According to research group ScamSniffer, the attacker has stolen at least $5 million from at least 21 victims in the past four months.
Users of the Safe Wallet lose cumulative $2 million to address poisoning
Florence Finance loses $1.45 million to address poisoning
As of December 4, Florence Finance had not publicly acknowledged the theft.
DraftKings was secretly paid to run a Polygon network validator
However, it turns out that Polygon allocated tens of millions of tokens to the DraftKings validator — far more than they allocated to other validators — on which DraftKings earned a highly unusual 100% of staking rewards. Polygon also sent the company 2.5 million of their MATIC tokens (priced at just over $1.5 million at the time), and it's unclear if this was a purchase by DraftKings or a transfer as a part of the deal.
In October 2023, Polygon kicked DraftKings off the network as the validator had failed to maintain performance standards. Throughout the period that the DraftKings maintained the validator, they earned millions of dollars through the undisclosed partnership.
Crypto media outlet Forkast goes bust
After raising $1.7 million in seed funding in 2021, the site seems to have run out of runway. It merged with the CryptoSlam data aggregator in January 2023, but that apparently didn't help it sustain operations. The company appears to be trying to rebrand as "Forkast Labs", and is offering crypto data feeds.
BitStable decides to burn most tokens after public sale goes wrong
Some applauded the decision, seeing the token hoarding as an unfair tactic that deprived others who wanted the tokens of their opportunity to buy any. However, some — particularly those who succeeded in buying tokens in the initial sale — worried that they were being "rugged" as the team threatened to destroy their tokens. Others objected based on the "code is law" ethos: "Basically we used ur platform and ur rules - u said ur selling at 500k mcap valuation and now changed it to 3m mcap valuation after it sold out - straight rug material u can't do that lmao", wrote one person on Twitter.
SoFi neobank ditches crypto
The move is likely tied to its bank charter, which was conditionally approved with a two-year period in which it was required to receive approval for its crypto business. SoFi had previously described discussions with the Federal Reserve "to determine whether there is a path to conform our crypto-related activities to the requirements of the Bank Holding Company Act" — this move suggests they decided there was not.
- "SoFi Is Exiting Crypto With Banking Regulators Stepping Up Scrutiny", Bloomberg [archive]
- SoFi Technologies, Inc. Form 10-K, filed with the SEC
Hounax crypto scam steals $19 million
The Hong Kong Securities and Futures Commission added Hounax to its warning list on November 1, a move that victims have criticized as much too late to stop the damage.
Bitcoiner spends $3 million on transaction fee
A person then claimed on Twitter to be the owner of the wallet, verifying the claim by signing a message from the wallet that paid the fee. They claimed that they had been hacked, and that an error on the attacker's part led to the huge fee payment. AntPool, the mining pool that mined that block and earned the huge fee, later agreed to return the fee, though it's not clear if or how they verified that the person to whom they're returning the fee wasn't in fact the attacker who had obtained control of the wallet.
A similar fee overpayment incident occurred in September, when the Paxos crypto firm erroneously paid a $500,000 fee to send $1,865. They attributed the huge fee to a bug in their software, and the F2Pool mining pool (who had mined the block and received the fee) opted to return the overpayment.
KyberSwap hacked for $50 million
Shortly after the attack, the thief sent a message: "Negotiations will start in a few hours when I am fully rested." The KyberSwap team later responded to offer a 10% bounty, also seeming to praise the attacker: "You have done one of the most sophisticated hacks ser. That was high EV and everyone missed it."
The thief had other plans, though, ultimately issuing a list of "demands" which included "complete executive control" over the company and "surrender of all ... assets" to the hacker. They wrote that they had big plans for the network, and although they planned to dismiss all executives, they wrote that employees would be offered double salaries to continue their work. The hacker signed the message "Kyber Director".
Meanwhile, KyberSwap regained around $4.7 million after negotiations with the operators of front-running bots, who agreed to return 90% of the funds they obtained through frontrunning the hacker's transactions.
- "KyberSwap offers 10% bounty to hacker following $47 million exploit", The Block
- "KyberSwap DEX Hacked for $48 Million, Attacker Teases Negotiations", CoinDesk
- On-chain messages between the attacker and KyberSwap
- On-chain message from the attacker
HTX (fka Huobi) and Heco Chain hacked for $115 million
HTX suspended withdrawals as they investigated the hack, and wrote that the company would "fully compensate for HTX's hot wallet losses". Security firm Cyvers said they believed the theft was enabled by a private key leak.
Binance fined over $4 billion, founder pleads guilty and resigns
Binance agreed to pay $4.3 billion in restitution for widespread wrongdoing including failure to implement proper anti-money laundering programs, unlicensed money transmitting, and sanctions violations. Binance will be allowed to continue operating, but will be subjected to a three-year-long monitorship program to ensure AML and sanctions compliance.
Simultaneously with the DOJ action, Binance reached agreements with the CFTC, FinCen, and OFAC on ongoing legal issues. Notably, the SEC lawsuit was not among those settled.
CZ posted a long thread on Twitter, admitting "I made mistakes, and I must take responsibility," carefully sidestepping mentioning what any of those mistakes were.
- "Binance and CEO Plead Guilty to Federal Charges in $4B Resolution", U.S. Department of Justice [archive]
Aragon DAO votes to sue its founding team
Now, after the Aragon Association decided without consulting the DAO to dissolve itself and wind down the project's governance tokens (while keeping some of the funds), the DAO has voted to sue the group. The DAO has accused the group of improperly taking investors' money to put it "into their new secretive company". They've allocated $300,000 to legal efforts.
- "A DAO is funding a lawsuit against its own founding team", The Block [archive]
- "Aragon DAO votes to fund legal action against its founders", CoinTelegraph [archive]
- Proposal to sue the Aragon Association
Bittrex finally closes up for good
Bittrex used to be a major player in the US cryptocurrency market, with over 20% of US market share in 2018. However, the exchange's dominance had dwindled to below 1% as of 2021.
DOJ reportedly seeking $4 billion resolution to Binance investigation, with possible criminal charges against CEO
The negotiation may involve a deferred prosecution agreement, in which the US would file a criminal complaint but agree not to prosecute so long as Binance met agreed conditions under a monitoring process.
It remains to be seen if this is the avenue the DOJ and Binance will go with. A Bloomberg source speculated that a decision could come within the next few weeks.
Kraken sued by U.S. SEC
Furthermore, the SEC claims that Kraken commingled corporate and customer funds, "at times pa[ying] operational expenses directly from bank accounts that hold customer cash."
Kraken's new CEO, Dave Ripley, posted on Twitter that the company "plan[s] to vigorously defend [their] position" that they do not list securities.
DOJ cracks down on $225 million crypto romance scam
According to Tether, they "voluntarily fr[oze] approximately 225 million in USDT tokens" in connection to the investigation.
Some romance scammers hoping to lure victims into sending them cryptocurrencies are themselves victims of human trafficking operations, where they are held victim and forced to send such messages.
dYdX insurance fund loses $9 million in apparent attack
Kronos trading firm suffers key breach
Aqua web3 gaming marketplace shuts down
The company launched its marketplace in September 2022, backed by $10 million from the DIGITAL venture fund.
The Blockchain Group suspends stock trading in apparent financial crisis
The Blockchain Group is behind a number of different services, including a crypto wallet called Eniblock and an open source software bounty project called Bountysource. Users of the Bountysource project have been complaining about issues receiving payments since as far back as May 2023.
Network of fake Twitter accounts impersonating crypto security firms phish panicked victims
According to researcher zachxbt, who himself was one of the impersonated, the scammers have stolen more than $300,000 in various assets using this technique.
This is not the first time such a technique has been used — a scammer attempted a similar, though less successful, scheme in April 2022. Scams like this take advantage of the poor UX in the crypto world for tracking and revoking wallet permissions that have been granted, requiring people to use third-party websites created for this purpose. Some of them are legitimate, but there are many malicious copies of these revocation sites that prey upon users who may be acting quickly in fear that their assets are at risk.
Up to $1 billion stored in early Bitcoin wallets may be at risk due to "Randstorm" vulnerability
Unciphered worked with various wallet providers to contact people whose wallets may be vulnerable, though ultimately it is up to those wallet holders to secure their funds by creating new wallets and transferring their tokens. Unciphered also noted that some Dogecoin, Litecoin, and Zcash wallets may be vulnerable due to shared code.
Wallet drainer steals more than $60 million in six months
CREATE2
to generate new addresses for each malicious signature. This allows the drainer to sidestep security alerts built into some crypto wallet software that would flag known malicious addresses.ScamSniffer identified one victim who lost almost 17,000 GMX (~$927,000) to this drainer after signing a malicious transaction.
Wallet linked to Binance deployer loses $27 million in apparent hack
Crypto researcher zachxbt observed that the wallet targeted for the theft had in 2019 received a transfer from the Binance deployer, suggesting that the compromised wallet may have some ties to Binance itself.
Raft exploited for $3.3 million, then hacker screws up
The attacker then went to convert the R into ETH, which they would then be able to launder and cash out. However, an error in the attacker's code caused 1,570 ETH ($3.25 million) to be sent to the burn address, rendering it permanently inaccessible to everyone including the hacker. Only 7 ETH remained. However, because they had to spend ETH to fund the attack, the hack ultimately resulted in a loss of 4 ETH (~$8,000) for the perpetrator. Oops.
As a result of the hack, the R stablecoin lost its dollar peg, plummeting down to around $0.70. Raft acknowledged the attack and announced that they had paused minting.
Samudai treasury drained
Agarwal sent a message to the thief shortly afterwards, offering a 10% "bounty" in exchange for the return of the rest of the funds. The attacker didn't seem to be interested, and in mid-January began tumbling the assets through the Tornado Cash cryptocurrency mixer.
Samudai didn't seem to publicly acknowledge the theft, even though they've posted on Twitter a few times since then. The organization had raised $2.5 million in pre-seed capital in June 2022.
- Tweet by CyversAlerts [archive]
- On-chain message from Kushagra Agarwal [archive]
Poloniex hacked for more than $120 million
Poloniex was initially tight-lipped, posting on Twitter that they had "disabled for maintenance" an exchange wallet. Justin Sun later updated that they were investigating the "hack incident", and promised to "fully reimburse" the massive theft... somehow. He later tweeted that they would offer a 5% "bounty" to the hacker if they returned the funds within a week, threatening to "engage law enforcement" otherwise.
CoinSpot exchange exploited
Wintermute declares friendship over with Near Foundation and Aurora Labs after they refuse to send $11 million
However, Near later decided it would not honor the redemption, accusing Wintermute of trying to pull off an arbitrage trade with the distressed asset. They also, somewhat curiously, claimed that the funds that were provided to Wintermute by the FTX estate may have been the tied to illegal activities. Aurora also described Wintermute's claims as "unfounded", and accused Wntermute of "tr[ying] to exploit the programme to profit from the purchase of distressed assets from the Alameda estate".
Wintermute has promised to "pursue all legal avenues" against the Near Foundation and Aurora Labs.
MEV bot exploited for almost $2 million
- Tweet thread by CertiK Alert [archive]
- Transaction on Etherscan [archive]
Arrests made in $300 million Indian crypto scam
The scam was allegedly orchestrated by Subhash Sharma, who has not been apprehended. This particular fraud was uncovered in September, but has been ongoing since as long ago as 2018.
Yuga Labs' social media lead resigns after racist and antisemitic tweets resurface
One also might think that a company embroiled in constant racism accusations might be cautious about screening its employees.
Neither of these things happened, though, and someone dug up vile tweets by Shpend Salihu, better known as NGBxShpend. Salihu resigned shortly after the tweets came to light, writing that they had "become a distraction from the [Bored Ape Yacht] Club and what we're all about."
Bored Ape collectors experience searing eye pain after "ApeFest" party
The going theory is that event organizers skimped on lighting costs by using UV lights intended for sanitization, not for entertainment, causing burns to the eyes and skin. The eye condition, photokeratitis, is better known as "snow blindness" or "welder's flash", as it more typically affects people who haven't worn proper eye protection while welding or while exposed to sunlight reflected from ice and snow.
Several attendees reported having to seek emergency medical treatment after experiencing excruciating eye pain and vision problems, and tweet threads began circulating giving various other ApeFest attendees advice on recovering from the painful condition.
Bored Ape creator Yuga Labs belatedly issued a tweet two days after the incident, claiming only a small fraction of attendees had experienced "eye-related issues", but encouraging anyone with symptoms to "seek medical attention just in case".
Sam Bankman-Fried convicted on seven charges
Sentencing is scheduled for March 28, 2024, though scheduling could be affected by factors including whether the US decides to continue pursuing an additional five charges also set to be tried in March.
- "Sam Bankman-Fried: guilty on all charges", Molly White's Newsletter [archive]
Onyx hacked for $2.1 million
After pulling off the hack, the attacker received the usual flood of on-chain messages from people asking them to share some of their ill-gotten funds. Unusually, the attacker followed through, ultimately sharing 19.5 ETH (~$36,000) out of their spoils.
Onyx is far from the first Compound fork to fail to patch known vulnerabilities and suffer hacks as a result. Hacks stemming from known Compound bugs, such as the attacks on Rari Capital and Sonne Finance, have netted tens of millions of dollars apiece for attackers in the past.
Monero discloses that its community crowdfunding wallet was drained
The other person with access to the wallet is a former Monero developer named "fluffypony", or Ricardo Spagni. He surrendered to US authorities in July 2023 for extradition to South Africa, where he has been charged with invoice fraud against a cookie company (think chocolate chip, not software). However, he was released in late September, and has been working to "address this matter" while free but under court supervision.
Safemoon executives charged and arrested
SafeMoon promised buyers it would "safely go to the moon" by locking the liquidity pool so that its developers couldn't rug pull. In reality, the "locking" didn't prevent the developers from removing tokens from the liquidity pool in other ways, which they did to the tune of millions of dollars. They then spent the proceeds of their crimes on personal expenses, like luxury sports cars and real estate.
Alongside the charges from the Department of Justice, the Securities and Exchange Commission simultaneously brought a lawsuit against the SafeMoon executives for violating registration and anti-fraud provisions of securities laws.
Ryder Ripps loses Bored Apes infringement lawsuit, ordered to pay $1.6 million and legal fees
In August, Ripps tried unsuccessfully to get the lawsuit dismissed via anti-SLAPP protections.
Now they're on the hook for $1.375 million in profits they earned from their copycat project and $200,000 for domain cybersquatting violations. They also must transfer control of two domain names, two Twitter accounts, and the RR/BAYC smart contract. Worse yet, the court found that this was an "exceptional case" because of the defendants' behavior, which included being "obstructive and evasive", and "unnecessarily and inappropriately ma[king] disgraceful and slanderous statements about Yuga, its founders, and its counsel" throughout the case. As a result, they will also have to pay Yuga's attorney's fees.
- Findings of Fact & Conclusions of Law, Yuga Labs v. Ripps [archive]
AuBit, the company behind Freeway, enters liquidation
A lawsuit from an institutional customer was filed against the company in August, calling the project "a scam".
AuBit has tried to argue that it should be allowed to restructure, but the Cayman Islands judge opted to force the firm to liquidate, citing "a real absence of proper accounting".
Treasury Department introduces proposal targeting crypto mixers
That seems to be the intention of the Treasury Department, who described mixers as primarily used for illicit money laundering "by a broad range of illicit actors, including state-affiliated cyber actors, cyber criminals, and terrorist groups".
Superdao to shut down
The project had raised $10.5 million in a 2021 seed funding round, and has said they intend to return remaining funds to its investors.
- "Superdao is closing down", Superdao blog [archive]
- "DAO-Builder SuperDao Shuts Shop, Returns Investor Money", CoinDesk [archive]
Gemini, Genesis, and DCG sued over $1 billion alleged fraud
Now, the New York Attorney General is alleging that Gemini repeatedly lied to investors about its Gemini Earn program, assuring them that it was low-risk when internal analysis had revealed Genesis' loans to in fact be quite risky. Some personnel involved in evaluating this risk even withdrew their own funds from the program in the summer of 2022.
Genesis, DCG, and DCG CEO Barry Silbert are charged with defrauding both investors and the public when they tried to cover up $1.1 billion in losses. The lawsuit alleges that Genesis had not properly audited its borrowers, and lied to Gemini about regular reviews of borrowers' financial conditions.
In a press release, the AG claims that the companies' actions resulted in around $1 billion in losses, including in some cases their customers' entire life savings.
- "Attorney General James Sues Cryptocurrency Companies Gemini, Genesis, and DCG for Defrauding Investors", press release from the Office of the New York State Attorney General [archive]
Hope Lend emptied in $825,000 hack
The stolen assets represented the entire TVL of the project.
Everscale halts bridge as "large number" of tokens stolen
The team did not announce how many tokens were stolen. The price of $EVER suffered a 20% drop, though whether it was due to an attacker selling off tokens or collective panic by other token holders is not clear. The method of the theft was also not described.
Reddit abandons blockchain-based Community Points
Reddit attributed the decision to scaling difficulties, regulatory uncertainty, and the quantity of resources the company found itself having to put into the feature. The tokens were only used on a handful of subreddits, and the team had migrated them from the Ethereum blockchain to the Arbitrum Nova L2 chain, but despite that scaling continued to be a problem.
The news caused a massive dive in the prices of $MOON and $BRICK, the two Reddit tokens, as holders tried to exit their positions before the tokens became useless. Some angrily accused Reddit of rug-pulling, threatening legal action. One wrote, "I wish you guys knew how reckless this decision is and how many people you've hurt." Some accused subreddit moderators of selling when they learned about the decision an hour before it was made public.
Others were delighted at the news, however. One wrote, "Thank the effing Lord. This moons caused so much shit tier spamming for over a year."
Fantom Foundation and employees lose collective $7 million in mass hack
It's not clear yet how the attack was perpetrated, although crypto researcher Spreek reposted a comment by an admin in Fantom's Telegram channel, where they blamed the theft on a zero-day exploit in Google Chrome.
TrueUSD tries to claim no affiliation with tokens created by its deployer address, raising further questions
However, the post raised only more questions, as the $TEURO token had been deployed by the address that deployed the primary TrueUSD token. This means that either TrueUSD is lying when they claim they're unaffiliated with $TEURO, or some of their private keys were compromised, allowing an unrelated party to deploy a contract appearing to belong to them.
Almost $100 million liquidated over false news of Bitcoin ETF approval
The post by crypto media outlet CoinTelegraph was based on a faked screenshot of what appeared to be the Bloomberg Terminal. The post quickly propagated through the crypto world before people began to question its veracity. CoinTelegraph later issued an apology, blaming the incident on a failure by employees to follow the normal editorial approval process.
This adds to the list of incidents that illustrate the extent to which false reporting by traditional or crypto media, or by influential personalities, can move crypto markets. Past incidents have included a crypto Twitter personality tweeting the false rumor that Interpol had issued a red notice for Binance CEO Changpeng Zhao, and two instances of token price spikes based on false press releases claiming major corporations would accept the tokens as payment.
- "Clarification on sharing false spot Bitcoin ETF news", CoinTelegraph [archive]
South Korean regulators allege Sui Foundation manipulated markets
The Sui Foundation has disputed the allegations on Twitter, calling them "unfounded and materially false".
Hackers host malicious code on Binance chain to circumvent takedowns
Attackers previously stored the malicious code on typical webhosting services, but those services began to take it down. Now, some have started using Binance's blockchain to store these payloads, taking advantage of the immutable nature of blockchains to prevent anyone from taking it down.