Radiant Capital sent an on-chain message to the attacker, offering to negotiate a bounty.
Radiant Capital lending protocol hacked for $4.5 million
- Tweet thread by Radiant Capital [archive]
- Tweet thread by PeckShield [archive]
- On-chain message from Radiant Capital to the exploiter [archive]
Wallet security startup founder scammed out of $125,000
"I just got scammed out of $125k of stEth while trying to claim the $LFG airdrop. And I'm a fking founder of a wallet startup that's trying to improve wallet security..." wrote Lou on Twitter. "This is the first time I've been scammed. I always read about others but you never think it could happen to you..." he wrote.
If the founder of a wallet security project can't avoid scams in the crypto world, what hope do the rest of us have?
Orbit Bridge hacked for $81 million
Orbit began sending the attacker on-chain messages, writing that "we will track you down and restore the damage you incurred to the ecosystem. And we will not stop." Orbit also wrote on Twitter that they were working with various law enforcement agencies.
Wallet gets phished for $4.4 million
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorizing the malicious drainer. It's not clear if that's how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.
UST and LUNA deemed securities in court
This is a major decision in the crypto world, which recently celebrated a decision in the SEC v. Ripple case, which found that some sales of Ripple's XRP token did not constitute unregistered securities offerings.
The SEC has maintained a position that the majority of crypto asset offerings are securities offerings, which has been an unpopular opinion among those in the cryptocurrency industry — which broadly does not wish to be regulated by the SEC.
- Memorandum & Opinion in SEC v. Terraform Labs [archive]
Levana Protocol loses over $1.1 million in slow motion
The attack was unusual in that it lasted almost two weeks, going unnoticed because it was draining pools slowly enough that the Levana team assumed it was organic activity. However, when the network became congested, the attack suddenly became more profitable — and more noticeable.
- "Levana exploit postmortem", Medium [archive]
Barry Silbert resigns from Grayscale board
Grayscale is in the midst of an application process with the SEC for approval to convert the trust into a spot bitcoin ETF. This has been an ongoing effort by Grayscale, and has been denied before.
DCG, meanwhile, is in the middle of financial difficulties and ongoing legal battles, including a lawsuit from the New York Attorney General alleging a $1 billion fraud by DCG and its Genesis subsidiary. The lawsuit from the NYAG also names Silbert personally.
Telcoin exploited for $1.25 million
Telcoin later announced that they "plan[ned] to restore all wallets to their previous balances", though did not say whether or how they would be making up the $1.25 million deficit.
Telcoin had been audited by CertiK, though CertiK tweeted to say that "this contract was not in the scope of the audit conducted by CertiK".
Tether mints itself a $1 billion Christmas present
On December 25, Tether minted 1 billion of its USDT dollar-pegged stablecoin. CEO Paolo Ardoino announced on Twitter that the mint was an "authorized but not issued transaction, meaning that this amount will be used as inventory for next period issuance requests and chain swaps". This seems to be a recent trend for Tether, as similar language was used for a $1 billion mint in September.
The activity has raised more questions around where the real money backing Tether is coming from, and if it even exists at all. Some have argued that these recent Tether mints are being used to artificially inflate the price of Bitcoin, which has been on an upward trend since mid-October.
Tether, which boasts a market cap of more than $90 billion, has never been audited, and has lied about its backing in the past.
Megabot exit scams for almost $750,000
Megabot had advertised itself as an AI trading bot that would earn users "up to 30% monthly". The team had promised that the bot would perform trades while "sidestepping potential risks such as honeypots, rugs, and slow rugs".
"No one will be able to rug you anymore", their website boasted. Ah, well.
Defunct BarnBridge reaches $1.7 million settlement with SEC
The SEC charged that the group had not registered their sale of the bonds as was required under US securities laws. BarnBridge shut down very shortly after the complaint was filed, without any input from its community, despite ostensibly being community governed.
- "BarnBridge DAO Agrees to Stop Unregistered Offer and Sale of Structured Finance Crypto Product", Securities and Exchange Commission press release [archive]
Catalyx exchange ordered to freeze trading after theft
Catalyx announced in a press release on December 28 that they had "recently discovered a security breach on the Platform in connection with the holding of crypto assets on behalf of clients. Management suspects that this security breach, which may involve an employee, has resulted in the loss of a portion of the crypto assets held by the Company on behalf of its clients".
Catalyx did not state how much had been stolen.
- Interim Cease Trade Order by the Alberta Securities Commission [archive]
- "CatalX CTS Ltd. Announces Security Breach, Loss of Crypto Assets and Ongoing Investigation", press release by Catalyx [archive]
Qredo dumps CEO, raises emergency financing after burning through funding
Qredo had already been forced to perform layoffs in September and then November, and in November was searching for a rescue after saying their user "activity ha[d] fallen" in the "prolonged cryptowinter".
On December 15, Qredo had also announced that they would be shutting down their Ankex trading platform, which was previously led by Michael Moro, who was previously booted as CEO from Genesis Trading.
New wallet drainer steals almost $60 million in 9 months
Aurory bridge hacked for over $1 million
The Aurory team posted on Twitter to acknowledge the hack, writing that they'd disabled SyncSpace as they investigated. They also wrote that SyncSpace had been audited months ago, but that the audit had failed to detect the vulnerability.
"Top tier" NFTs stolen in NFT Trader hack
One attacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price.
Meanwhile, NFT holders were urged to revoke access to NFT Trader, since the platform seemed aware of the attack but unable to stop it. NFT Trader was ultimately able to thwart the attacker to stem additional bleeding, likely thanks to help from community members who pointed out a way the contract could be shut down.
Later, the "residual garbage" attacker returned 36 Bored Apes and 18 Mutant Apes after a Yuga Labs co-founder paid the 120 ETH (~$260,000) ransom.
SafeMoon files for bankruptcy
Although SafeMoon claimed to have created a token that would "safely go to the moon", executives allegedly siphoned millions of dollars of investor funds to spend on personal expenses including luxury cars and real estate.
In the bankruptcy filing, SafeMoon has claimed to have 50–99 creditors, between $10 and $50 million in estimated assets, and $100,000 to $500,000 in estimated liabilities.
- Chapter 7 Voluntary Petition, filed in the US Bankruptcy Court, D. Utah [archive]
Supply chain attack on Ledger puts much of defi at risk
A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.
CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.
CoinList reaches $1.2 million settlement with OFAC over Russian sanction violations
CoinList reportedly allowed 89 users to sign up for accounts on the platform, most of whom had stated that they were residents of Russia but provided addresses in Crimea.
- "OFAC Settles with CoinList Markets LLC for $1,207,830 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations", Department of the Treasury enforcement release [archive]
Money launderers charged over $80 million crypto romance scam
- "Four Individuals Charged for Laundering Millions from Cryptocurrency Investment Scams", Department of Justice press release [archive]
Australian victims lose estimated $1.3 billion to prolific scammers' HyperVerse project
Estimates by Chainalysis suggest that victims have lost a combined $1.3 billion (with a B) to the scam thus far.
The scheme's operators Sam Lee and Zijing "Ryan" Xu were also behind Blockchain Global, a collapsed company that operated the Australian ACX crypto exchange that collapsed in 2019. The company is in liquidation, and creditor claims are expected to surpass $50 million. Although Lee and Xu were reported for investigation to the Australian Securities & Investments Commission, ASIC did not take any action.
Lee has also been involved in other investment platforms, including two that are currently active: StableDao and We Are All Satoshi. Both platforms were the target of cease and desist letters from the Californian Department of Financial Protection and Innovation in September 2023, who described them both as "fraudulent pyramid and Ponzi scheme[s]".
- "Investors lose millions as crypto schemes operate unchecked in Australia", The Guardian [archive]
- "'They are so convincing': Vera Gazzard lost her life savings to HyperVerse", The Guardian [archive]
- "Crypto Scam Revenue Dropped 46% in 2022, While Blockchain Analysis Finds Links Between What Appear to be Distinct Scams", Chainalysis [archive]
- "More than $50 million owed to creditors after collapse of Blockchain Global's cryptocurrency exchange", ABC News [archive]
Crypto scammer suddenly pleads guilty in trial surrounding EXW fraud
The scam in question was a Ponzi scheme called EXW, in which the eight defendants stole at least €17.6 million (~$19.3 million) from at least 40,000 victims in late 2019 and 2020. The fraud later resurfaced under a different name. However, in court, the ex-girlfriend of the main defendant testified that the scam had actually brought in €80–100 million ($88—$110 million).
One of the defendants, who from reports seems to be the same one who just admitted his guilt in court, reportedly feigned being autistic when he was arrested by police, somehow earning himself enough time to erase the contents of his phone.
He and seven other defendants have been charged with fraud, money laundering, running a pyramid scheme, and operating a criminal organization.
- "EXW Wallet indictments, arrests & criminal trial in Austria", Behind MLM [archive]
- "EXW-Prozess: Hauptangeklagter bekennt sich schuldig", Salzburger Nachrichten (in German) [archive]
- "Angeklagter bekennt sich im Prozess um Kryptobetrug vollumfänglich schuldig", Der Standard (in German) [archive]
Blockchain chess platform Immortal Game ditches token after "heavy cheating"
"We found that by offering large amounts of cash with no limit barrier to entry, we encouraged heavy cheating on the platform and degraded the user experience for our legitimate player base who want a fair and safe place to play chess online," they wrote. Who could have guessed.
Somewhat ironically, they suggested that they may still intended to look into using web3 technology for "anti-cheat measures".
Grifter-in-chief Donald Trump hawks mugshot NFTs
Now, Trump is hawking a new set of $99 NFTs, featuring the August 2023 mugshot taken in connection to his ongoing racketeering lawsuit. Those who purchase 47 of the NFTs — amounting to $4,653 plus fees — are promised a scrap of the suit Trump wore in the mugshot and a dinner with the president-turned-fulltime criminal defendant.
The fine print, however, reserves the possibility that neither promise will come through.
Fraudsters steal more than $25 million in "AI-powered" crypto ponzi
In addition to pulling off the original scam, the fraudsters also came up with a fake investigative agency called the "Federal Crypto Reserve", where they directed victims who were seeking to recover their losses.
The scammers were charged with wire fraud, money laundering, and obstruction of justice, which carry hefty maximum prison terms.
- "Two Men Charged for Operating $25M Cryptocurrency Ponzi Scheme", Department of Justice press release [archive]
OKX DEX suffers $2.7 million hack
It appears the attacker was able to gain access to the smart contract admin key, which gave them the ability to upgrade the contracts to enable malicious functionality.
OKX announced that they would reimburse the losses, and pursue legal action against the exploiter.
KuCoin fined $22 million in New York
KuCoin has admitted to allowing New Yorkers to trade securities and commodities on the platform, and representing themselves as an "exchange" without having registered as such.
In addition to paying the fine, KuCoin has agreed to shut down all New Yorkers' accounts in the coming months and prevent residents of the state from signing up for new accounts.
Yearn Finance accidentally swaps its entire Ip-yCRVv2 treasury, asks nicely for the money back
Because there was not sufficient liquidity for such a large trade at the going price, the trade was ultimately fulfilled, but at a 63% loss. Before the trade, that quantity of tokens was priced at around $2.28 million; however, Yearn received only around $780,000 in stablecoins because of the slippage.
Yearn quickly identified the issue and embarked on a campaign to ask nicely for the counterparties in the trade to please give some of their profits back. In on-chain messages, Yearn wrote: "one of yearns multisigs made a costly mistake last night that affected a critical source of yCRVs liquidity. we identified you as having made a profit off of this and are kindly requesting that you return as much as you see reasonable to yearns main multisig: ychad.eth. sorry we have to ask this, but hope you can understand." Doesn't hurt to ask, I guess. So far, only one wallet has taken them up on the offer, returning 2 ETH (~$4,400).
- "Incident disclosure - 2023-12-11", Yearn Finance Github [archive]
- On-chain message from Yearn Finance [archive]
Uranium Finance hacker cashes out in Magic: The Gathering cards
After tracing the attacker's attempts to launder the money through Tornado Cash and then obfuscate that it had come from the mixing service (something that raises flags at some exchanges), zachxbt observed the funds go to a broker of Magic: The Gathering based in the United States. Altogether, the hacker appeared to be spending millions on starter decks, alpha sets, and sealed boxes — often overpaying by 5-10%. These items routinely sell for hundreds or thousands of dollars.
The thief is probably a creative money launderer rather than an massive MTG fan, and is probably reselling the cards to further obscure the source of the money. Then again, MTG is more than a little addictive.
Do Kwon reportedly to be extradited to the United States
Kwon filed a last-ditch appeal of the extradition decision on December 6. A decision is scheduled on the matter by December 15. Milovic is unlikely to publicly announce Kwon's extradition destination until then.
Both South Korea and the United States have sought Kwon's extradition on criminal charges related to the Terra/Luna scheme. Federal prosecutors in the Southern District of New York indicted Kwon on eight fraud and market manipulation charges in March 2023. He and his company also face a civil lawsuit from the Securities and Exchange Commission.
- "Exclusive: Montenegro Plans to Extradite Fallen Crypto Tycoon Do Kwon to U.S.", The Wall Street Journal [archive]
The AEUR stablecoin isn't
Binance announced a compensation plan for users who purchased the token during an eligibility period and who were unable to resell, in an apparent attempt to placate the angry traders who accused Binance of "scamming" them by halting trading.
AEUR was issued by Anchored Coins, a Swiss stablecoin issuer.
Nostr Assets gets clogged up
Meanwhile, the founder of the Nostr social media platform has accused Nostr Assets of being an "affinity scam" by falsely suggesting in their platform name and $NOSTR token naming they are affiliated with the Nostr project. Nostr Assets has described the allegations as "unfounded", saying that their use of the Nostr network means the name is "pertinent", and suggesting that Nostr's founder has no basis to dictate who can use the Nostr name as it is a decentralized and open source project.
Rob Robb robs victims of $1.2 million
Robb, also known as "pokerbrat2019", convinced at least 11 people to give him a total of $1.2 million, which he said he would use to develop various MEV bots. Instead of doing so, he pocketed the money, offering a litany of excuses for why the project was continually delayed.
Robb had previously been convicted of a $4 million scam in 2002 after soliciting funds for an online gambling platform, instead using the money to buy a car and fund his own gambling.
Ethereum projects scramble to address widespread smart contract vulnerability through ThirdWeb
Projects relying on these pre-built smart contracts will have to lock the old contract and deploy new ones, then provide new versions of tokens via airdrop or a claim page — a fairly disruptive process.
Major NFT marketplace OpenSea issued a statement that they were working with ThirdWeb about a vulnerability "impacting some NFT collections". Rarible also stated that some NFT collections on their platform were affected, including some on the Polygon sidechain. Coinbase and Base also disclosed that some projects on their platforms were vulnerable. Projects by groups including Cool Cats and Mocaverse will need to be migrated.
Users of the Safe Wallet lose cumulative $2 million to address poisoning
According to research group ScamSniffer, the attacker has stolen at least $5 million from at least 21 victims in the past four months.
Florence Finance loses $1.45 million to address poisoning
As of December 4, Florence Finance had not publicly acknowledged the theft.
DraftKings was secretly paid to run a Polygon network validator
However, it turns out that Polygon allocated tens of millions of tokens to the DraftKings validator — far more than they allocated to other validators — on which DraftKings earned a highly unusual 100% of staking rewards. Polygon also sent the company 2.5 million of their MATIC tokens (priced at just over $1.5 million at the time), and it's unclear if this was a purchase by DraftKings or a transfer as a part of the deal.
In October 2023, Polygon kicked DraftKings off the network as the validator had failed to maintain performance standards. Throughout the period that the DraftKings maintained the validator, they earned millions of dollars through the undisclosed partnership.
Crypto media outlet Forkast goes bust
After raising $1.7 million in seed funding in 2021, the site seems to have run out of runway. It merged with the CryptoSlam data aggregator in January 2023, but that apparently didn't help it sustain operations. The company appears to be trying to rebrand as "Forkast Labs", and is offering crypto data feeds.
BitStable decides to burn most tokens after public sale goes wrong
Some applauded the decision, seeing the token hoarding as an unfair tactic that deprived others who wanted the tokens of their opportunity to buy any. However, some — particularly those who succeeded in buying tokens in the initial sale — worried that they were being "rugged" as the team threatened to destroy their tokens. Others objected based on the "code is law" ethos: "Basically we used ur platform and ur rules - u said ur selling at 500k mcap valuation and now changed it to 3m mcap valuation after it sold out - straight rug material u can't do that lmao", wrote one person on Twitter.
SoFi neobank ditches crypto
The move is likely tied to its bank charter, which was conditionally approved with a two-year period in which it was required to receive approval for its crypto business. SoFi had previously described discussions with the Federal Reserve "to determine whether there is a path to conform our crypto-related activities to the requirements of the Bank Holding Company Act" — this move suggests they decided there was not.
- "SoFi Is Exiting Crypto With Banking Regulators Stepping Up Scrutiny", Bloomberg [archive]
- SoFi Technologies, Inc. Form 10-K, filed with the SEC
Hounax crypto scam steals $19 million
The Hong Kong Securities and Futures Commission added Hounax to its warning list on November 1, a move that victims have criticized as much too late to stop the damage.
Bitcoiner spends $3 million on transaction fee
A person then claimed on Twitter to be the owner of the wallet, verifying the claim by signing a message from the wallet that paid the fee. They claimed that they had been hacked, and that an error on the attacker's part led to the huge fee payment. AntPool, the mining pool that mined that block and earned the huge fee, later agreed to return the fee, though it's not clear if or how they verified that the person to whom they're returning the fee wasn't in fact the attacker who had obtained control of the wallet.
A similar fee overpayment incident occurred in September, when the Paxos crypto firm erroneously paid a $500,000 fee to send $1,865. They attributed the huge fee to a bug in their software, and the F2Pool mining pool (who had mined the block and received the fee) opted to return the overpayment.
KyberSwap hacked for $50 million
Shortly after the attack, the thief sent a message: "Negotiations will start in a few hours when I am fully rested." The KyberSwap team later responded to offer a 10% bounty, also seeming to praise the attacker: "You have done one of the most sophisticated hacks ser. That was high EV and everyone missed it."
The thief had other plans, though, ultimately issuing a list of "demands" which included "complete executive control" over the company and "surrender of all ... assets" to the hacker. They wrote that they had big plans for the network, and although they planned to dismiss all executives, they wrote that employees would be offered double salaries to continue their work. The hacker signed the message "Kyber Director".
Meanwhile, KyberSwap regained around $4.7 million after negotiations with the operators of front-running bots, who agreed to return 90% of the funds they obtained through frontrunning the hacker's transactions.
- "KyberSwap offers 10% bounty to hacker following $47 million exploit", The Block
- "KyberSwap DEX Hacked for $48 Million, Attacker Teases Negotiations", CoinDesk
- On-chain messages between the attacker and KyberSwap
- On-chain message from the attacker
HTX (fka Huobi) and Heco Chain hacked for $115 million
HTX suspended withdrawals as they investigated the hack, and wrote that the company would "fully compensate for HTX's hot wallet losses". Security firm Cyvers said they believed the theft was enabled by a private key leak.
Binance fined over $4 billion, founder pleads guilty and resigns
Binance agreed to pay $4.3 billion in restitution for widespread wrongdoing including failure to implement proper anti-money laundering programs, unlicensed money transmitting, and sanctions violations. Binance will be allowed to continue operating, but will be subjected to a three-year-long monitorship program to ensure AML and sanctions compliance.
Simultaneously with the DOJ action, Binance reached agreements with the CFTC, FinCen, and OFAC on ongoing legal issues. Notably, the SEC lawsuit was not among those settled.
CZ posted a long thread on Twitter, admitting "I made mistakes, and I must take responsibility," carefully sidestepping mentioning what any of those mistakes were.
- "Binance and CEO Plead Guilty to Federal Charges in $4B Resolution", U.S. Department of Justice [archive]
Aragon DAO votes to sue its founding team
Now, after the Aragon Association decided without consulting the DAO to dissolve itself and wind down the project's governance tokens (while keeping some of the funds), the DAO has voted to sue the group. The DAO has accused the group of improperly taking investors' money to put it "into their new secretive company". They've allocated $300,000 to legal efforts.
- "A DAO is funding a lawsuit against its own founding team", The Block [archive]
- "Aragon DAO votes to fund legal action against its founders", CoinTelegraph [archive]
- Proposal to sue the Aragon Association
Bittrex finally closes up for good
Bittrex used to be a major player in the US cryptocurrency market, with over 20% of US market share in 2018. However, the exchange's dominance had dwindled to below 1% as of 2021.
DOJ reportedly seeking $4 billion resolution to Binance investigation, with possible criminal charges against CEO
The negotiation may involve a deferred prosecution agreement, in which the US would file a criminal complaint but agree not to prosecute so long as Binance met agreed conditions under a monitoring process.
It remains to be seen if this is the avenue the DOJ and Binance will go with. A Bloomberg source speculated that a decision could come within the next few weeks.
Kraken sued by U.S. SEC
Furthermore, the SEC claims that Kraken commingled corporate and customer funds, "at times pa[ying] operational expenses directly from bank accounts that hold customer cash."
Kraken's new CEO, Dave Ripley, posted on Twitter that the company "plan[s] to vigorously defend [their] position" that they do not list securities.
DOJ cracks down on $225 million crypto romance scam
According to Tether, they "voluntarily fr[oze] approximately 225 million in USDT tokens" in connection to the investigation.
Some romance scammers hoping to lure victims into sending them cryptocurrencies are themselves victims of human trafficking operations, where they are held victim and forced to send such messages.