Web3 is Going Just Great

"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.

Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.

Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.

Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.

Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.

Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.

The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."

Web2 is going just great!

The OmegaPro Ponzi scheme was reportedly linked to the OneCoin crypto Ponzi, whose operators stole at least $4 billion from millions of victims since 2019. Multiple people associated with OneCoin have been arrested, including its co-founder Karl Sebastian Greenwood, but its "Cryptoqueen" co-founder Ruja Ignatova was one of Europol's most wanted fugitives and remains the subject of an Interpol red notice.

The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.

Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.

Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.

According to the regulators, Silvergate "had serious deficiencies" in its anti-money laundering programs, including in its intra-customer crypto transfer product. In particular, the SEC highlighted $9 billion in suspicious transfers among FTX entities that should have been detected by compliance programs. The SEC also alleged that Silvergate misrepresented its financial state during the post-FTX collapse bank run.

In the immediate aftermath of the FTX collapse in November 2022, Yield App CEO Tim Frost had assured customers that "Yield App has no exposure to Alameda or the FTT token, and no signifiant exposure to FTX". However, Yield is now — going on two years after the FTX collapse — claiming to be suing "several hedge funds" that had lost money on FTX.

The SEC's lawsuit claims that Consensys violated securities laws by acting as an unregistered securities broker, and by offering staking services that constituted unregistered securities offerings. The SEC has previously cracked down on staking offerings by other firms, including Coinbase and Kraken.

In the lawsuit, Paul claims that Coffeezilla knowingly falsely accused Paul of being in on the scam in hopes of getting more attention on his videos. Paul is seeking more than $75,000 in damages.

In January 2024, Paul filed suit against the advisers he's described as "conmen". He's also pointed the finger at them while defending a potential class action complaint from defrauded investors.

In one case, a victim was able to transfer $150,000 in cryptocurrency to the attackers before their cryptocurrency exchange blocked the suspicious transfers. However, in their other attempts to physically steal crypto, they were unsuccessful, with victims either refusing to hand over their crypto or successfully escaping.

In one case, St. Felix and his associates targeted a woman from whom his group had already stolen $3 million in a SIM swapping attack. When they broke in and held the woman at gunpoint to try to steal the $500,000 in crypto she had left, the woman refused to turn over her password to her cryptocurrency account, so dismayed by her earlier loss that she told the men just to shoot her.

St. Felix was convicted on nine counts by a federal jury, and faces a sentence of seven years to life in prison. Thirteen co-conspirators also pleaded guilty.

23.8 million FAR were taken from a wallet, and the majority were sold for around $164,000 in USDT. The exploiter still holds 3.4 million FAR, which are notionally worth $83,250 but not likely to be sellable for that amount.

Farcana raised $10 million in seed funding in November 2023 from investors including Animoca and Polygon Ventures.

SportsBet has not yet disclosed any theft.

The application asks its users to connect their wallets to allow it to track their holdings, but promises on the website that it offers "the ultimate security for your digital assets". "Since we ask for read-only access only, your holdings are perfectly safe under any conditions," the website promises, later touting its "military-grade encryption".

CoinStats shut down the platform while investigating the incident. Losses have been estimated at around $2.2 million.

50 Cent also claimed in the post that "Who ever did this made $300,000,000 in 30 minutes." It's not clear where 50 Cent got this number, because the token has only done $19.8 million in volume. One wallet made around $722,000 off the token, and three others also made over $100,000.

It appears that assets notionally worth around $55 million were stolen. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.

According to newly installed Binance CEO Richard Teng, Binance froze $5.3 million of the stolen assets.

However, others have noted that the number of transactions and amount of cryptocurrency taken by CertiK while "investigating" the bug seems to far exceed the norm for whitehat security researchers, and that they took cryptocurrency amounting to millions of dollars — making their "testing" look a lot more like a blackhat theft. Furthermore, CertiK made several transfers to Tornado Cash as part of their "testing" — an entity that is sanctioned by the United States.

Kraken alleged that CertiK did not disclose the full extent of their employees' transactions, and refused to return the $3 million they had taken. They also alleged that CertiK had attempted to extort them. Kraken said they had been in contact with law enforcement, and were "treating this as a criminal case".

Ultimately, CertiK returned the funds. However, it's not clear if criminal action may be ongoing.

Shkreli attempted to frontrun the news in a Twitter space, and came out with his own claims that he had collaborated with Barron Trump to create the token, and with Andrew Tate to pump its price. However, fellow felon and memecoin pumper Roger Stone subsequently crawled out of the woodwork to claim that neither Barron nor Donald Trump was involved with $DJT.

Shkreli has yet to provide solid proof that he created the memecoin, though zachxbt's research tends to be very strong. If true, Shkreli faces potential legal repercussions, as he is still on parole after his release in 2022. The terms of his parole require him to "refrain from engaging in self-employment which involves access to client's assets, investments, or money, or solicitation of assets, investments, or money", and to make financial disclosures to the courts. Shkreli was also banned from the securities industry in 2018, as part of a settlement with the SEC.

One of the addresses involved in the exploit appears to have contributed to the Holograph protocol, though it's not clear if they took advantage of insider knowledge to pull off the heist.

UwU Lend was created by Michael Patryn, aka Omar Dhanani, aka "0xSifu", who has been behind several cryptocurrency projects that have suffered major exploits. This is not exactly helping concerns among some observers that perhaps Sifu is the common denominator in these suspicious losses.

The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.

According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.

If the settlement is approved by the judge, Kwon will personally be responsible for around $200 million of the settlement payment, with Terraform Labs shouldering the rest. Although the settlement is among the largest the SEC has received in a securities fraud lawsuit, it's unlikely the company will ever pay anything close to the total amount, as it is in bankruptcy and claims to have only around $150 million in assets remaining. Both the company and Kwon will be banned from trading crypto asset securities.

The substantial fine is among the lesser of Kwon's worries at the moment, as he is still in jail in Montenegro pending extradition to either South Korea or the United States to face serious criminal charges for his role in the fraud.

UwU Lend was founded by Michael Patryn, aka Omar Dhanani, aka "0xSifu" — a co-founder of the ill-fated QuadrigaCX exchange and ex-con. He also pseudonymously ran the defi cryptocurrency project Wonderland until his identity was revealed after the protocol suffered a meltdown.

Loopring announced that they had suspended their account recovery operations, and were working with law enforcement to trace the attackers.

In reality, the schemes were pyramid schemes in which investors earned crypto for recruiting others to buy in. NovaTech also used the funds from newer investors to pay out the supposed “returns” from the investment scheme, in a classic Ponzi fashion. From August 2019 – April 2023, victims deposited more than $1 billion into NovaTech. Though it was described as a trading operation, only about $26 million ever went into crypto trading.

In June 2022, the couple secretly sold their Florida house and moved to Panama, while continuing to pretend they were in the state. Speaking to another operator of the scheme, Cynthia Petion advised: “leave the country…they can’t serve you if they can’t find you lol.”

Generally, it is very bad practice to store sensitive secrets in Github, even when projects are set to private.

"Got drained of everything," he wrote on Twitter. A commenter asked how long it took for the attacker to steal the money after the private key became publicly visible. "2 min", he replied.

The theft was first noticed by outside researchers, who saw the suspicious outflows and accused the platform of not communicating the security breach to its customers. The following day, Lykke acknowledged the attack and informed customers via email.

According to the DOJ, banks became suspicious when the revenue for the Epoch Times increased 410% — from around $15 million to around $62 million — from the previous year.

In an unusual move, the operators of the Linea layer-2 blockchain chose to unilaterally halt the chain in order to stop the outflow of stolen assets. Because Linea — like many layer-2 chains — is highly centralized, it was possible for the Linea team to unilaterally stop the production of blocks.

This was very controversial, as a single operator being able to unilaterally control the operation of a blockchain goes against much of the cryptocurrency ethos. Following their action, they tried to explain that "Linea's goal is to decentralize our network - including the sequencer. When our network matures to a decentralized, censorship-resistant environment, Linea's team will no longer have the ability to halt block production and censor addresses - this is a primary goal of our network".

The company claims it will replace the lost funds with help from other companies in their group.

This is one of the largest cryptocurrency thefts in recent history, rivaling the roughly $320 million theft from the Wormhole bridge in February 2022 and the $477 million theft from FTX in November 2022.

In his sentencing memo, Salame asked for a sentence of no more than 18 months imprisonment, claiming that "he was duped, as was everyone else, into believing that the companies were legitimate, solvent, and wildly profitable." Judge Kaplan didn't seem to agree, ultimately passing down a sentence greater than the five to seven years requested by prosecutors. He also will pay $6 million in forfeiture, $5 million in restitution, and spend three years on supervised release.

Salame is the first of Bankman-Fried's co-conspirators to be sentenced.

First, the team sniped their own $CAT token launch to obtain 63% of the token supply, ultimately selling a portion of it for around $5 million. Then, they took out $2.3 million and $1 million long positions on the ORDI and ETHFI tokens, respectively. Finally, they posted from the compromised influencer account to shill the ORDI and ETHFI tokens to his massive following. Ultimately, their gambit doesn't appear to have been incredibly successful: they made around $34,000 on the ORDI position, but lost $3,500 on the ETHFI position. However, as zachxbt noted, it's possible they also opened positions on centralized exchanges where the outcomes aren't publicly visible.

Although the token claimed to have a market cap of $42 million, the attacker was only able to cash out around 224 wETH (~$882,000). However, the losses to some holders of the token were much more substantial. One individual had put around $1.16 million into $NORMIE, and those holdings are now priced at around $150.

The attacker has been negotiating the possible return of funds to the project team, who has expressed interest in relaunching the token.

At first, people widely believed her account had been hacked, given how frequently celebrity token promotions turn out to be compromised Twitter accounts. Then, she began joining Twitter spaces and posting videos about the token, but with the emergence of more and more convincing deepfakes, even those didn't convince people that it was truly Jenner behind the token.

Despite the confusion — or perhaps because of it — the token has been popular.

The token launch was linked to Sahil Arora, a person allegedly connected to multiple celebrity rug pulls and pump-and-dumps. However, Jenner quickly turned on Arora shortly after the token's launch, posting on Twitter "FUCK SAHIL! He scammed us! BIG TIME!" and that "Sahil appears to be fully out".

Jenner is not the first in her family to get mixed up with crypto. In October 2023, her stepdaughter Kim Kardashian was fined over $1 million for unlawful touting of a crypto security.

Altogether, the attacker was able to swap around $21 million of the GALA tokens into ETH before the address was frozen.

The attacker was able to perform the exploit because they had access to a wallet with admin access to the Gala Games smart contract. It's not clear if the attacker is a rogue employee, or if an admin wallet was compromised.

As of writing, Gala Games has not publicly acknowledged the attack.

Deltec is a well-known bank in the cryptocurrency world, mostly for its ties to Tether and to FTX. In July 2023, US authorities seized tens of millions from Deltec accounts in connection to a cryptocurrency money laundering investigation. It's not clear if that was the same investigation.

Investigators for the bankruptcy proceedings found that Pleterski had invested less than 2% of customer funds. Around $16 million instead went to personal expenses, including luxury cars, a $45,000-a-month lakefront mansion, private jets, and vacations.

Even after being sued, filing for bankruptcy, and being kidnapped and beaten by angry investors, Pleterski flaunted his supposed wealth online. Much to the indignation of the creditors in his bankruptcy, he has continued to regularly livestream himself gambling for hours, spending $150,000 on Legos, and driving luxury cars.

Pleterski was released the same day he was arrested, thanks to a CA$100,000 (~US$75,000) surety bond posted by his parents.

A former employee — whose real identity is known — brazenly took credit for the theft on Twitter. They wrote: "everybody be cool, this is a r o b b e r y. ... I'm about to change the course of history. n then rot in jail. am I sane? nah. am I well? v much not. do I want for anything? my mom raised from the dead n barring that: life without parole."

In a Twitter Spaces chat, the attacker stated that he had worked for the company briefly, and that he had grievances against its management. "I just kind of wanted to kill Pump.fun because it's something to do... It's inadvertently hurt people for a long time," he said.

Pump.fun paused trading shortly after the attack, and stated that they were "cooperating with relevant parties, including law enforcement, to minimize the damage." The attacker responded to the post: "Neener neener neener".

According to the Justice Department, the Peraire-Buenos exploited a flaw in popular MEV software called "MEV-boost", which is used by most Ethereum validators. By creating their own validators and "bait transactions", they were able to trick MEV bots into proposing transactions involving illiquid cryptocurrencies, which the brothers then frontran. They were able to create false signatures that tricked a MEV-boost relay into releasing information about upcoming blocks that they were able to tamper with.

The brothers were charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering, and face up to 20 years in prison for each charge.

The Justice Department is describing the case as a "first-of-its-kind manipulation of the Ethereum blockchain". The case is an interesting one, as some believe the practice of MEV itself exploits Ethereum users. Others believe anything you can do with code should be allowed — "code is law". However, by signing false transactions and tricking the relay into releasing private information, the brothers' actions do seem to go beyond simply making profits in a "code is law" Wild West, and into the realm of actual fraud.

The attacker was successfully able to transfer around 13.8 million STX (~$2 million) on the Stack BTC layer-2 chain. However, their attempts to steal assets notionally worth around $4.3 million from the project's BNB Chain implementation failed when they upgraded the project contract to a malicious version, but failed to prevent other people from calling the withdraw function. The attacker's first transactions to withdraw the funds themself failed, and an apparent whitehat hacker was able to step in and complete the withdrawal ahead of the exploiter. They later negotiated a deal for the funds' return, after offering a 10% "bounty".

The exploiter had also tried, and failed, to steal assets notionally worth around $5 million on the Ethereum blockchain, but failed to do so. ALEX Lab later announced they were able to recover or secure around $4.5 million of those assets. ALEX also later announced that they believed the attackers were part of the North Korean Lazarus Group.

The case is a concerning one, as sanctioning software developers for how the code they write is used — particularly when it comes to software intended to protect privacy — has frightening implications. Although there is some precedent in the United States that "code is speech", and merely writing and publishing code is protected by the First Amendment, that obviously does not apply to the Netherlands. A collaborator to Pertsev, Roman Storm, is set to be tried on charges of money laundering and sanctions violations in the United States in September, and that case is likely to grapple with this exact issue.

After being alerted to the theft by several security companies, Sonne announced they had paused the contract on the Optimism Ethereum layer-2 chain.

Cypher was hacked for $1 million in August 2023, but was able to recover around $600,000 of the stolen funds, which they promised to distribute to impact users via a redemption fund. However, over a period of months and unbeknownst to the rest of the team, hoak had been dipping into the recovered funds — taking around half of what was in the fund for himself.

After he was accused, hoak fessed up in a public statement where he wrote that his actions were a "culmination of what snowballed into a crippling gambling addiction and probably multiple other psychological factors that went by unchecked for too long." He continued: "I know likely nothing I say or do will make things better - perhaps other than rotting in jail. To address the elephant in the room, the allegations are true, I took the funds and gambled them away. I didn’t run away with it, nor did anyone else."

In the past, Robinhood has removed cryptocurrencies from trading after they were alleged to be securities by the SEC, such as Solana (SOL), Cardano (ADA), and Polygon (MATIC) in the wake of the lawsuits against Binance and Coinbase. However, given the SEC's stance that most cryptocurrencies are securities, it seems likely that the SEC believes one or more of the 14 non-bitcoin cryptocurrencies Robinhood offers may also be a security.

Robinhood's Chief Legal Officer issued a statement that "We firmly believe that the assets listed on our platform are not securities and we look forward to engaging with the SEC to make clear just how weak any case against Robinhood Crypto would be."

GNUS.ai (short for "Genius", not a reference to the animal) is one of many AI-related blockchain projects that has sprung out of the recent AI hype. This particular one promises to allow people to "utiliz[e] unused cycles" on various computing devices for computation-intensive AI systems, using cryptocurrency for payments.

Cred had claimed to customers that they engaged in only "collateralized or guaranteed lending", hedged their investments, and "comprehensive insurance", but hid that "virtually all the assets to pay the yield were generated by a single company whose business was to make unsecured micro-loans to Chinese gamers." Furthermore, they did engage in uncollateralized lending, did not hedge their investments, and did not hold insurance as they had claimed.

Around $150 million in customer funds were lost in the collapse based on prices at the time, though those crypto assets would have been priced substantially higher at various times since.