Fintoch scammers strike again with $1.6 million FinSoul scam

A metaverse gaming project called FinSoul promised users “sandbox worlds, multiplayer sports, leisure experiences, player socializing, MMORPG,” and other features. However, on October 10, the project team made off with $1.6 million, which they then tumbled through Tornado Cash.

The team behind the FinSoul project was reportedly the same as the group who pulled off the much larger $31 million Fintoch exit scam in May. They used similar strategies, including using paid actors to pose as their executive team, to push the FinSoul scam.

FSL token rug pulls for $1.68 million within 24 hours of launch

The BNB Chain-based FSL token rug pulled within 24 hours of launching, with developers draining $1.68 million of liquidity they had amassed.

Goldfinch lending platform facing $7 million loss

Goldfinch is a decentralized lending platform aiming to provide undercollateralized loans, an unusual strategy in the crypto world where loans are typically overcollateralized due to the difficulty in evaluating the trustworthiness of borrowers and in preventing them from just taking off with the loan funds.

They may now be discovering this was a bad idea, as an impending default on a $20 million loan from February 2022 threatens the platform with a possible $7 million loss.

The loan went to a fintech credit fund called Stratos, who in turn used the money for a risky real estate technology investment (now written down to zero), crypto investments of their own (not disclosed to Goldfinch, and sold at a "near full loss"), and other investments. Stratos is, awkwardly, an investor in Goldfinch, and Stratos' founder was an advisor.

This is not the first loan gone bad for Goldfinch, who suffered a loss when an African motorcycle taxi financing company used a $5 million loan to try to plug the hole in the finances of a sister company.

A commenter on the disclosure about the distressed loan wrote, "This is the second occurrence of a lack of transparency from a borrower or a lack of auditing capability from Goldfinch. We can all appreciate that Warbler Labs will backstop the loss, but it is increasingly worrying to discover a complete lack of control from the loan underwriter, especially in the context of Stratos being an equity investor in Goldfinch."

Trader Joe's sues Trader Joe

The American supermarket chain and cookie butter paradise, Trader Joe's, has filed a lawsuit against the popular Trader Joe decentralized exchange. According to the lawsuit, the supermarket believes the exchange is trying to benefit off the supermarket's popularity.

This is actually the second such lawsuit by the supermarket against the exchange, after the first was thrown out when defendants claimed that they had simply named the project after the co-founder's brother, Joe. However, shortly after the victory, a co-founder admitted on their blog that they "just named it Trader Joe, after the supermarket".

Trader Joe's is seeking all profits made by the exchange, plus damages and compensation for the failed lawsuit last year.

3Commas suffers another security breach

3Commas, a crypto trading bot provider, suffered another security breach in which some customer wallets were used to make unauthorized trades. They haven't disclosed how much in assets were lost.

This isn't the first security breach to tarnish 3Commas' reputation. In October 2022, customers reported losing a significant amount of assets in what 3Commas first tried to blame on phishing websites resembling FTX. 3Commas months later owned up to the fact that their database had been compromised, and that API keys were leaked.

UK's Financial Conduct Authority warns of Huobi and KuCoin

The United Kingdom's Financial Conduct Authority (FCA) has added another 146 entries to its "warning list" of unauthorized firms, including the crypto exchanges Huobi and KuCoin. The additions pertained to new regulations that require crypto firms who want to run promotions in the country to register with the FCA, and comply with regulations aiming to prevent misleading advertisements.

The warning list was created to notify potential users of these firms, and to inform them that losses related to the use of those platforms won't be covered by the UK's compensation scheme.

Huobi has claimed they don't operate or promote in the UK, while KuCoin gestured towards adjusting its practices in the UK. Firms on the warning list may be subjected to more serious enforcement actions in the future, including fines or even prison time.

Astrology-themed NFT project Lucky Star Currency rug pulls for $1.1 million

Lucky Star Currency was an NFT-focused project released by a group claiming to be made up of astrologists. The group was heavily promoted on Chinese news and Q&A platforms. However, not long after its release, the contract creator withdrew more than 1.6 million LSC tokens and swapped them for approximately $1.1 million.

Bitcoin mining hardware manufacturer Bitmain stops paying employees

Bitmain, the manufacturer of popular Bitcoin mining equipment (known as ASICs), is apparently in such dire financial straits that it can no longer pay employee salaries. Local media reported that all "bonuses and incentives" were nixed by the Beijing-based company, and the firm is considering cutting all wages by 50%. They also wrote a letter to employees, informing them that they would not be paying out September salaries until a review later in the month.

Stars Arena exploited for $3 million

Stars Arena, an Avalanche-based dupe of the popular Friend.Tech project, suffered a serious exploit in which an attacker drained tokens priced at around $3 million.

Avalanche co-founder and CEO Emin Gün Sirer drew widespread mockery when announcing that "the amount lost is only $3m", apparently not perceiving that $3 million is a massive sum to most people. He also didn't mention that it constituted almost the entire total TVL of the Stars Arena project, which was left with less than $1 in tokens following the attack.

Stars Arena was fortunate, in that the hacker ultimately contacted them offering to make a deal. The attacker returned 90% of the funds, keeping $300,000 as a "bounty".

THORSwap temporarily shuts down web interface as FTX hacker tries to launder $131 million

The THORSwap decentralized exchange has put its web interface into "maintenance mode" in hopes of thwarting the thief who stole over $400 million from the FTX exchange as it was mid-collapse in November 2022. Those funds have remained largely for almost a year, until the thief began moving funds recently — interestingly, coinciding with the start of Sam Bankman-Fried's criminal trial.

The attacker tried to launder around $131 million of the stolen assets by routing them through services including Railgun and THORSwap. After "consultation with advisors, legal counsel, and law enforcement", THORSwap decided to pause its web interface in hopes of making money laundering more challenging for the attacker — although the thief could still interact with the THORSwap smart contracts directly, if they so chose.

Some criticized THORSwap for apparently caving on its censorship-resistant, decentralized ethos. Others, however, saw the move as understandable given the THORSwap developers reside in the United States, which has recently cracked down on mixing services that facilitate the laundering of illicit funds.

Gitcoin loses $500,000 in transfer SNAFU

After agreeing to allocate $500,000 to "MMM" (merchandise, memes, and marketing — no, really), Gitcoin screwed up sending the money so badly that it's gone forever. Whoever was in charge of making the transfer accidentally pasted the Gitcoin contract address into the recipient field, rendering the tokens permanently inaccessible. Such mistakes can be devastating, and yet are very common in the crypto world, where transfers are irreversible.

Bored Apes' Yuga Labs lays off employees

A sad-looking ape with dark grey fur, wearing a yellow rain cap and a striped shirtBAYC #5262 (attribution)
Even the best known NFT brand can't escape the effects of a collapsing industry. Yuga Labs, the company behind the blue-chip Bored Apes NFTs and related collections, and the acquirers of collections including CryptoPunks, has announced that it will be joining the many other companies in the crypto world performing layoffs. They did not disclose how many employees would be losing their jobs.

"It's a challenging time, not only for our industry but also for the global economy," wrote Yuga Labs CEO, apparently hoping that people ignorant to the past year of disaster across the NFT industry might be willing to attribute Yuga Labs' struggles to macroeconomic forces and not the implosion of the crypto — and particularly NFT — world.

BigWhale loses $1.5 million in private key leak

The defi staking and lending project BigWhale announced that the private key to one of their crypto wallets had been leaked, and 7,200 BNB (~$1.5 million) had been stolen.

In a long post on Twitter, the project promised "we will refund all investor funds down to the last cent". They also wrote that "Not only are we going to use the fullest extent of the law to go after the person or persons behind this hack / attack, we will also use ALL OTHER MEANS NECESSARY - and we do have such resources at our disposal, to go after the ones who are behind this. (We work with assets within the Russian government directly...)"

In a later post on their website, however, they wrote that they do "not bear legal liability to refund investors for the losses incurred unless the hacked funds are successfully recovered", attributing the incident to force majeure. They repeatedly claimed that they had not been involved in the theft. The project completely took down its website, redirecting it to this post.

Crypto.com fined $3.1 million in the Netherlands for operating without registration

Crypto.com spent around two years operating in the Netherlands without bothering to register as required by the Dutch central bank — or pay the supervisory fees they were supposed to be paying. On October 2, 2023, the central bank imposed a €2.85 million (US$3.12 million) fine on the company for the period of unlicensed registration. The company had registered with the regulator in July of that year.

The fine was announced in March 2024, and Crypto.com said it had appealed the penalty.

Crypto.com was hardly the first exchange to fall afoul of the regulator: Binance was fined $3.35 million in July 2022 for the same, and Coinbase was hit with a $3.6 million for the same in January 2023. Binance later shut down their Dutch operations after failing to obtain a license.

Former FTX auditor Prager Metis sued by SEC for hundreds of alleged violations

Prager Metis' headquarters in Decentraland, a blocky, slightly futuristic, grey and orange building with the Prager Metis logoPrager Metis' headquarters in Decentraland (attribution)
The U.S. Securities and Exchange Commission filed a lawsuit against auditor Prager Metis, who they allege violated auditor independence rules and aided and abetted their clients' violations of federal securities laws. According to the SEC, Prager Metis included indemnification provisions in more than 200 audits, reviews, and exams, which renders the firm no longer independent in its investigations of those clients.

Prager Metis is among the auditors who audited FTX, and was noted by FTX's CEO-in-bankruptcy John J. Ray III for advertising itself as "the first CPA firm to officially open its headquarters inside the metaverse".

None of the clients involved with the faulty audits were disclosed in the lawsuit, and the SEC has not issued any statements connecting the charges to the FTX collapse.

Three Arrows Capital co-founder Su Zhu jailed for four months

Co-founder of the collapsed Three Arrows Capital hedge fund, Su Zhu, was arrested in Singapore while allegedly trying to leave the country. He and his cofounder Kyle Davies have been uncooperative with investigations into the June 2022 implosion of the fund, and were both sentenced to four months imprisonment as a result. Davies has not been arrested because his whereabouts are currently unknown.

Three Arrows Capital fell apart in June 2022, and was among one of the first major collapses that set off a domino effect of crypto company failures throughout that summer and the rest of the year.

Chase UK to block payments for crypto

Chase Bank’s UK branch has decided it will completely block debit card purchases and bank transfers that it identifies as being "related to crypto assets", a move they say is motivated by an increase in crypto scams targeting UK customers. Chase customers who want to buy crypto will have to use some other bank, Chase has said.

The change is scheduled to go into effect on October 16.

JPEX appears to be a $191 million fraud

After the Hong Kong-based JPEX exchange limited withdrawals amidst what appeared to be an impending collapse of the platform, things are now looking a lot more like fraud.

Police have received more than 2,200 complaints pertaining to the exchange, involving $191 million (and counting) in possible losses. Eleven people, including various crypto influencers who had promoted the exchange, were taken in for questioning. However, police have said those eleven people were not likely central to the fraud, and that the leaders of the JPEX project are on the run.

According to the South China Morning Post, "The alleged case of financial fraud involving HK$1.37 billion is the largest of its kind in Hong Kong's history."

Upbit briefly suspends Aptos transactions after people were able to deposit counterfeit tokens

Upbit, a major South Korean cryptocurrency exchange, suddenly suspended deposits and withdrawals of the Aptos $APT token after some users were able to deposit and withdraw fake versions of the token that were intended to spoof the original. Because of a bug in how Upbit verified tokens, transfers of the spoofed token were identified as transfers of the native Aptos token, which could have caused a massive loss if users began redeeming the fake Aptos tokens as though they were real.

However, a bug on the part of the counterfeiter prevented massive losses. The spoofer used only six decimal places instead of eight, meaning that those who tried to redeem the fake tokens only received $250 instead of $25,000.

Upbit later re-enabled Aptos transactions after patching the bug.

Huobi exchange hacked for $8 million

Justin Sun confirmed on September 25 that his crypto exchange Huobi (recently rebranded to "HTX") had been hacked for 5,000 ETH ($8 million) the prior day. He reassured customers that the exchange would be covering the shortfall, and that "all user assets are #SAFU".

Sun offered a bounty to the hacker to return 95% of the funds, also promising to hire them as a "security white hat advisor" for the exchange. Otherwise, he threatened to go to law enforcement.

Two weeks later, the thief returned the funds, with a note that their hot wallet key had leaked. Huobi paid the $410,000 bounty.

Mixin Network discloses $200 million hack

The operators of the Mixin Network disclosed that hackers had stolen around $200 million in funds in the largest known hack of the year (to date). Mixin Network is a cross-chain project that boasts zero transaction fees.

In their announcement, Mixin wrote that "the database of Mixin Network's cloud service provider was attacked by hackers", leading to some confusion as Mixin is supposed to be a decentralized network that ostensibly shouldn't have a centralized cloud database.

Mixin announced they would be suspending deposits and withdrawals pending analysis of the incident. They also told users that they would be compensated "up to a maximum of 50%" on assets that had been stolen from them, and receive "tokenized liability claims" (that is, IOUs) for the rest.

Wallet phished for $4.46 million in fake mining scam

Someone lost over $4.4 million of the Tether stablecoin after falling victim to a phishing scam that promised them fake mining rewards. A phisher lured in the victim, likely earning their trust and then promising high returns thanks to a "mining" operation. Typically, these projects fool their victims by showing them a growing balance on the platform's software, even as the phishers drain their wallets.

These types of scams draw in tens of millions of dollars each month, and one researcher has estimated around $350 million in Tether have been stolen in these types of scams since September 2021.

Balancer frontend compromised

Balancer issued an urgent warning to stop using its web interface, as it was evidently compromised by malicious actors who redirected the funds to themselves. Within 30 minutes of the tweeted warning, $240,000 had already been stolen.

This is the second theft from Balancer in a month, after it warned of a critical vulnerability on August 22, and that vulnerability was exploited for around $2 million several days later.

JPEX hikes withdrawal fees amidst possible collapse

"We believe that the platform will not collapse," wrote JPEX, amidst apparent collapse. JPEX is a Hong Kong crypto exchange that was advertising more than 20% APY on various staking products.

The JPEX cryptocurrency exchange was the subject of a September 13 consumer warning by the Securities and Futures Commission (SFC), who said they were promoting services to Hong Kong residents without proper licensure. The following day, attendees of the Token 2049 crypto event observed that JPEX had abandoned the booth they'd rented. Then, JPEX hiked their withdrawal fees to as high as $999, and limited withdrawals to $1,000.

According to the South China Morning Post, customers have filed at least 83 complaints about the exchange, pertaining to crypto assets priced at $4.3 million. Hong Kong police have disclosed they are investigating the firm.

JPEX released a statement that the SFC was "exerting undue pressure on our platform", and asserted that the watchdog should "bear full responsibility for undermining the prospects" of the crypto industry in the region. Later, they accused their "partnered third-party market makers" of "maliciously fr[eezing] funds". They announced that, as a result, they would be pausing their Earn product. They also suspended their platform's gaming feature.

PolkaWorld halts operations, blames community governance

PolkaWorld, a major community within the Polkadot blockchain project, has announced that they will have to suspend operations as a funding proposal was overwhelmingly rejected. In June, Polkadot changed their governance model to community voting, away from a model in which small groups of ostensible experts made decisions for the network. PolkaWorld has blamed the failure of their request for 16,842 DOT (~$70,000) to fund Q4 2023 operations on this new voting model, which shut down their request with 93.3% "no" votes.

"Personally, we believe decentralization only works for the 'informed', it's not for everyone, no offense meant," wrote PolkaWorld on Twitter.

Killer Whales crypto reality show launches about two years too late

Promotional image for Killer Whales showing a group of judges standing behind the logoKiller Whales promo image (attribution)
Maybe they'd sunk too much money into producing Killer Whales to back out, or maybe its creators actually think that a Shark Tank-style crypto reality TV series is what it will take to return crypto to its former glory. A crypto-boosting show judged by crypto industry hustlers like Anthony "The Mooch" Scaramucci and shady operator Mario Nawfal has just published trailers for its scheduled January 2024 debut.

The trailer for the show features a duo pitching "Ape Water": Bored Ape-branded canned water that sells for $2.80/can. "We want to reimagine water... When you scan the can, that's when crypto and web3 is unlocked," says the booster. Revolutionary.

Even crypto Twitter seemed less than enthused, with one person writing that the show was "like Shark Tank, but cringe". Another wrote, "Just take a peep at the panel of judges it's full of crypto grifters and scammers".

Ethereum bungles "Holesky" testnet launch

Ethereum prepared to launch a new test network, called "Holesky", which was supposed to be massive compared to the mainnet in order to work on scaling problems. The launch was supposed to coincide with Ethereum's September 2022 "Merge", in which the network finally pulled off the long-awaited switch from proof of work to proof of stake.

However, the Holesky launch was a failure when developers misconfigured the network, causing it to fail to initiate. Developers announced they would try to relaunch the project a week after its intended go-live date. At least it was just a testnet.

Nouns DAO fractures in $27 million split

A pixel art illustration of a figure with a white teacup for a head, wearing boxy pink sunglasses and a green sweaterNoun #848 (attribution)
Nouns DAO, one of the most prominent Ethereum DAOs, has split into two projects after holders of around 56% of the Nouns NFTs in circulation voted to "ragequit". This means that they have forked into a new DAO, taking 16,757 ETH (~$27.3 million) of the original DAO's treasury with them.

Nouns NFTs have been popular since the project's launch in 2021, and in mid-2022 enjoyed a floor price of over 100 ETH (then over $150,000). Now they tend to sell for around 35 ETH (~$57,000). The DAO has used its substantial treasury to fund a wide range of projects, from creating Nouns short films, to distributing eyeglasses to kids, to partnering with Bud Light for a Super Bowl commercial in 2022.

Now, however, more than half of the project has opted to leave, with some leavers citing flawed decisionmaking and lack of leadership. As for the new fork, some Nouns owners may choose to "ragequit" — that is, forfeit their NFT and cash out their portion of the treasury (around 35.5 ETH, or $57,850, apiece). Some arbitrageurs have been buying Noun NFTs for months, hoping to use this ragequit functionality to profit.

NFL quarterback Trevor Lawrence, others settle FTX class action claims

Collage of photos of Trevor Lawrence, Kevin Paffrath, and Tom NashTrevor Lawrence, Kevin Paffrath, and Tom Nash (attribution)
Jacksonville Jaguars quarterback Trevor Lawrence has agreed to settle claims against him made in a class action lawsuit by FTX customers who say his endorsement of the fallen crypto exchange contributed their decision to use it. Also settling are finance YouTuber and crypto shills Kevin Paffrath and Tom Nash. The terms of the settlements were not disclosed.

Lawrence, Paffrath, and Nash are far from the only people facing class actions over their endorsements of FTX. Tom Brady, Gisele Bundchen, Steph Curry, Shaquille O'Neal, Larry David, are also facing lawsuits over their activities in promoting the firm.

Remitano hacked for $2.7 million

Crypto exchange Remitano suffered a hack in which $2.7 million in Tether (USDT), USDC, and Ankr was drained from the exchange's hot wallets across three blockchains. Luckily for them, Tether was able to freeze $1.9 million of the stolen funds, substantially reducing the attacker's profits.

Remitano acknowledged the hack, writing that they had suffered a "data breach from a third-party source". They have claimed that users' assets will not be affected by the theft.

Remitano is a peer-to-peer crypto exchange focused on emerging markets, including Nigeria, Pakistan, Venezuela, and Malaysia.

Crypto booster Mark Cuban hacked for $870,000

Mark CubanMark Cuban (attribution)
Billionaire crypto evangelist Mark Cuban apparently fell victim to a hack when an attacker was able to siphon around $870,000 in multiple cryptocurrencies from a wallet belonging to him. Cuban later acknowledged the hack to DL News. "They must have been watching," he said, explaining that "I'm pretty sure I downloaded a version of MetaMask with some shit in it".

This isn't the first time Cuban has been burned by the crypto industry. In June 2021, he lost "enough that I wasn't happy about it" in the collapse of the Titan stablecoin. Cuban is also a defendant in a class action lawsuit related to his endorsement of Voyager, a crypto broker that collapsed in July 2022.

Genesis closes trading entirely

After announcing on September 5 that Genesis would be closing their U.S. spot trading business in a "decision ... made voluntarily and for business reasons", Genesis has now announced that they will be closing all trading. They again write that "This decision was made voluntarily and for business reasons" - the kind of statement that gets less believable the more they repeat it.

Although Genesis Global Capital filed for bankruptcy in January 2023, portions of its business were excluded from the bankruptcy and continued to operate.

SEC charges Mila Kunis-backed Stoner Cats NFT project

An illustrated beige cat, with eyes pointed in opposite directions, wearing a yellow rain hat on a rainy day. It's holding a roll of $100 bills in one hand and a baggie of marijuana in the otherStoner Cat #7605 (attribution)
In a rather amusing press release, the SEC announced they had charged "Stoner Cats 2 LLC" with conducting an unregistered securities offering when they raised $8.2 million selling NFTs that were intended to finance an animated web series called Stoner Cats.

The series was developed by Mila Kunis and her production company, and she, Ashton Kutcher, and Chris Rock all performed in the show, which ultimately aired six episodes accessible only to those who hold the NFTs. The premise, according to the SEC, is "house cats that become sentient after being exposed to their owner's medical marijuana".

The SEC determined that the project had marketed the NFTs as an investment in a web series enterprise, and had therefore violated securities laws by not registering with the SEC. Stoner Cats 2 LLC agreed to a cease-and-desist order, and will pay a $1 millon penalty.

OneCoin cofounder gets 20 years in prison

Ruja Ignatova and Karl Sebastian Greenwood photographed in front of a OneCoin branded backdropRuja Ignatova and Karl Sebastian Greenwood (attribution)
Karl Sebastian Greenwood, co-founder of the notorious OneCoin ponzi scheme, was sentenced to 20 years in prison after pleading guilty to fraud and money laundering charges. He will also forfeit $300 million, much of which he spent on real estate, luxury vacations, and a yacht.

OneCoin operated out of Bulgaria, and was founded by Greenwood and "Cryptoqueen" Ruja Ignatova, the latter of whom has been on Europol's most wanted list since May 2022. The fraud amounted to around $4 billion and affected at least 3.5 million victims.

Binance.US CEO Brian Shroder bails as the company cuts 1/3 of its employees

Brian Shroder, wearing a Binance shirt under a suit coatBrian Shroder (attribution)
Brian Shroder, the CEO of Binance's US entity, has left the crypto exchange as it faces an existential lawsuit from the U.S. SEC. Shroder is only the latest exec to leave Binance and its various regional arms in what is becoming a mass exodus in recent months. The company has also lost its general counsel, chief strategy officer, head of investigations, a senior VP of compliance, and two leaders of Binance's Russian arm.

Simultaneously, Binance.US announced it would be cutting 1/3 of its employees, or more than 100 people. This is the second staffing cut since the SEC lawsuit was filed in June — Binance.US cut around 50 positions, then around 10% of employees, shortly after the lawsuit was announced. The primary Binance entity also fired more than 1,000 people in July.

CoinEx hacked for $70 million

Various blockchain watchers noticed suspicious transfers from a hot wallet known to belong to the CoinEx cryptocurrency exchange. CoinEx later confirmed a "security incident" involving "unauthorized transactions", and disclosed that around $70 million was stolen. Outside researchers have suggested that the thieves appear to be a part of the North Korean state-sponsored hacking group, Lazarus.

CoinEx is based out of Hong Kong, and was recently forced to stop serving US customers as part of a settlement with the New York Attorney General which also required them to pay a $1.7 million fine.

Developer steals $1 million from the group behind Milady NFTs

A pixel art image of a humanoid robot holding a paint palette, with a small dog by its feet, and a desert with a cactus in the backgroundBonkler #150 (attribution)
A developer working on an NFT project spearheaded by Remilia, the DAO behind the Milady NFT project, stole around $1 million from the group by diverting fees generated by their new Bonkler "experimental finance art project". According to leader Charlotte Fang, the developer "also seized codebases and coordinated with two others on the team in an attempt to seize control of our social media, followed by demands for a significant portion of our treasury, including the NFT reserves." Fang stated that they believed they knew the thief's identity and had filed a lawsuit against them, and promised that they "will now be dealt with through the heavy hand of the law".

Remilia is a very controversial group, particularly after it was exposed that leader Charlotte Fang was a major figure in a white supremacist cult known as Kali Yuga Accelerationism (abbreviated "kaliacc"), and involved in a 4chan suicide cult.

Fang announced the theft on September 11 in a tweet accompanied by a glitch art image derived from a photo of the Twin Towers engulfed in flames and smoke shortly after the 9/11 terrorist attacks.

Banana Gun bot launches token, sparks rug pull fears as they disclose a bug

The team behind Banana Gun, a Telegram bot to help "snipe" token launches, launched a token associated with the project on September 11. Only hours later, they announced in a tweet that they'd uncovered a bug in their smart contract that meant that when people sold tokens, the 4% tax that was meant to go to the project was also kept in individuals' wallets.

The team wrote in an announcement that they had no choice but to sell the treasury wallet to drain the liquidity pool, which is locked to... well, stop the project team from draining the project and rug-pulling. At the time of announcement, the project team had around 950 ETH (~$1.5 million) in the treasury wallet.

Some pointed out that they could simply set the tax to 0% and carry on without the hefty sales tax, but that didn't seem to appeal to the project's creators. Some also speculated that the team might just take the money and run after draining the LP.

Fortress Trust hit by "security incident", bailed out by Ripple

Fortress Trust is a crypto custody and blockchain infrastructure company, founded by Scott Purcell. Purcell is also known for founding Prime Trust, which later lost over $75 million in customer funds, squandered another $8 million gambling on Terra/Luna just before its collapse, and then filed for bankruptcy in August 2023. Purcell is also embroiled in a lawsuit from former company Banq, now also bankrupt, which alleges he stole trade secrets and other valuable material to start Fortress.

On September 7, Fortress Trust disclosed that several customers had been "impacted by a third-party vendor" compromise. On September 8, Fortress Trust announced they had been acquired by Ripple. On September 11, The Block reported that Ripple had covered undisclosed losses to customers as a part of the acquisition deal. The losses were later disclosed to be around $15 million, and the third-party vendor was said to be a company called Retool, who blamed the compromise on a social engineering attack against one of their employees.

Paxos pays $500,000 fee to send $1,865

A wallet on the Bitcoin blockchain paid a 19.82 BTC ($499,171) fee to transfer 0.074 BTC ($1,865). Put another way, they spent 270x the transaction value to pay the fee. Bitcoin transaction fees are required to make any action on the Bitcoin blockchain, and people can opt to pay higher fees to incentivize their transactions being processed sooner. 19.82 BTC is far outside the realm of someone just hoping to get a speedy transaction, however — the next-highest transaction fee in that block was 0.006 BTC ($159.20).

Bitcoiner Jameson Lopp speculated that the transaction "looks like an exchange or payment processor with buggy software" based on its transaction history. "The address in question that made the fee calculation error has the characteristics of a withdraw-only hot wallet from an enterprise," he wrote.

His observations were well-founded, as it later came out that the wallet belonged to the Paxos blockchain company, who attributed the overpayment to a bug. Luckily for Paxos, the miner who snapped up the outsized fee agreed to refund it.

Vitalik Buterin's Twitter account hacked to promote crypto scam

Scam tweet from the Vitalik Buterin account, reading: "To celebrate Proto-Danksharding coming to Ethereum, @Consensys is marking the moment with a commemorative NFT.
"Proto", honors the work of the devs who made this possible. The collection is free for the next 24 hours.
Claim your piece of history:"Scam tweet by Vitalik Buterin (attribution)
The Twitter account belonging to Vitalik Buterin, inventor and effective leader of the Ethereum project, was hacked to promote a crypto scam. A tweet posted to his compromised account advertised a "commemorative NFT" to celebrate the impending release of "proto-danksharding", which is the actual name for an upcoming change to the Ethereum protocol.

However, the link was a scam, and anyone who connected their wallet risked having their wallet drained of its cryptocurrency and NFTs. Some blue-chip NFTs were stolen, including two CryptoPunks (a collection with a floor price of around 47 ETH, or $76,800). Altogether, stolen assets surpassed $650,000 in value within a few hours of the theft according to zachxbt, though this counts notoriously difficult-to-value NFTs.

The tweet was taken down within twenty minutes of being posted. All in all, posting a link to a wallet drainer was probably among the least effective things the attacker could do with the Twitter account of a person whose word can dramatically move markets.

It did seem to be something of a stark warning to some in the crypto world, however, who expressed sentiments along the lines of "if Vitalik can get hacked, anyone can."

NFT startup Glass shuts down a year after raising $5 million

The NFT startup Glass was operating under the assumption that YouTubers and others who post video content for fans online might want to mint those videos as NFTs, which their fans could then buy. Unfortunately for them, they have since "come to the conclusion that there is not sustainable demand for video NFTs".

In September 2022, the startup managed to raise $5 million from investors including TCG Crypto and 1kx. Either that money's run out, or they're cutting their losses early.

Founder of the Thodex crypto exchange sentenced to 11,196 years in prison

As of writing, the April 2021 $2 billion Thodex exit scam is the second largest exit scam recorded in the Web3 is Going Great leaderboard. Thodex was one of the largest crypto exchanges in Turkey, until its CEO, Faruk Fatih Özer, disappeared along with $2 billion in customer funds.

He was arrested in August 2022 after a year on the run. Now, he and his brother and sister have all been sentenced to 11,196 years in prison – sentences so over the top that one has to wonder if perhaps Turkish prosecutors are worried the Özers are some kind of crypto-focused vampire crime family. They will also pay a 135 million lira fine (~$5 million).

CFTC goes after three defi projects

The CFTC has announced charges and settlements against defi projects Opyn, ZeroEx, and Deidex for various commodities law violations. The projects will pay $250,000, $200,000, and $100,000, respectively, to settle the charges. They have also agreed to cease and desist the activities.

The CTFC stated: "Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not."

Fourth FTX exec pleads guilty, agrees to forfeit $1.5 billion

Ryan SalameRyan Salame (attribution)
Former CEO of FTX's Bahamian entity, Ryan Salame, has pleaded guilty to two criminal charges in the ongoing case against FTX and founder Sam Bankman-Fried. Salame (pronounced "Salem") is the fourth exec to plead guilty, following pleas from Caroline Ellison and Gary Wang in December 2022, and another from Nishad Singh in February 2023.

As part of the deal, Salame has agreed to forfeit $1.5 billion. He will also pay $5.6 million restitution to FTX debtors and $6 million to the U.S. government, and will forfeit two homes in the Berkshires and a 2021 Porsche 911. According to the New York Times, he is not cooperating with the investigation.

Salame's sentencing is scheduled for March 2024.

Victim loses around $24 million in phishing scam

A crypto phisher hit it big today when they lured in a victim with a massive wallet balance. The victim wallet was drained of 4,851 rETH and 9,579 stETH, both wrapped versions of ETH used for staking. Altogether, the tokens are priced at around $24 million.

The wallet address used by the phisher has been associated with multiple crypto phishing websites which attempt to convince users to authorize transactions, often by impersonating known crypto projects or promising token airdrops.

High-profile streamers bail on MrBeast-promoted Creator League after learning there are blockchains involved

Collage of eight influencers, with a "Creator League" logo above themPromo image for the Creator League (attribution)
A group of high-profile streamers and social media influencers agreed to join eFuse's "Creator League", where they would lead community e-sports teams. The project was announced on September 2, and was promoted by mega-influencer MrBeast. Only days later, the project has been put on hold after some of those influencers balked once they learned blockchains were involved.

YouTuber CDawgVA publicly withdrew from the project on September 3, writing, "I was not told or made aware at any point that there was Blockchain technology and was only made aware of that information when the event went live. I was given assurances that it had nothing to do with NFT's. Given my vocal hatred of such tech, I would never agree to join had I known that."

The creator of the OTK Network, which had agreed to participate in the League, wrote: "We were told there was no NFT/crypto component but looks like that may not be the case."

Creator League issued a statement attempting to downplay its blockchain usage, emphasizing that people who purchased "Creator Passes" were not buying cryptocurrency or NFTs. "The Creator League is not an NFT project and we have never sold tokens," they insisted. "Those buyers who remain uncomfortable with the blockchain technology can request a refund," they continued.

Now, Creator League has been postponed. eFuse, the company behind it, has also just announced a 30% layoff amid company restructuring.

Stolen LastPass vaults possibly cracked to enable crypto thefts

In November 2022, popular password management tool LastPass disclosed that hackers had stolen "password vaults" containing data belonging to more than 25 million users. Although the vaults themselves are encrypted, some experts now believe that these vaults are being cracked to enable access to crypto credentials stored within.

A report by cybersecurity expert Brian Krebs outlines how various experts have come to this conclusion after analyzing a long string of crypto thefts perpetrated against people with otherwise strong security practices. Altogether, the thefts suspected to have been enabled by the LastPass breach amount to more than $35 million.

GMBL.COMPUTER crypto casino exploited hours after launch

The brand new Arbitrum-based defi casino GMBL.COMPUTER was exploited for around 471 ETH (~$770,000). The project, which promises to "generate yield from casino games", had officially launched only hours earlier. The GMBL team later stated that they believed the exploit was due to a flaw in the platform's referral system, where people could place bets without depositing any funds and use them to generate referral bonuses.

GMBL offered a "bug bounty" to the attacker, inviting them to return 90% of the stolen funds in exchange for a promise not to pursue legal action. The exploiter later returned 235 ETH (~$382,000), or half what they had stolen.

GMBL promised that "we are going to thoroughly test everything again before re launching".

MetaMask phishing scammers hijack government websites

Phishing scammers hoping to lure victims into visiting fake websites resembling that of the popular MetaMask crypto wallet have adopted a new approach: compromising government websites. CoinTelegraph identified websites on domains belonging to the governments of countries including India, Nigeria, Egypt, Colombia, Brazil, Vietnam that had been compromised and modified to redirect to these scam sites. Some of them included the websites of the Nigerian postal service and, ironically, of Egypt's Consumer Protection Agency.

Once victims visit the fake site, they're prompted to connect their MetaMask wallets to access various services, which would allow the scammers to steal any assets in the wallets.