One member of the Discord described losing more than $140,000 in tokens after clicking a link shared by a person appearing to be a member of the Polygon team, which advertised a token distribution to serve as a "pre-migration celebration".
Users suffer losses after Polygon Discord hack
McDonald's Instagram hacked, hackers claim $700,000 haul
They then boasted about their haul on the compromised Instagram account, changing the bio to say: "Sorry mah nigga you have just been rug pulled by India_X_Kr3w thank you for the $700,000 in Solana 🇮🇳".
The token stunt by the massive company was perhaps made more believable by McDonald's previous forays into crypto, including when they launched a McRib-themed NFT project in December 2021. The company had also joked about a "Grimacecoin" back in January 2022, in a reply to a tweet from Elon Musk.
Crypto holder loses over $55 million to apparent phishing attack
The attacker later moved the stablecoins to a new wallet, and exchanged about half of them for 10,625 ETH.
Former CEO of Heartland Tri-State Bank sentenced to more than 24 years in prison after putting bank funds into crypto scheme
Between May and July of 2023, Hanes transferred $47.1 million of the bank's funds to the fraudulent scheme. This ultimately led to the bank collapsing, with equity investors losing $9 million and the FDIC footing the bill. "There were people who lost 70, 80% of their retirement" as a result of their investment losses, stated a community member.
Hanes had also taken money from a local church, an investment club, and his daughter's college savings. These funds were reportedly used to buy cryptocurrency after those running the scheme told him they needed more money to "unlock" the returns on his investments — a common tactic with these scams.
- "Former CEO of failed bank sentenced to prison", U.S. Attorney's Office, District of Kansas [archive]
- "Cryptocurrency 'pig butchering' scam wrecks Kansas bank, sends ex-CEO to prison for 24 years", NBC News [archive]
FutureNet founder arrested for alleged crypto fraud
Ziemian was wanted on international warrants from Poland and South Korea. FutureNet, which was established in 2018 and purported to be a crypto trading platform, is alleged to have defrauded numerous people of a combined $21 million. Victims were encouraged to buy "participation packages", and earn rewards for referring others to the scheme. Polish authorities warned that FutureNet might be a pyramid scheme in 2019, and South Korea began an investigation into the company in 2020.
Ziemian faces fraud, money laundering, and theft charges, which could be punished by life imprisonment in South Korea.
- "U Podgorici uhapšeno međunarodno traženo lice koje se sumnjiči za višemilionske prevare", Vlada Crne Gore (in Montenegrin) [archive]
- "Co-founder of crypto fraud scheme FutureNet arrested in Montenegro", ReadWrite [archive]
Twitch streamer DNP3 pleads guilty to wire fraud after gambling away funds invested in crypto charity project
Now, Austin "DNP3" Taylor has pleaded guilty to wire fraud after stealing around $1.14 million in investor funds from his CluCoin project, which had claimed it would "help others in need". DNP3 himself had built up a reputation of making generous gifts while livestreaming. He transferred the stolen funds to online casinos, where he then gambled them away.
Taylor faces up to 20 years in prison. The statement from the U.S. Attorney's Office announced that authorities would be notifying identified victims via NFT, and encouraging them to submit statements to the FBI.
- "Founder of Miami-Based Cryptocurrency Token CluCoin Pleads Guilty to Wire Fraud", U.S. Attorney's Office, Southern District of Florida [archive]
Crypto holder loses $100,000 to "Coinbase support" scammer, found via a Google ad
Scammers impersonating crypto company support representatives are everywhere on social media and elsewhere. Now, it seems, they are purchasing Google ads to rise to the top of Google search rankings. While Google says they attempt to remove fraudulent advertisers, some slip through the cracks.
While phishing attacks like this are prevalent both in crypto and in tradfi, crypto platforms often do not have similar safeguards as major banking platforms to try to thwart unauthorized transactions, nor do they have the same ability to reverse transactions that are made.
SEC charges promoters of NovaTech pyramid scheme
The SEC's lawsuit also targets six other promoters of the NovaTech scheme, all of whom the agency says used "religious overtones" when attracting new investors. Ultimately, the scheme was revealed to be a Ponzi scheme, with new investors' money being used to pay out previous investors, as the promoters also took money for themselves.
- "SEC Charges NovaTech and its Principals and Promoters with $650 Million Crypto Fraud", US Securities and Exchange Commission [archive]
FTX settles complaint from the CFTC with $12.7 billion payout
Defendants Sam Bankman-Fried, Caroline Ellison, and Gary Wang, as well as the FTX and Alameda Research companies, will be prohibited from commodities trading, including trading bitcoin, ether, USDT, or other assets considered "digital asset commodities" by the CFTC. However, with Bankman-Fried already beginning a 25-year prison sentence, and Ellison and Wang due to be sentenced, this may be low on their list of worries.
- "Judge approves $12.7 billion settlement between FTX and CFTC, bringing 20-month-long lawsuit to an end", The Block [archive]
- Permanent injunction, document #44 in CFTC v. Bankman-Fried [archive]
North Korean developers steal $1.3 million from crypto project treasury
zachxbt traced the payment addresses for roughly 21 developers involved in this kind of activity, which he found had been working for at least 25 different cryptocurrency projects. They had earned around $375,000 over the past month.
Ripple fined $125 million by the SEC
Ripple and others in the crypto world have been celebrating the judgment as a victory, in part because it is a substantially smaller penalty than the $1 billion in disgorgement and $900 million in penalties sought by the agency.
The SEC has already signaled throughout the case that they were likely to appeal an eventual outcome, after objecting to the judge's decision that several other types of token sales were not unlawful securities offerings.
Trump-themed $DJT token rug-pulls, people blame Martin Shkreli or Barron Trump
People were quick to blame those behind the project, primarily "Pharma Bro" Martin Shkreli (who has been accused of dumping his own token before). Shkreli was quick to shift the blame to Donald Trump's youngest son, Barron, who he has also claimed is behind the token (although this has not been independently confirmed). However, the owner of the wallet that dumped its tokens is not definitively known.
$12 million taken by whitehats from Ronin bridge
Fortunately for the Ronin team, it seems that most of the losses actually went to whitehats and MEV bots that were frontrunning transactions by would-be exploiters. ETH and USDC priced at around $12 million were taken — the maximum amount before triggering a safety feature in the code. Later that day, Ronin announced that the ETH (worth around $10 million) had been returned, and that the USDC was in the process of being returned. They also announced that they would reward the whitehats with a $500,000 bug bounty reward.
The Ronin bridge was taken offline shortly after the flaw was detected, and the team announced it would undergo an audit before being brought back online.
CFTC subpoenas former company of Ben "BitBoy" Armstrong over crypto promotion
Kujira token tanks as team's leveraged bets melt down
The Kujira team apologized for the fiasco, and announced a plan to create a DAO to take over the project treasury.
ConvergenceFi hacked for $210,000
Although ConvergenceFi described itself as audited, they admitted they had made changes to that portion of the code after the audits.
They assured their users that all user funds were safe, but recommended that users remove their staked funds from the platform.
- "Post-mortem | 08/01/2024", ConvergenceFi Medium [archive]
ZKX decentralized exchange shuts down in what some VCs are describing as a rug pull
ZKX had raised $4.5 million in seed funding from investors including the now-bankrupt Alameda Research, Starkware, HTX, Amber Group, ArkStream Capital, and HashKey Capital. The project had announced a second, $7.6 million raise only a few weeks before its shutdown.
People at Amber Group, ArkStream, and HashKey publicly criticized the lack of transparency from ZKX around its financial situation. Ye Su, a founding partner at ArkStream, explained that he felt they had been "rug pulled".
Blockchain sleuth zachxbt joined the VCs in characterizing the project as a rug, and further elaborated that he felt the retail investors who had purchased the project's token only weeks earlier had been tricked into buying a token by the project team, who "misled the community/retail ... by giving the appearance the project was healthy and strong when in reality they were in a bad position and about to shut down."
BitClout founder arrested on wire fraud charges
According to the criminal charges, Al-Naji misled investors, including by taking $3 million from an investor and using it for his own personal expenses and gifts to family. Al-Naji had told investors that the sales of the platform's token would not go to him or to other employees.
The SEC complaint separately alleged that Al-Naji had tried to falsely present the BitClout project as decentralized, including by soliciting a letter of opinion from a law firm that his tokens were not likely to be deemed securities, which was based on mischaracterizations.
BitClout raised money from various prominent firms, including Andreessen Horowitz, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.
- "Founder Of 'BitClout' Digital Asset Charged With Fraud In Connection With Sale Of 'BitClout' Tokens", U.S. Attorney's Office, Southern District of New York [archive]
- "SEC Charges Nader Al-Naji with Fraud and Unregistered Offering of Crypto Asset Securities", U.S. Securities and Exchange Commission [archive]
- "SEC charges BitClout founder Nader Al-Naji with fraud; says proceeds paid for L.A. mansion, gifts", TechCrunch [archive]
DraftKings abruptly shutters its Reignmakers NFT project and marketplace due to "recent legal developments"
In an announcement in the project Discord and on their website, DraftKings wrote that the shutdown was "due to recent developments". They offered holders the ability to cash out their Reignmakers cards "based on factors that include, but are not limited to, the relative size and quality of your digital game piece collection". Holders were also invited to transfer their NFTs to their own cryptocurrency wallets, although the DraftKings-run "contests" in which people used their NFTs to try to earn rewards and win prizes will no longer exist. It's also unclear whether some NFTs, built to not be transferrable off-marketplace, will be able to be retained by their holders.
Members of the DraftKings Discord reacted with chagrin to the news, and doubt that the vague promises of cash payments would amount to much. "What kind of compensation u think we get coming to us? Pennies?" wrote one. "Yeah I'm out like $20k," said another. Some blamed the shutdown on a recent lawsuit from a holder of the Reignmakers NFTs who lost $14,000 — a lawsuit which recently survived the motion to dismiss stage.
Compound DAO passes $24 million proposal in alleged governance attack
Humpy has previously been accused of governance attacks on other protocols, including Balancer and SushiSwap.
Prior to the proposal's passage, some Compound Finance DAO members raised objections. "In my personal opinion, the actions of Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates," stated Compound Finance security adviser Michael Lewellen, who also described the proposal as "a malicious attempt to steal funds from the protocol".
Afterwards, Lewellen wrote that "OpenZeppelin is working with all active delegates and Compound contributors to assess our options for protecting the protocol. We see serious risks to the future decentralization of the DAO as a result of Proposal 289 passing and so we are exploring options to mitigate or reverse this outcome."
- "Compound DAO asleep at the wheel as $25M governance 'attack' passes", Protos
- "$24 million Compound Finance proposal passed by whale over DAO objections", The Block
- "Trust Setup for DAO investment into GoldCOMP", Compound Finance discussion
- "Governance Security Notice: goldCOMP Proposal 247", Compound Finance discussion
MonoSwap hacked for at least $1.3 million
The malicious video chat software attack vector has been widely used in the crypto world, with a victim losing cryptocurrency to an attacker using the same technique and impersonating an Andreessen Horowitz partner last month.
So far, the MonoSwap attacker has laundered $1.3 million via the Tornado Cash cryptocurrency mixer.
dYdX v3 exchange website compromised amid sale announcement
The affected domain was hosted on Squarespace, which could connect this compromise to similar events earlier in the month affecting domains registered there.
ETHTrustFund rug pulls for $2.2 million
- ETHTrustFund, Rekt [archive]
RHO Markets lending protocol loses $7.6 million to apparent whitehat
In a stroke of luck for the RHO team, the MEV bot operator sent RHO an on-chain message indicating they were willing to return all of the funds, although they first demanded that RHO "admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."
RHO is built on the Scroll Ethereum layer-2 network. Scroll temporarily paused the chain as RHO investigated the loss.
WazirX exchange hacked for $235 million
WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.
WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.
Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users.
Trip.com accused of "rug pull" as it shuts down its Trekki NFTs
"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.
Users of LI.FI protocol suffer losses of at least $10 million
Three arrests made in relation to Metamax pyramid scheme
Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.
Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.
Minterest hacked for $1.4 million
Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.
Dough Finance hacked for $1.9 million
Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.
Popular defi protocol websites replaced with wallet drainers amid mass Squarespace domain hijacking
Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.
The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."
Web2 is going just great!
OmegaPro founder arrested for allegedly running crypto Ponzi
The OmegaPro Ponzi scheme was reportedly linked to the OneCoin crypto Ponzi, whose operators stole at least $4 billion from millions of victims since 2019. Multiple people associated with OneCoin have been arrested, including its co-founder Karl Sebastian Greenwood, but its "Cryptoqueen" co-founder Ruja Ignatova was one of Europol's most wanted fugitives and remains the subject of an Interpol red notice.
- "$4B cryptocurrency scammer caught in Istanbul", Türkiye Today [archive]
Doja Cat's Twitter account hacked to promote meme token
The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.
Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.
Bittensor wallets drained
Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.
- "Bittensor Community Update — July 3, 2024", Opentensor Foundation [archive]
Silvergate Bank pays $63 million to settle charges from multiple agencies
According to the regulators, Silvergate "had serious deficiencies" in its anti-money laundering programs, including in its intra-customer crypto transfer product. In particular, the SEC highlighted $9 billion in suspicious transfers among FTX entities that should have been detected by compliance programs. The SEC also alleged that Silvergate misrepresented its financial state during the post-FTX collapse bank run.
- "SEC Charges Silvergate Capital, Former CEO for Misleading Investors about Compliance Program", U.S. Securities and Exchange Commission [archive]
- "Crypto-Friendly Silvergate Bank Pays $63M to Settle Charges With SEC, Fed, California Regulator", CoinDesk [archive]
Yield App declares insolvency, citing FTX losses
In the immediate aftermath of the FTX collapse in November 2022, Yield App CEO Tim Frost had assured customers that "Yield App has no exposure to Alameda or the FTT token, and no signifiant exposure to FTX". However, Yield is now — going on two years after the FTX collapse — claiming to be suing "several hedge funds" that had lost money on FTX.
- "Crypto platform Yield App shuts down citing FTX losses", CoinTelegraph [archive]
- Statement and FAQ by Yield App [archive]
SEC sues Consensys, maker of MetaMask wallet
The SEC's lawsuit claims that Consensys violated securities laws by acting as an unregistered securities broker, and by offering staking services that constituted unregistered securities offerings. The SEC has previously cracked down on staking offerings by other firms, including Coinbase and Kraken.
- "SEC Charges Consensys Software for Unregistered Offers and Sales of Securities Through Its MetaMask Staking Service", U.S. Securities and Exchange Commission [archive]
Logan Paul files defamation lawsuit over Coffeezilla's coverage of his failed CryptoZoo project
In the lawsuit, Paul claims that Coffeezilla knowingly falsely accused Paul of being in on the scam in hopes of getting more attention on his videos. Paul is seeking more than $75,000 in damages.
In January 2024, Paul filed suit against the advisers he's described as "conmen". He's also pointed the finger at them while defending a potential class action complaint from defrauded investors.
FBI busts group of crypto-seeking home invaders
In one case, a victim was able to transfer $150,000 in cryptocurrency to the attackers before their cryptocurrency exchange blocked the suspicious transfers. However, in their other attempts to physically steal crypto, they were unsuccessful, with victims either refusing to hand over their crypto or successfully escaping.
In one case, St. Felix and his associates targeted a woman from whom his group had already stolen $3 million in a SIM swapping attack. When they broke in and held the woman at gunpoint to try to steal the $500,000 in crypto she had left, the woman refused to turn over her password to her cryptocurrency account, so dismayed by her earlier loss that she told the men just to shoot her.
St. Felix was convicted on nine counts by a federal jury, and faces a sentence of seven years to life in prison. Thirteen co-conspirators also pleaded guilty.
Farcana token plummets 60% amid murky explanations
23.8 million FAR were taken from a wallet, and the majority were sold for around $164,000 in USDT. The exploiter still holds 3.4 million FAR, which are notionally worth $83,250 but not likely to be sellable for that amount.
Farcana raised $10 million in seed funding in November 2023 from investors including Animoca and Polygon Ventures.
Victim loses $11 million to permit phishing
Sportsbet.io likely hacked for $3.5 million
SportsBet has not yet disclosed any theft.
- Telegram message from zachxbt [archive]
"Read-only" CoinStats crypto application enables wallet breaches
The application asks its users to connect their wallets to allow it to track their holdings, but promises on the website that it offers "the ultimate security for your digital assets". "Since we ask for read-only access only, your holdings are perfectly safe under any conditions," the website promises, later touting its "military-grade encryption".
CoinStats shut down the platform while investigating the incident. Losses have been estimated at around $2.2 million.
50 Cent claims his accounts were compromised to promote a memecoin
50 Cent also claimed in the post that "Who ever did this made $300,000,000 in 30 minutes." It's not clear where 50 Cent got this number, because the token has only done $19.8 million in volume. One wallet made around $722,000 off the token, and three others also made over $100,000.
- Instagram post by 50 Cent
- $GUNIT on DEXScreener
BtcTurk exploited for at least $55 million
It appears that assets notionally worth around $55 million were stolen. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.
According to newly installed Binance CEO Richard Teng, Binance froze $5.3 million of the stolen assets.
- BtcTurk status page (in Turkish) [archive]
- Tweet by Richard Teng [archive]
CertiK and Kraken accuse each other of misconduct over bug report and $3 million "testing"
However, others have noted that the number of transactions and amount of cryptocurrency taken by CertiK while "investigating" the bug seems to far exceed the norm for whitehat security researchers, and that they took cryptocurrency amounting to millions of dollars — making their "testing" look a lot more like a blackhat theft. Furthermore, CertiK made several transfers to Tornado Cash as part of their "testing" — an entity that is sanctioned by the United States.
Kraken alleged that CertiK did not disclose the full extent of their employees' transactions, and refused to return the $3 million they had taken. They also alleged that CertiK had attempted to extort them. Kraken said they had been in contact with law enforcement, and were "treating this as a criminal case".
Ultimately, CertiK returned the funds. However, it's not clear if criminal action may be ongoing.
Martin Shkreli claims to have been behind a Donald Trump memecoin
Shkreli attempted to frontrun the news in a Twitter space, and came out with his own claims that he had collaborated with Barron Trump to create the token, and with Andrew Tate to pump its price. However, fellow felon and memecoin pumper Roger Stone subsequently crawled out of the woodwork to claim that neither Barron nor Donald Trump was involved with $DJT.
Shkreli has yet to provide solid proof that he created the memecoin, though zachxbt's research tends to be very strong. If true, Shkreli faces potential legal repercussions, as he is still on parole after his release in 2022. The terms of his parole require him to "refrain from engaging in self-employment which involves access to client's assets, investments, or money, or solicitation of assets, investments, or money", and to make financial disclosures to the courts. Shkreli was also banned from the securities industry in 2018, as part of a settlement with the SEC.
Holograph exploited for more than $1.2 million
One of the addresses involved in the exploit appears to have contributed to the Holograph protocol, though it's not clear if they took advantage of insider knowledge to pull off the heist.
- "HLG Down Over 60% as Exploiter Mints 1 Billion New Tokens", CoinDesk [archive]
- "Holograph fell 80% in 9 hours after exploiter mints 1B additional HLG", Cointelegraph [archive]
- Etherscan data for one of the attacker's wallets [archive]
UwU Lend re-enables protocol after hack, immediately gets hacked again
UwU Lend was created by Michael Patryn, aka Omar Dhanani, aka "0xSifu", who has been behind several cryptocurrency projects that have suffered major exploits. This is not exactly helping concerns among some observers that perhaps Sifu is the common denominator in these suspicious losses.
Phishing scammers impersonate Andreessen Horowitz employee to drain crypto wallets
@peter_lauten
to @lauten
, and snapped up the previous username. They then began contacting various targets in the cryptocurrency world, asking to set up meetings to arrange appearances on the venture capital firm's crypto podcast.The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.
According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.