation or bankruptcy. They also have $8.8 million with Auros, a firm that was in liquidation but has since exited the process.

Delio crypto lender suspends withdrawals

South Korean cryptocurrency lending platform Delio announced to its customers on June 14 that they would be suspending withdrawals. In a letter to customers, they wrote that the decision was taken in response to the withdrawal suspension by Korean yield platform Haru Invest the previous day, which they said had led to a "sharp increase in market volatility and increased confusion among investors". Haru's suspension had caused a "sudden surge of withdrawals on our end", said Delio CEO James Jung.

Delio, like Haru, advertised yields of more than 10%.

Banq goes banqrupt

Banq, a subsidiary of the Prime Trust crypto custodian, has filed for bankruptcy. Banq is a "crypto-friendly" payment processor based in Nevada, though according to the bankruptcy documents, former CEO Scott Purcell decided to try to pivot the company away from payments and into NFTs without approval from the board of directors. Banq's parent company, Prime Trust, has also been the subject of insolvency rumors recently.

In the bankruptcy filings, Banq alleges that $17.5 million in assets were stolen by former officers, described in the listing as "computers, trade secrets, proprietary information and technology, business records, etc." The transfer allegedly was made to Fortress NFT Group, a rival company founded by the former CEO, CTO, and CPO. A lawsuit from Banq filed against Fortress and the executives in May 2022 alleges that the executives "stole not only Banq's technology, but also significant other value of Banq's, and used the purloined property to launch Defendants Fortress NFT and Planet NFT using Banq's assets, employees, trade secrets and proprietary technology, claiming all of it to be their own." They also claim that the defendants deleted files and engaged in other fraudulent activity to try to cover up the theft.

Haru Invest suspends withdrawals

The South Korean yield platform Haru Invest abruptly suspended withdrawals and deposits on June 13. They wrote in a blog post that they were experiencing "a certain issue" with an unnamed partner, later announcing that "we have discovered through our internal inspection process that certain information provided by a consignment operator was suspected to be false."

The following day, the company named the partner as B&S Holdings (formerly Aventus), and announced that they were taking legal action against the company for filing falsified management reports.

Haru Invest advertised APR in the double digits.

On June 22, Haru laid off 100 employees. Haru explained in a blog post: "after much consideration, it comes with a heavy heart to inform you that we will be minimizing the operations of Haru Invest and its affiliated companies to prevent further damages that are likely to be incurred". Haru's CEO told local media that Haru's offices were empty because employees were working from home for their own safety. After Haru halted withdrawals, they closed their office, and CoinDesk reported that "all company officials disappeared".

BNB Chain team prepares to step in to prevent massive Venus Protocol liquidation

After the massive BNB Chain bridge hack in October 2022, the hacker was able to take out a massive position with the Venus Protocol defi lending project. They borrowed $150 million in stablecoins by putting up 900,000 BNB (~$244 million at the time).

The recent SEC lawsuit against Binance has caused the BNB token to plummet almost 25%, from $305 to ~$230. This puts the hacker's position dangerously close to the liquidation threshold of $220, which could cause substantial impact on the market via cascading liquidations.

In November, BNB Chain passed a governance proposal giving the BNB Chain core team the ability to liquidate the position if it approached the liquidation threshold, meaning they could repay the debt in a more controlled manner that wouldn't dump hundreds of thousands of BNB onto the market all at once.

On June 12 the Venus team tweeted a reminder: "BNBChain core team is ready to take over the $BNB position on Venus as planned if the BNB price hits the liquidation threshold. The liquidator address has prepared $30M already to refund the account loans with more to come if needed. No BNB will be dumped into the market and no shortfall is expected on Venus."

This is not the only bad debt on the Venus platform, which has been described as "opaque" by Protos and has been accused of trying to hide some of its liabilities.

Abandoned Atlantis Loans project exploited for $1.1 million

Although developers abandoned the Atlantis Loans defi lending project in early April due to "financial difficulties", as a self-executing defi protocol it has continued to chug along rather like a zombie. As the developers wrote when they abandoned the project, "Atlantis Loans as a protocol is fully decentralized and the only way to make changes or turn things off will have to be done through the governance."

Evidently, few people continued to pay much attention to the project, because an exploiter was able to come along and perform a governance attack targeting the users who still had active smart contract approvals with the defunct project. They published and voted on a proposal to allow them to upgrade the smart contract in such a way that they could then take advantage of the approvals to transfer the tokens to their own wallet address. Ultimately they made off with around assets notionally worth around $1.1 million.

Sturdy Finance exploited for $775,000

The Sturdy Finance defi lending protocol was exploited, with hackers taking advantage of an oracle manipulation vulnerability to make off with 442 ETH (~$775,000). They subsequently transferred the funds into Tornado Cash. The total loss to the project was somewhat higher: 504 ETH (~$884,000).

Roughly an hour after the attack, the project tweeted that they were aware of the attack, and had paused all markets. On June 19 the project sent a message to the attacker, pleading with them to return the funds and threatening: "There are criminal organizations following the same evidence trails we are. This isn't going away until you return funds. We are your best option out of this."

Minting of TrueUSD stablecoin through Prime Trust halted; TUSD deviates from peg

On June 10, TrueUSD announced on Twitter: "TUSD mints via Prime Trust are paused for further notification." They offered no further explanation. TUSD is the fifth largest stablecoin by market capitalization.

The decision may have been related to insolvency rumors surrounding Prime Trust, a US-based fintech company. On June 8, BitGo announced a non-binding letter of intent to acquire Prime Trust.

After the announcement, the TUSD stablecoin dipped as low as $0.9951. This is a seemingly small deviation from the $1 peg, but in the stablecoin world, such small variances can be serious.

Crypto.com to shut down institutional trading in the US

Singapore's Crypto.com has announced it will be imminently shutting down its institutional exchange service in the US, citing "limited demand from institutions in the U.S. in the current market landscape". The firm will continue to serve retail customers in the country, however.

CFTC awarded default judgment in case against Ooki DAO

Ooki DAO was sued in September of last year for allowing illegal trading of digital assets, engaging in activities only allowed by registered futures commission merchants, and not performing proper KYC. It was a potentially landmark case, as one of the first actions to be taken against a DAO and an opportunity to test various DAOs' claims that by decentralizing governance, they can skirt regulatory enforcement.

Now, a judge has awarded default judgment in the case, requiring the DAO to pay a more than $640,000 penalty, close down its website, and stop trading.

The court held that the Ooki DAO was a "person" under the Commodity Exchange Act and thus could be held liable for violations of the law.

Robinhood to delist Solana, Cardano, Polygon tokens after SEC describes them as securities

Robinhood announced that its crypto exchange will delist the tokens for Solana (SOL), Cardano (ADA), and Polygon (MATIC) after they were described as unregistered securities in lawsuits against Binance and Coinbase. They seem to be the first exchange serving US customers to delist tokens mentioned by the SEC in the lawsuits. On June 12, they were followed by eToro US, who delisted ALGO, MANA, DASH, and MATIC. On June 16, Bakkt delisted SOL, ADA, and MATIC.

While simply claiming in a lawsuit that a crypto token is a security does not necessarily constitute a firm decision that it is so, this has been enough in the past to lead exchanges to remove token listings. The 2020 lawsuit against Ripple and its XRP token led to the token widely being delisted from exchanges serving US customers.

Scammers capitalize on Binance lawsuit fears to pull off Discord phishing scam

Adding insult to injury in Binance's tough couple of days, someone has managed to hijack the Discord vanity URL used by BNB Chain, the blockchain project associated with Binance. The scammers created a fake Discord channel where they have posted a message: "In order to curb the reactionary market's response to patently false SEC accusations, we are hosting a $BNB airdrop on BSC to show our faith in our technology and community!" The scammers urged members to connect their crypto wallets, ostensibly to receive their share of the roughly 100,000 BNB (nearly $30 million) the scammers claimed they'd allocated to the giveaway.

After this was brought to BNB Chain's attention by crypto sleuth zachxbt, they tweeted that they "acted quickly (within 10 minutes) to ban the offending accounts and remove the posts. We've taken steps to secure the server and protect against any further abuse." However, less than an hour later they put out a new tweet announcing that the URL had been hijacked to redirect to a new server.

"This is a scam, and if you connect your wallet, you will lose your funds. Please exercise caution until we are able to confirm a resolution", they wrote.

SEC files complaint against Coinbase

The SEC has clearly been busy. The agency followed up its complaint against Binance by smacking Coinbase with charges the very next day. This isn't terribly unexpected: in late March the SEC hit Coinbase with a Wells notice, which is a formal notice saying "we're about to file a complaint against you, convince us not to." Coinbase decided that instead of any real attempt at convincing them not to, they would use the incident as a PR opportunity to try to win hearts and minds (of the public but also critically in Congress), convincing people that the SEC was being unfair to them and stifling innovation in the United States and all sorts of other things.

The SEC, apparently unconvinced by Coinbase's usual spiel, filed a complaint with five claims for relief involving operating without registering with the SEC and offering unregistered securities by way of providing a cryptocurrency staking program.

Coinbase has responded with its usual bluster, and vowed to fight the lawsuit. They don't really have much choice, given their business is almost entirely predicated on being able to continue operating in the US. A tweet by Coinbase CEO Brian Armstrong refers to "the US congress... introducing new legislation to fix the situation", suggesting he is hoping that Congress might bail him out of the mess he's in. Given the amount of lobbying Coinbase has been doing, and the apparent bought and paid for crypto advocates who sit in Congress, his hopes are not entirely misplaced, but we shall see. As with the lawsuit against Binance, this is not likely to resolve anytime soon, particularly if the companies both decide to fight in court.

SEC files complaint against Binance

The SEC has filed a complaint against Binance, various related companies, and Binance CEO Changpeng "CZ" Zhao. They allege that the company has been acting with "blatant disregard" of US securities laws through their operation of unregistered trading platforms, have performed multiple offers of unregistered securities and investment schemes, and have defrauded investors through material misstatements around supposed controls for manipulative trading activity, such as wash trading, on the Binance platforms.

The complaint echoes some of the allegations made by the CFTC in a March lawsuit, including that Binance.US was primarily a front for Binance's international platform that was used to try to distract US regulators. However, it also goes farther by adding allegations around Binance's lack of controls around market manipulation, which the SEC alleges contradict public statements by Binance that they had sophisticated programs to prevent wash trading and other manipulative actions. The SEC even claims that the CZ-owned and -operated market maker Sigma Chain was engaged in substantial wash trading on the platform.

The SEC lawsuit was also a bit of a bombshell in its naming of some major cryptocurrencies as securities: SOL, ADA, MATIC, FIL, ATOM, SAND, MANA, ALGO, AXS, and COTI. These are the crypto assets associated, respectively, with the Solana, Cardano, Polygon, Filecoin,[d] Cosmos, The Sandbox, Decentraland, Algorand, Axie Infinity, and Coti projects.

Atomic Wallet hacks total over $100 million

Multiple users of the Atomic Wallet software suffered wallet compromises totaling more than $100 million in a spate of hacks suggesting an issue with the wallet itself. Atomic Wallet is a self-custody wallet, a suggested safer alternative than storing crypto assets in accounts controlled by third party companies. In February 2022, a security firm was forced to publicly disclose issues with the Atomic Wallet software after attempting to address them with the company via traditional routes, but went ignored.

Following the thefts, Atomic Wallet tweeted that they were aware of the reports of wallet compromises, and that they were attempting to learn more about the attacks, but had not yet confirmed any method of attack. They've since taken down the wallet software download page, likely out of concern that the software itself has been compromised.

Crypto sleuth zachxbt compiled a list of reported compromised Atomic Wallets, finding that multiple individuals lost multiple millions in the attack. The largest known individual theft so far involved almost $8 million in USDT (Tether); other individuals lost $2.8 million in USDT and 1,897 ETH (~$3.5 million).

Users of Atomic Wallet have been advised to transfer their assets to other wallets.

On June 6, both zachxbt and blockchain research group Elliptic speculated that the laundering strategy by the thieves resembled that of the North Korea-linked Lazarus Group, which has been responsible for other major crypto thefts.

unshETH compromised after private key leaked to GitHub

After a developer leaked private keys to GitHub, someone used them to drain $375,000 from the unshETH defi project. The project emergency paused withdrawals of unshETH ether to prevent further damage.

The leaked key allowed the attacker to transfer ownership of project smart contracts to themselves, though they later returned ownership.

unshETH posted a message to the hacker, demanding they return 90% of the stolen funds. They threatened: "We want to be clear, and this is not a bluff: we know who you and some people connected to you (friends) are, and we will absolutely move forward with law enforcement if you have not returned the money by the deadline above. We don't want to do this to you or have to rope your friends in, and would prefer everything be settled and everyone just move forward, but if we don't get the funds back by the above-mentioned time, we will be left with no choice in order to protect our protocol."

"Sounds exactly like someone bluffing would say", wrote one commenter.

Trust Reserve employees arrested

A Chinese cryptocurrency publication has reported that the staff of Trust Reserve (formerly CNHC Group) were detained by police. A sign on the door of the company's office in Shanghai announced "judicial seizure".

Trust Reserve issues the CNH offshore yuan-pegged stablecoin and the HKDC Hong Kong dollar-pegged stablecoin. The company had received funding from sources including the KuCoin crypto exchange.

Binance delists privacycoins in various European regions, later reverses decision

Seeming to bow to regulatory pressures, Binance announced they would delist various privacycoins including Monero, ZCash, and MobileCoin for some regions. Privacycoins are tokens that aim to obscure more of the information involved in a transaction, in contrast to the very public nature of the wallet addresses and transfer amounts of most cryptocurrency transactions.

Binance did not list the jurisdictions in which it would be ending privacycoin trading, but users in France, Spain, and Poland all reported receiving alerts. This suggested it could be related to the recent passage of the MiCA crypto legislation in the European Union. The resolution states: "The operating rules of the trading platform for crypto-assets shall prevent the admission to trading of crypto-assets that have an inbuilt anonymisation function unless the holders of those crypto-assets and their transaction history can be identified by the crypto-asset service providers operating a trading platform for crypto-assets."

In late June, Binance announced that they had reversed their decision, and would continue to offer the tokens.

Binance reportedly begins layoffs

Crypto giant Binance has reportedly begun layoffs, according to independent crypto reporter Colin Wu, who cited several anonymous sources. The layoffs will amount to around 20% of Binance's 8,000-person workforce, said Wu.

Binance issued a statement that the firings were related to poor performance and "cultural fit", an unlikely explanation for such a substantial cut.

In January 2023, Binance CEO Changpeng Zhao had stated that Binance planned to grow its employee count by 15–30% in 2023, even after more than doubling its employees in 2022. In March, responding to rumors of layoffs, Binance stated that they were "not planning any layoffs" and that in fact they planned to hire more than 500 employees by mid-year.

NFL labor union is out almost $42 million thanks to crypto collapse

A report from The Athletic indicates that the National Football League Players Association, a labor union for NFL players, has been unable to collect nearly $42 million it is owed in licensing and sponsorship revenue. The Athletic cited sources suggesting the issue was directly related to the collapse of the crypto industry, and to its partners renegotiating licensing deals due to the downturn.

The amount is owed by affiliate OneTeam Partners. In April, Sportico reported that sports NFT platform Dapper Labs had discussed restructuring its deal with the NFL and NFLPA due to an extremely rocky year. So too had DraftKings, which had signed a deal with the NFLPA for its "Reignmakers" player trading card NFTs.

"Charity NFT project" by supposed cancer patient raises $117,000 with stolen art before being exposed as a fraud

Tweets by Andrew Wang: "I woke up today to see one of my friends trending on twitter, @Hopeexist1. she made a collection to help herself battle cancer and some awesome web3 people spotlighted her today, so i'd like to add to it

I'll put my rep on the line to say this is for real amidst all the scams in our space. I speak with her art teacher often when she's gone for treatment and he says she's the best student he's ever had, that her talent is too precious, that she must survive. He cares like a father"Tweets by Andrew Wang promoting the scam (attribution)
A person claiming to be battling cancer created a "charity NFT project" ostensibly to help with her treatment. She convinced some crypto influencers to promote the project, including Andrew Wang, a popular Twitter account with nearly 200,000 followers. Wang tweeted, "I'll put my rep on the line to say this is for real amidst all the scams in our space". He claimed to have spoken with the NFT project creator's art teacher, writing: "he says she's the best student he's ever had, that her talent is too precious, that she must survive."

Several hours later, the project creator deleted her Twitter account, and crypto sleuth zachxbt unearthed evidence that the pixel art she had been selling as NFTs had been stolen from various others. Altogether, the "Pixel Penguins" NFT project she promoted raised around 63.5 ETH (~$117,000).

Wang later apologized for promoting the scam, claiming that he had tried to do due diligence but had been in contact with her for over a year, and had spoken on the phone with someone claiming to be her art teacher. However, zachxbt wrote, "Seems some people called it out last year. Not sure how much he actually 'verified'".

MoonPay executives pocketed $150 million raised from Series A

According to a report from The Information, MoonPay executives including CEO Ivan Soto-Wright pocketed $150 million from their $555 million Series A funding round completed in November 2021. MoonPay is a crypto payments platform known for its NFT "concierge" service popular among celebrities, and for the various allegations of undisclosed promotion leveled against it related to some of those celebrity deals.

According to The Information, MoonPay never disclosed that $150 million of the Series A funding was used to purchase shares from insiders including Soto-Wright, and never went to the company. Several weeks after the funding round, Soto-Wright purchased a $38 million Miami mansion.

Bybit exits Canada

The cryptocurrency exchange Bybit announced that they would be exiting Canada. The company cited "recent regulatory development" in the country for their decision to stop offering services to Canadian customers.

In June 2022, Bybit settled a complaint from the Ontario Securities Commission for operating an unregistered platform and offering unregistered securities to Ontarian investors. The company disgorged CA$2.5 million (US$1.9 million) as result. At the time, the OSC stated that Bybit was working to come into compliance with the OSC's requirements.

Apparent whitehat exploits El Dorado Exchange, claiming developers built in a backdoor to steal user funds

The new Arbitrum-based El Dorado Exchange (EDE) was exploited for around $580,000. In an interesting twist, the attacker claimed to be a whitehat who was exposing that the developers had "implemented a backdoor that allowed them to force liquidate any position they desired. This activity involved intentionally signing incorrect prices to manipulate users' positions and steal their funds".

The attacker promised to return all funds, minus a 10% "white hat fee", if the developers "admit to manipulating the prices", and also offered to disclose other vulnerabilities they claimed to have found in the project.

The project founders wrote in response: "Yes we acknowledge making an ill-advised decision to manipulate the price. However our intention was to blacklist those who had previously exploited the system, fully aware that all transactions are recorded on the blockchain. We did not aim to misappropriate users funds as this would leave a traceable record. We will promptly remove the problematic bomb contract."

The exploiter began returning funds shortly afterwards.

BKEX crypto exchange halts withdrawals due to money laundering investigation

The BKEX crypto exchange announced on May 29 that they would be suspending withdrawals, claiming it was related to a police investigation. "Recently, the platform users' funds were involved in 'money laundering' and BKEX is currently cooperating with the police to collect evidence, for which we will suspend withdrawals to cooperate with the work", they wrote in an announcement on their website.

The exchange offered no estimate of when withdrawals might be re-enabled.

Jimbos Protocol exploited for $7.5 million

Three days after the launch of its v2 protocol, the Arbitrum-based Jimbos Protocol was exploited for 4,090 ETH (~$7.5 million). The project had not properly controlled for slippage, which enabled an attacker to use a flash loan to manipulate the trading pairs on the project. The attacker then bridged the stolen funds to the Ethereum chain.

After the attack, Jimbos Protocol tweeted "We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals. We will release further information when possible." They also sent an on-chain message to the exploiter, offering to stop all investigations if the hacker returns 90% of the stolen funds.

Nigerian crypto trading app Patricia suffers multimillion dollar theft, freezes withdrawals

Patricia, a retail cryptocurrency trading app in Nigeria, froze withdrawals after revealing that they had suffered a ₦2 billion hack. According to the outlet TechCabal, despite announcing the hack in May 2023, the incident actually occurred in January 2022, but Patricia had managed to hide it up until that point.

The stolen ₦2 billion would have been worth around US$4.8 million based on the value of the Naira at the time of the theft.

Malfunctioning bot costs Poo Finance token hunters $440,000

Some traders hoping to snipe new tokens launched by Poo Finance (yes, really) decided to try to use a MEV bot to snag priority ordering compared to other pending blockchain transactions. They spent a combined 240 ETH (~$440,000) to be spent on the tokens and on bribes paid to the bot. However, the bot sent the tokens to the wrong Uniswap pool, ultimately obtaining only 4 ETH (~$7,300) of Poo Finance tokens.

Coinone employees "admit to facts" in case regarding token listing bribes

A lawyer for a broker and the former director of the South Korean cryptocurrency exchange Coinone have told a court that their clients "admit the facts of the prosecution". The director, "Mr. Jeon", is accused of accepting more than ₩2 billion (~$1.5 million) in bribes in exchange for listing shady tokens on the exchange. In one case, the exchange was the only platform to list a token called "Furiever Coin", which has been linked to a kidnapping and murder investigation in Seoul.

Four executives were arrested in connection to the investigation in April, under suspicion that they had received ₩2.4 billion (~$2.2 million) in bribes in exchange for listing dozens of coins.

Coinone is one of the most popular South Korean cryptocurrency exchanges. In July 2022, it was among the seven exchanges raided by Korean authorities in the wake of the Terra/Luna collapse, as the country began applying harsher scrutiny to crypto platforms.