Gitcoin loses $500,000 in transfer SNAFU
Bored Apes' Yuga Labs lays off employees
"It's a challenging time, not only for our industry but also for the global economy," wrote Yuga Labs CEO, apparently hoping that people ignorant to the past year of disaster across the NFT industry might be willing to attribute Yuga Labs' struggles to macroeconomic forces and not the implosion of the crypto — and particularly NFT — world.
BigWhale loses $1.5 million in private key leak
In a long post on Twitter, the project promised "we will refund all investor funds down to the last cent". They also wrote that "Not only are we going to use the fullest extent of the law to go after the person or persons behind this hack / attack, we will also use ALL OTHER MEANS NECESSARY - and we do have such resources at our disposal, to go after the ones who are behind this. (We work with assets within the Russian government directly...)"
In a later post on their website, however, they wrote that they do "not bear legal liability to refund investors for the losses incurred unless the hacked funds are successfully recovered", attributing the incident to force majeure. They repeatedly claimed that they had not been involved in the theft. The project completely took down its website, redirecting it to this post.
Crypto.com fined $3.1 million in the Netherlands for operating without registration
The fine was announced in March 2024, and Crypto.com said it had appealed the penalty.
Crypto.com was hardly the first exchange to fall afoul of the regulator: Binance was fined $3.35 million in July 2022 for the same, and Coinbase was hit with a $3.6 million for the same in January 2023. Binance later shut down their Dutch operations after failing to obtain a license.
Former FTX auditor Prager Metis sued by SEC for hundreds of alleged violations
Prager Metis is among the auditors who audited FTX, and was noted by FTX's CEO-in-bankruptcy John J. Ray III for advertising itself as "the first CPA firm to officially open its headquarters inside the metaverse".
None of the clients involved with the faulty audits were disclosed in the lawsuit, and the SEC has not issued any statements connecting the charges to the FTX collapse.
Three Arrows Capital co-founder Su Zhu jailed for four months
Three Arrows Capital fell apart in June 2022, and was among one of the first major collapses that set off a domino effect of crypto company failures throughout that summer and the rest of the year.
Chase UK to block payments for crypto
The change is scheduled to go into effect on October 16.
JPEX appears to be a $191 million fraud
Police have received more than 2,200 complaints pertaining to the exchange, involving $191 million (and counting) in possible losses. Eleven people, including various crypto influencers who had promoted the exchange, were taken in for questioning. However, police have said those eleven people were not likely central to the fraud, and that the leaders of the JPEX project are on the run.
According to the South China Morning Post, "The alleged case of financial fraud involving HK$1.37 billion is the largest of its kind in Hong Kong's history."
Upbit briefly suspends Aptos transactions after people were able to deposit counterfeit tokens
However, a bug on the part of the counterfeiter prevented massive losses. The spoofer used only six decimal places instead of eight, meaning that those who tried to redeem the fake tokens only received $250 instead of $25,000.
Upbit later re-enabled Aptos transactions after patching the bug.
Huobi exchange hacked for $8 million
Sun offered a bounty to the hacker to return 95% of the funds, also promising to hire them as a "security white hat advisor" for the exchange. Otherwise, he threatened to go to law enforcement.
Two weeks later, the thief returned the funds, with a note that their hot wallet key had leaked. Huobi paid the $410,000 bounty.
Mixin Network discloses $200 million hack
In their announcement, Mixin wrote that "the database of Mixin Network's cloud service provider was attacked by hackers", leading to some confusion as Mixin is supposed to be a decentralized network that ostensibly shouldn't have a centralized cloud database.
Mixin announced they would be suspending deposits and withdrawals pending analysis of the incident. They also told users that they would be compensated "up to a maximum of 50%" on assets that had been stolen from them, and receive "tokenized liability claims" (that is, IOUs) for the rest.
Wallet phished for $4.46 million in fake mining scam
These types of scams draw in tens of millions of dollars each month, and one researcher has estimated around $350 million in Tether have been stolen in these types of scams since September 2021.
Balancer frontend compromised
This is the second theft from Balancer in a month, after it warned of a critical vulnerability on August 22, and that vulnerability was exploited for around $2 million several days later.
JPEX hikes withdrawal fees amidst possible collapse
The JPEX cryptocurrency exchange was the subject of a September 13 consumer warning by the Securities and Futures Commission (SFC), who said they were promoting services to Hong Kong residents without proper licensure. The following day, attendees of the Token 2049 crypto event observed that JPEX had abandoned the booth they'd rented. Then, JPEX hiked their withdrawal fees to as high as $999, and limited withdrawals to $1,000.
According to the South China Morning Post, customers have filed at least 83 complaints about the exchange, pertaining to crypto assets priced at $4.3 million. Hong Kong police have disclosed they are investigating the firm.
JPEX released a statement that the SFC was "exerting undue pressure on our platform", and asserted that the watchdog should "bear full responsibility for undermining the prospects" of the crypto industry in the region. Later, they accused their "partnered third-party market makers" of "maliciously fr[eezing] funds". They announced that, as a result, they would be pausing their Earn product. They also suspended their platform's gaming feature.
PolkaWorld halts operations, blames community governance
"Personally, we believe decentralization only works for the 'informed', it's not for everyone, no offense meant," wrote PolkaWorld on Twitter.
Killer Whales crypto reality show launches about two years too late
The trailer for the show features a duo pitching "Ape Water": Bored Ape-branded canned water that sells for $2.80/can. "We want to reimagine water... When you scan the can, that's when crypto and web3 is unlocked," says the booster. Revolutionary.
Even crypto Twitter seemed less than enthused, with one person writing that the show was "like Shark Tank, but cringe". Another wrote, "Just take a peep at the panel of judges it's full of crypto grifters and scammers".
Ethereum bungles "Holesky" testnet launch
However, the Holesky launch was a failure when developers misconfigured the network, causing it to fail to initiate. Developers announced they would try to relaunch the project a week after its intended go-live date. At least it was just a testnet.
Nouns DAO fractures in $27 million split
Nouns NFTs have been popular since the project's launch in 2021, and in mid-2022 enjoyed a floor price of over 100 ETH (then over $150,000). Now they tend to sell for around 35 ETH (~$57,000). The DAO has used its substantial treasury to fund a wide range of projects, from creating Nouns short films, to distributing eyeglasses to kids, to partnering with Bud Light for a Super Bowl commercial in 2022.
Now, however, more than half of the project has opted to leave, with some leavers citing flawed decisionmaking and lack of leadership. As for the new fork, some Nouns owners may choose to "ragequit" — that is, forfeit their NFT and cash out their portion of the treasury (around 35.5 ETH, or $57,850, apiece). Some arbitrageurs have been buying Noun NFTs for months, hoping to use this ragequit functionality to profit.
NFL quarterback Trevor Lawrence, others settle FTX class action claims
Lawrence, Paffrath, and Nash are far from the only people facing class actions over their endorsements of FTX. Tom Brady, Gisele Bundchen, Steph Curry, Shaquille O'Neal, Larry David, are also facing lawsuits over their activities in promoting the firm.
Remitano hacked for $2.7 million
Remitano acknowledged the hack, writing that they had suffered a "data breach from a third-party source". They have claimed that users' assets will not be affected by the theft.
Remitano is a peer-to-peer crypto exchange focused on emerging markets, including Nigeria, Pakistan, Venezuela, and Malaysia.
Crypto booster Mark Cuban hacked for $870,000
This isn't the first time Cuban has been burned by the crypto industry. In June 2021, he lost "enough that I wasn't happy about it" in the collapse of the Titan stablecoin. Cuban is also a defendant in a class action lawsuit related to his endorsement of Voyager, a crypto broker that collapsed in July 2022.
Genesis closes trading entirely
Although Genesis Global Capital filed for bankruptcy in January 2023, portions of its business were excluded from the bankruptcy and continued to operate.
SEC charges Mila Kunis-backed Stoner Cats NFT project
The series was developed by Mila Kunis and her production company, and she, Ashton Kutcher, and Chris Rock all performed in the show, which ultimately aired six episodes accessible only to those who hold the NFTs. The premise, according to the SEC, is "house cats that become sentient after being exposed to their owner's medical marijuana".
The SEC determined that the project had marketed the NFTs as an investment in a web series enterprise, and had therefore violated securities laws by not registering with the SEC. Stoner Cats 2 LLC agreed to a cease-and-desist order, and will pay a $1 millon penalty.
OneCoin cofounder gets 20 years in prison
OneCoin operated out of Bulgaria, and was founded by Greenwood and "Cryptoqueen" Ruja Ignatova, the latter of whom has been on Europol's most wanted list since May 2022. The fraud amounted to around $4 billion and affected at least 3.5 million victims.
- "Co-Founder Of Multibillion-Dollar Cryptocurrency Scheme “OneCoin” Sentenced To 20 Years In Prison", press release by the U.S. Attorney's Office, Southern District of New York [archive]
Binance.US CEO Brian Shroder bails as the company cuts 1/3 of its employees
Simultaneously, Binance.US announced it would be cutting 1/3 of its employees, or more than 100 people. This is the second staffing cut since the SEC lawsuit was filed in June — Binance.US cut around 50 positions, then around 10% of employees, shortly after the lawsuit was announced. The primary Binance entity also fired more than 1,000 people in July.
- "Binance.US CEO Leaves Embattled Crypto Exchange", The Wall Street Journal [archive]
CoinEx hacked for $70 million
CoinEx is based out of Hong Kong, and was recently forced to stop serving US customers as part of a settlement with the New York Attorney General which also required them to pay a $1.7 million fine.
Developer steals $1 million from the group behind Milady NFTs
Remilia is a very controversial group, particularly after it was exposed that leader Charlotte Fang was a major figure in a white supremacist cult known as Kali Yuga Accelerationism (abbreviated "kaliacc"), and involved in a 4chan suicide cult.
Fang announced the theft on September 11 in a tweet accompanied by a glitch art image derived from a photo of the Twin Towers engulfed in flames and smoke shortly after the 9/11 terrorist attacks.
Banana Gun bot launches token, sparks rug pull fears as they disclose a bug
The team wrote in an announcement that they had no choice but to sell the treasury wallet to drain the liquidity pool, which is locked to... well, stop the project team from draining the project and rug-pulling. At the time of announcement, the project team had around 950 ETH (~$1.5 million) in the treasury wallet.
Some pointed out that they could simply set the tax to 0% and carry on without the hefty sales tax, but that didn't seem to appeal to the project's creators. Some also speculated that the team might just take the money and run after draining the LP.
Fortress Trust hit by "security incident", bailed out by Ripple
On September 7, Fortress Trust disclosed that several customers had been "impacted by a third-party vendor" compromise. On September 8, Fortress Trust announced they had been acquired by Ripple. On September 11, The Block reported that Ripple had covered undisclosed losses to customers as a part of the acquisition deal. The losses were later disclosed to be around $15 million, and the third-party vendor was said to be a company called Retool, who blamed the compromise on a social engineering attack against one of their employees.
- Tweet thread by Fortress Trust [archive]
- "Ripple Acquires Crypto-Focused Chartered Trust Company Fortress Trust", CoinDesk [archive]
- "Ripple made Fortress customers hit by security incident whole as part of acquisition", The Block [archive]
- "Episode 125 – How to Steal Almost $100 Million: Prime Trust goes Bust", Crypto Critics' Corner [archive]
Paxos pays $500,000 fee to send $1,865
Bitcoiner Jameson Lopp speculated that the transaction "looks like an exchange or payment processor with buggy software" based on its transaction history. "The address in question that made the fee calculation error has the characteristics of a withdraw-only hot wallet from an enterprise," he wrote.
His observations were well-founded, as it later came out that the wallet belonged to the Paxos blockchain company, who attributed the overpayment to a bug. Luckily for Paxos, the miner who snapped up the outsized fee agreed to refund it.
- Bitcoin transaction on Blockchain.com explorer [archive]
- Tweet thread by Jameson Lopp [archive]
Vitalik Buterin's Twitter account hacked to promote crypto scam
However, the link was a scam, and anyone who connected their wallet risked having their wallet drained of its cryptocurrency and NFTs. Some blue-chip NFTs were stolen, including two CryptoPunks (a collection with a floor price of around 47 ETH, or $76,800). Altogether, stolen assets surpassed $650,000 in value within a few hours of the theft according to zachxbt, though this counts notoriously difficult-to-value NFTs.
The tweet was taken down within twenty minutes of being posted. All in all, posting a link to a wallet drainer was probably among the least effective things the attacker could do with the Twitter account of a person whose word can dramatically move markets.
It did seem to be something of a stark warning to some in the crypto world, however, who expressed sentiments along the lines of "if Vitalik can get hacked, anyone can."
NFT startup Glass shuts down a year after raising $5 million
In September 2022, the startup managed to raise $5 million from investors including TCG Crypto and 1kx. Either that money's run out, or they're cutting their losses early.
Founder of the Thodex crypto exchange sentenced to 11,196 years in prison
He was arrested in August 2022 after a year on the run. Now, he and his brother and sister have all been sentenced to 11,196 years in prison – sentences so over the top that one has to wonder if perhaps Turkish prosecutors are worried the Özers are some kind of crypto-focused vampire crime family. They will also pay a 135 million lira fine (~$5 million).
CFTC goes after three defi projects
The CTFC stated: "Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not."
Fourth FTX exec pleads guilty, agrees to forfeit $1.5 billion
As part of the deal, Salame has agreed to forfeit $1.5 billion. He will also pay $5.6 million restitution to FTX debtors and $6 million to the U.S. government, and will forfeit two homes in the Berkshires and a 2021 Porsche 911. According to the New York Times, he is not cooperating with the investigation.
Salame's sentencing is scheduled for March 2024.
Victim loses around $24 million in phishing scam
The wallet address used by the phisher has been associated with multiple crypto phishing websites which attempt to convince users to authorize transactions, often by impersonating known crypto projects or promising token airdrops.
High-profile streamers bail on MrBeast-promoted Creator League after learning there are blockchains involved
YouTuber CDawgVA publicly withdrew from the project on September 3, writing, "I was not told or made aware at any point that there was Blockchain technology and was only made aware of that information when the event went live. I was given assurances that it had nothing to do with NFT's. Given my vocal hatred of such tech, I would never agree to join had I known that."
The creator of the OTK Network, which had agreed to participate in the League, wrote: "We were told there was no NFT/crypto component but looks like that may not be the case."
Creator League issued a statement attempting to downplay its blockchain usage, emphasizing that people who purchased "Creator Passes" were not buying cryptocurrency or NFTs. "The Creator League is not an NFT project and we have never sold tokens," they insisted. "Those buyers who remain uncomfortable with the blockchain technology can request a refund," they continued.
Now, Creator League has been postponed. eFuse, the company behind it, has also just announced a 30% layoff amid company restructuring.
Stolen LastPass vaults possibly cracked to enable crypto thefts
A report by cybersecurity expert Brian Krebs outlines how various experts have come to this conclusion after analyzing a long string of crypto thefts perpetrated against people with otherwise strong security practices. Altogether, the thefts suspected to have been enabled by the LastPass breach amount to more than $35 million.
- "Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach", Krebs on Security [archive]
GMBL.COMPUTER crypto casino exploited hours after launch
GMBL offered a "bug bounty" to the attacker, inviting them to return 90% of the stolen funds in exchange for a promise not to pursue legal action. The exploiter later returned 235 ETH (~$382,000), or half what they had stolen.
GMBL promised that "we are going to thoroughly test everything again before re launching".
MetaMask phishing scammers hijack government websites
Once victims visit the fake site, they're prompted to connect their MetaMask wallets to access various services, which would allow the scammers to steal any assets in the wallets.
Genesis to close U.S. spot trading business
"The decision was made voluntarily and for business reasons," the email claimed.
Genesis is a subsidiary of the Digital Currency Group (DCG) conglomerate, which has since the beginning of the year seen its Genesis platform enter bankruptcy, shuttered its TradeBlock subsidiary, and is reportedly approaching a deal to sell its CoinDesk crypto media outlet.
Nima Capital accused of rug pull
Synapse posted on Twitter that they were "investigating unusual activity" on the wallets of one of their liquidity providers, and were "working to get in touch with them".
The $SYN token plummeted almost 25% after the sell-off, later recovering somewhat.
Crypto casino Stake hacked for over $40 million
Stake acknowledged the attack on their Twitter account, writing that "We are investigating and will get the wallets up as soon as they're completely re-secured."
Stake is an Australia-based cryptocurrency casino and sports betting platform that has enjoyed endorsements from various celebrities, and which shelled out $100 million in 2022 for an endorsement deal with Drake.
On September 6, the FBI announced that they believed the Lazarus Group was behind the theft. Lazarus is a group of North Korean state-sponsored hackers allegedly responsible for crypto hacks totaling hundreds of millions of dollars.
Gala Games co-founders sue each other over claimed hundreds of millions in losses
In a competing lawsuit, Wright Thurston alleges that Schiermeyer unilaterally misused over $600 million in company funds in wasteful actions that were "often for his own personal benefit", including to buy a private jet and hire architects and designers for personal real estate projects.
The $GALA token dropped 5% on the news of the lawsuits.
Starknet upgrade leaves $550,000 inaccessible
After user backlash over a cumulative $550,000 in funds that were inaccessible to people who hadn't heard about the breaking change, Starkware re-enabled the ability for people to upgrade their wallets – leading some to question why it was ever disabled in the first place if it could be trivially re-enabled to prevent the loss of half a million in assets.
Blockchain gaming streamer loses life savings after exposing private key on stream
Apparently realizing his mistake, Fraternidade Crypto ended the stream, and says he tried to relocate the crypto to a new wallet. It was too late, however, and someone watching had already taken the around 86,000 MATIC (~$50,000) and various NFTs in the wallet.
Fraternidade Crypto posted an emotional video after the fact, explaining that the stolen funds were his life savings. He said he planned to file a police report, and also offered a reward for the return of the funds.
Fortunately, he was able to recover the stolen MATIC, though he says he has not been able to recover the NFTs, which have "incalculable value as they are NFTs, estimated value of approximately 15k dollars still lost".
Impact Theory to pay $6.1 million for unregistered NFT offering in an SEC first
As a part of the agreement, Impact will destroy all remaining Founder's Keys NFTs, forgo royalties from future secondary sales, and publish a notice of the order on its websites and social media.
Founder's Keys in the rarest tier have recently sold for $1,500 apiece, and promised to give their holders access to Impact Theory's self-help content, which supposedly taught viewers how to "unlock their potential and pursue greatness". According to the SEC, the company encouraged holders to view the tokens as an investment into the business.
Clockwork project to shut down due to "limited commercial upside"
A user asked what would happen to remaining seed money, if any, in a Twitter reply. Garfield answered that they "still have a meaningful portion of our seed funding" but that he hadn't decided what to do with it.
Balancer drained of over $2 million following vulnerability warning
Balancer acknowledged the hack, writing on Twitter that "Balancer is aware of an exploit related to the vulnerability [disclosed on August 22]. Mitigation procedures have drastically reduced risks, but [we] are unable to pause affected pools." They reiterated that users needed to withdraw funds from affected liquidity pools to prevent further thefts.
The blockchain researcher known on Twitter as MevRefund questioned why Balancer didn't execute a whitehat attack on their own protocol to try to safeguard the vulnerable funds.
NFT collector SOL Big Brain loses around $1.5 million to phishing scam
However, the attacker had set up a contract which used permit phishing to drain SOL Big Brain's wallet. He lost $740,000 in stablecoins, $550,000 in ETH, and another $200,000 in the GEAR token.
"Today is a bad day," wrote SOL Big Brain on Twitter.