CFTC subpoenas former company of Ben "BitBoy" Armstrong over crypto promotion

Ben Armstrong ("Bitboy Crypto") pictured sitting in a car, midsentence. Overlaid is the text "Use crypto risk free", the Bitcoin logo, and a wallet with coinsBen "BitBoy" Armstrong in one of his video thumbnails (attribution)
The CFTC has sent a subpoena to Hit Network, the crypto media company that was previously headed up by Ben "BitBoy" Armstrong until his rather public meltdown. According to The Block, the subpoena requested information about fifteen tokens, including the BitBoy-themed $BEN token, and the videos in which figures including BitBoy talked up their potential for price appreciation. The CFTC noted that the investigation was into a person who had engaged in crypto fraud.

Kujira token tanks as team's leveraged bets melt down

The team behind the Kujira project wound up with around $2 million in bad debt after taking some of their operational funds and using it to make leveraged bets on their own platform. They blamed "a series of events over the last few months, including exploits, socially engineered attacks and fallouts within the ecosystem" for causing the positions to be liquidated. The $KUJI token price crashed by more than 60% as a result of the team's poor risk management.

The Kujira team apologized for the fiasco, and announced a plan to create a DAO to take over the project treasury.

ConvergenceFi hacked for $210,000

An attacker took advantage of a flaw in the code for the yield farming project ConvergenceFi, draining it of all the tokens that had been allocated for staking emissions. Because a function call in the smart contract did not do proper validation, an attacker was able to provide their own smart contract that set the amount of tokens to return to anything they wanted. Naturally, the attacker set it to return all 58.7 million tokens available to them, which they quickly swapped to around $210,000 and laundered through Tornado Cash.

Although ConvergenceFi described itself as audited, they admitted they had made changes to that portion of the code after the audits.

They assured their users that all user funds were safe, but recommended that users remove their staked funds from the platform.

ZKX decentralized exchange shuts down in what some VCs are describing as a rug pull

The Starknet-based decentralized exchange ZKX abruptly shuttered operations on July 30, with an announcement from founder Eduard Tur explaining that they had "been unable to find an economically viable path for the protocol."

ZKX had raised $4.5 million in seed funding from investors including the now-bankrupt Alameda Research, Starkware, HTX, Amber Group, ArkStream Capital, and HashKey Capital. The project had announced a second, $7.6 million raise only a few weeks before its shutdown.

People at Amber Group, ArkStream, and HashKey publicly criticized the lack of transparency from ZKX around its financial situation. Ye Su, a founding partner at ArkStream, explained that he felt they had been "rug pulled".

Blockchain sleuth zachxbt joined the VCs in characterizing the project as a rug, and further elaborated that he felt the retail investors who had purchased the project's token only weeks earlier had been tricked into buying a token by the project team, who "misled the community/retail ... by giving the appearance the project was healthy and strong when in reality they were in a bad position and about to shut down."

BitClout founder arrested on wire fraud charges

Nader Al-Naji, also known as "Diamondhands", was arrested on wire fraud charges relating to his BitCloud crypto social media platform. He was simultaneously charged by the SEC with selling unregistered securities.

According to the criminal charges, Al-Naji misled investors, including by taking $3 million from an investor and using it for his own personal expenses and gifts to family. Al-Naji had told investors that the sales of the platform's token would not go to him or to other employees.

The SEC complaint separately alleged that Al-Naji had tried to falsely present the BitClout project as decentralized, including by soliciting a letter of opinion from a law firm that his tokens were not likely to be deemed securities, which was based on mischaracterizations.

BitClout raised money from various prominent firms, including Andreessen Horowitz, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital.

DraftKings abruptly shutters its Reignmakers NFT project and marketplace due to "recent legal developments"

American sports gambling behemoth DraftKings announced the shutdown of its Reignmakers NFT game and NFT marketplace, effective immediately. Reignmakers was a fantasy sports game that allowed players to purchase digital trading cards used for digital fantasy leagues.

In an announcement in the project Discord and on their website, DraftKings wrote that the shutdown was "due to recent developments". They offered holders the ability to cash out their Reignmakers cards "based on factors that include, but are not limited to, the relative size and quality of your digital game piece collection". Holders were also invited to transfer their NFTs to their own cryptocurrency wallets, although the DraftKings-run "contests" in which people used their NFTs to try to earn rewards and win prizes will no longer exist. It's also unclear whether some NFTs, built to not be transferrable off-marketplace, will be able to be retained by their holders.

Members of the DraftKings Discord reacted with chagrin to the news, and doubt that the vague promises of cash payments would amount to much. "What kind of compensation u think we get coming to us? Pennies?" wrote one. "Yeah I'm out like $20k," said another. Some blamed the shutdown on a recent lawsuit from a holder of the Reignmakers NFTs who lost $14,000 — a lawsuit which recently survived the motion to dismiss stage.

Compound DAO passes $24 million proposal in alleged governance attack

A controversial proposal in front of the Compound Finance DAO has narrowly passed, granting 499,000 COMP (~$24 million, and amounting to 5% of the project's treasury) to an outside group. A Compound Finance whale, "Humpy", proposed the vote to allocate the tokens to a protocol created by a group called the "Golden Boys", which Humpy also leads. The vote was the third attempt to allocate tokens to the Golden Boys' group, after two unsuccessful votes in May and earlier in July.

Humpy has previously been accused of governance attacks on other protocols, including Balancer and SushiSwap.

Prior to the proposal's passage, some Compound Finance DAO members raised objections. "In my personal opinion, the actions of Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates," stated Compound Finance security adviser Michael Lewellen, who also described the proposal as "a malicious attempt to steal funds from the protocol".

Afterwards, Lewellen wrote that "OpenZeppelin is working with all active delegates and Compound contributors to assess our options for protecting the protocol. We see serious risks to the future decentralization of the DAO as a result of Proposal 289 passing and so we are exploring options to mitigate or reverse this outcome."

MonoSwap hacked for at least $1.3 million

The MonoSwap DEX announced on July 24 that it had been compromised, and urged its users to withdraw their funds to avoid losses. According to the project team, one of their developers had been lured into a call with someone pretending to be a venture capitalist, who convinced them to download what they claimed was video call software, but which instead was malware. MonoSwap claimed this gave the hackers "access to all MonoSwap-related wallets and contracts".

The malicious video chat software attack vector has been widely used in the crypto world, with a victim losing cryptocurrency to an attacker using the same technique and impersonating an Andreessen Horowitz partner last month.

So far, the MonoSwap attacker has laundered $1.3 million via the Tornado Cash cryptocurrency mixer.

dYdX v3 exchange website compromised amid sale announcement

Crypto exchange dYdX has announced that the website for their v3 exchange was compromised, and is urging people not to use it. This announcement came almost simultaneously with a report from Bloomberg that the company behind the exchange was looking to sell the software behind the v3 exchange, after they’d upgraded to what they call v4.

The affected domain was hosted on Squarespace, which could connect this compromise to similar events earlier in the month affecting domains registered there.

ETHTrustFund rug pulls for $2.2 million

The operators of a project called ETHTrustFund on Coinbase's Base layer-2 Ethereum blockchain have apparently rug-pulled the project. The ETHTrustFund project was a fork of the Olympus DAO project on Base, but there was months of inactivity on the project following its March launch. Then, on July 20, the developer deleted his Telegram and Twitter accounts and the project's website, and suddenly moved the project treasury to a new wallet. The funds were then laundered through Railgun and Tornado Cash.

RHO Markets lending protocol loses $7.6 million to apparent whitehat

An apparent misconfiguration by the RHO Markets lending protocol allowed operators of an MEV bot to take $7.6 million from the project's users across multiple chains.

In a stroke of luck for the RHO team, the MEV bot operator sent RHO an on-chain message indicating they were willing to return all of the funds, although they first demanded that RHO "admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."

RHO is built on the Scroll Ethereum layer-2 network. Scroll temporarily paused the chain as RHO investigated the loss.

WazirX exchange hacked for $235 million

After a $230 million "suspicious transfer", Indian cryptocurrency exchange WazirX has paused withdrawals and acknowledged that one of their multisignature wallets was compromised. The attacker began selling off the tokens, causing the price of tokens like Shiba Inu to drop around 10%.

WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.

WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.

Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users.

Trip.com accused of "rug pull" as it shuts down its Trekki NFTs

An illustration of a bright blue cartoon dolphin, wearing a safari hat and vest, holding a cameraTrekki NFT (attribution)
Travel company Trip.com has some perturbed crypto holders on its hands, after shutting down the "Trekki" NFT project it launched in June 2023. The company's dolphin-themed NFTs had come with a roadmap that promised eventual staking features, "travel to grow" and "travel to earn" mechanisms, and other developments, which have been cancelled. However, Trip.com promised that its discount coupon functionality would remain.

"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.

Users of LI.FI protocol suffer losses of at least $10 million

Users of the cross-chain swapping API LI.FI Protocol, and of projects that build on top of it, suffered wallet drains amounting to at least $10 million (and counting). An attacker was able to exploit the users who had set infinite approvals. The protocol urged those who had interacted with several affected smart contracts to revoke permission, and warned: "Please do not interact with any LI.FI powered applications for now!"

Three arrests made in relation to Metamax pyramid scheme

Three people have been arrested in connection to a crypto pyramid scheme called Metamax. Those behind the scam promised that people who invested in the scam could then earn income of up to $400 a day simply by watching, sharing, liking, and reviewing videos. There was, of course, a referral component as well, where people earned commission on the "investments" of people they referred. And for people who chose to invest in one of Metamax's fixed investment plans, they were promised 1.5% daily returns.

Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.

Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.

Minterest hacked for $1.4 million

An attacker stole $1.4 million from the defi lending project Minterest. Using a flash loan attack, they manipulated the exchange rate calculated by the project, allowing them to withdraw more tokens than they originally loaned.

Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.

Dough Finance hacked for $1.9 million

Defi platform Dough Finance was hacked for 608 ETH ($1.8 million) by a hacker using a flash loan attack funded through the Railgun privacy service.

Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.

Popular defi protocol websites replaced with wallet drainers amid mass Squarespace domain hijacking

Websites providing the frontends for some popular defi services, including Compound Finance, were compromised and replaced with wallet drainers: websites resembling the usual frontend, but which drain unsuspecting users' wallets when used.

Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.

The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."

Web2 is going just great!

OmegaPro founder arrested for allegedly running crypto Ponzi

Turkish authorities arrested Andreas Szakacs, also known as Emre Avci, for his role in the OmegaPro cryptocurrency Ponzi scheme. Victims were invited to make small investments in the "Omega Invest" application, which made quick returns. They were enticed to invest more and more, but when they attempted to withdraw funds, they discovered the money had been taken. Altogether, victims have claimed around $103 million in losses.

The OmegaPro Ponzi scheme was reportedly linked to the OneCoin crypto Ponzi, whose operators stole at least $4 billion from millions of victims since 2019. Multiple people associated with OneCoin have been arrested, including its co-founder Karl Sebastian Greenwood, but its "Cryptoqueen" co-founder Ruja Ignatova was one of Europol's most wanted fugitives and remains the subject of an Interpol red notice.

Doja Cat's Twitter account hacked to promote meme token

Tweet by Doja Cat: "buy $DOJA or else" followed by a Solana address. There's a photo of her brandishing a toy scimitar and she's wearing a chainmail hood.Tweet from Doja Cat's hacked account (attribution)
The Twitter account belonging to rapper Doja Cat was compromised on July 8, tweeting to her 5.6 million followers that they should "buy $DOJA or else", and various other messages to that effect. Doja Cat quickly posted on her Instagram account to say that the Twitter account had been compromised.

The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.

Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.

Bittensor wallets drained

Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth around $8 million, was siphoned. Although blockchain sleuth zachxbt hypothesized that the attack may have been thanks to a private key leak, Bittensor later claimed that affected users had in fact been compromised by a malicious Bittensor package that had been uploaded to Python's PyPi package manager. It's not yet clear how the malicious package made it onto the package manager.

Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.

Silvergate Bank pays $63 million to settle charges from multiple agencies

More than a year after the crypto-friendly Silvergate Bank collapsed, its parent company has agreed to pay $63 million in fines to the Federal Reserve and California Department of Financial Protection and the Innovation. The SEC also imposed a $50 million fine, though the terms of the settlement noted this "may be offset" by the other penalties.

According to the regulators, Silvergate "had serious deficiencies" in its anti-money laundering programs, including in its intra-customer crypto transfer product. In particular, the SEC highlighted $9 billion in suspicious transfers among FTX entities that should have been detected by compliance programs. The SEC also alleged that Silvergate misrepresented its financial state during the post-FTX collapse bank run.

Yield App declares insolvency, citing FTX losses

Yield App, a crypto investment platform, has announced that it will be entering liquidation proceedings. Citing "significant financial challenges", the project announced that the platform would be suspended pending liquidation.

In the immediate aftermath of the FTX collapse in November 2022, Yield App CEO Tim Frost had assured customers that "Yield App has no exposure to Alameda or the FTT token, and no signifiant exposure to FTX". However, Yield is now — going on two years after the FTX collapse — claiming to be suing "several hedge funds" that had lost money on FTX.

SEC sues Consensys, maker of MetaMask wallet

As expected, the SEC has filed a lawsuit against Consensys, the maker of the popular MetaMask cryptocurrency wallet. Although Consensys had recently gloated about the SEC completing an investigation into the company's offering of ETH, and determining not to pursue action over it, a Wells notice sent to the firm in April suggested that some legal action was impending. Shortly afterwards, Consensys filed a lawsuit against the SEC, alleging regulatory overreach.

The SEC's lawsuit claims that Consensys violated securities laws by acting as an unregistered securities broker, and by offering staking services that constituted unregistered securities offerings. The SEC has previously cracked down on staking offerings by other firms, including Coinbase and Kraken.

Logan Paul files defamation lawsuit over Coffeezilla's coverage of his failed CryptoZoo project

Logan PaulLogan Paul (attribution)
A year and a half after threatening to sue YouTuber Coffeezilla for his series of videos exposing influencer Logan Paul's (alleged) role in (allegedly) scamming his large following with a failed blockchain game, Paul has followed through on the threat. Although he acknowledges in the lawsuit that the project was definitely a scam, Paul says that he too was duped by several "conmen" who he'd brought on as advisers.

In the lawsuit, Paul claims that Coffeezilla knowingly falsely accused Paul of being in on the scam in hopes of getting more attention on his videos. Paul is seeking more than $75,000 in damages.

In January 2024, Paul filed suit against the advisers he's described as "conmen". He's also pointed the finger at them while defending a potential class action complaint from defrauded investors.

FBI busts group of crypto-seeking home invaders

The Department of Justice busted a group of more than a dozen people, led by a 24-year-old man named Remy St. Felix, who perpetrated a string of break-ins and violent assaults in hopes of obtaining their victims' cryptocurrency holdings. The group seems to have been far more successful with their hacking thefts than with their in-person attempts to obtain cryptocurrency, but that didn't stop them from committing a string of eleven break-ins where they assaulted, threatened, and kidnapped victims.

In one case, a victim was able to transfer $150,000 in cryptocurrency to the attackers before their cryptocurrency exchange blocked the suspicious transfers. However, in their other attempts to physically steal crypto, they were unsuccessful, with victims either refusing to hand over their crypto or successfully escaping.

In one case, St. Felix and his associates targeted a woman from whom his group had already stolen $3 million in a SIM swapping attack. When they broke in and held the woman at gunpoint to try to steal the $500,000 in crypto she had left, the woman refused to turn over her password to her cryptocurrency account, so dismayed by her earlier loss that she told the men just to shoot her.

St. Felix was convicted on nine counts by a federal jury, and faces a sentence of seven years to life in prison. Thirteen co-conspirators also pleaded guilty.

Farcana token plummets 60% amid murky explanations

The token for the Farcana blockchain shooting game plummeted in value by around 60%. First, the project team announced that one of the project wallets had been compromised. However, they later deleted that tweet, then claimed that one of their market makers had been compromised. They emphasized that their wallets had not been hacked, and that their smart contracts had not been exploited.

23.8 million FAR were taken from a wallet, and the majority were sold for around $164,000 in USDT. The exploiter still holds 3.4 million FAR, which are notionally worth $83,250 but not likely to be sellable for that amount.

Farcana raised $10 million in seed funding in November 2023 from investors including Animoca and Polygon Ventures.

Victim loses $11 million to permit phishing

A victim lost $11 million in Aave Ethereum (aEthMK) and Pendle USDe tokens after signing several permit phishing signatures. Permit phishing is a technique in which scammers convince a victim to sign a transaction that grants broad permissions, allowing the scammer to then drain assets from the wallets.

Sportsbet.io likely hacked for $3.5 million

It appears that the online crypto sports betting platform Sportsbet.io suffered a theft of around $3.5 million in USDT and Tron's TRX tokens. The theft was observed by crypto sleuth zachxbt, who noted that the theft seems to have been perpetrated by the same attacker who stole at least $55 million from the BtcTurk cryptocurrency exchange only hours earlier.

SportsBet has not yet disclosed any theft.

"Read-only" CoinStats crypto application enables wallet breaches

CoinStats, an application promising to help people track their cryptocurrency holdings, has suffered a breach impacting more than 1,500 user wallets.

The application asks its users to connect their wallets to allow it to track their holdings, but promises on the website that it offers "the ultimate security for your digital assets". "Since we ask for read-only access only, your holdings are perfectly safe under any conditions," the website promises, later touting its "military-grade encryption".

CoinStats shut down the platform while investigating the incident. Losses have been estimated at around $2.2 million.

50 Cent claims his accounts were compromised to promote a memecoin

Tweet by 50cent: "Get Rich or Die Tryin! 💪🏾 Get the official $GUNIT Now"Scam tweet from 50 Cent's account (attribution)
50 Cent has claimed his Twitter account and website were hacked to promote a memecoin called $GUNIT. "I have no association with this crypto," the rapper wrote on Instagram.

50 Cent also claimed in the post that "Who ever did this made $300,000,000 in 30 minutes." It's not clear where 50 Cent got this number, because the token has only done $19.8 million in volume. One wallet made around $722,000 off the token, and three others also made over $100,000.

BtcTurk exploited for at least $55 million

The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted deposits and withdrawals while investigating, and said they are working with law enforcement.

It appears that assets notionally worth around $55 million were stolen. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.

According to newly installed Binance CEO Richard Teng, Binance froze $5.3 million of the stolen assets.

CertiK and Kraken accuse each other of misconduct over bug report and $3 million "testing"

Prominent blockchain security firm CertiK has accused American cryptocurrency exchange Kraken of threatening them after they reported a bug. According to CertiK, they discovered a bug in the exchange software, which they tested with multiple transactions over several days. Some of these were large transactions, which CertiK said they performed to test whether Kraken had alerting in place to detect higher-value transfers. When they reported the vulnerability to the exchange, they say the exchange patched the bug, but then threatened CertiK employees and demanded they repay a "mismatched" amount of crypto allegedly taken during the testing period.

However, others have noted that the number of transactions and amount of cryptocurrency taken by CertiK while "investigating" the bug seems to far exceed the norm for whitehat security researchers, and that they took cryptocurrency amounting to millions of dollars — making their "testing" look a lot more like a blackhat theft. Furthermore, CertiK made several transfers to Tornado Cash as part of their "testing" — an entity that is sanctioned by the United States.

Kraken alleged that CertiK did not disclose the full extent of their employees' transactions, and refused to return the $3 million they had taken. They also alleged that CertiK had attempted to extort them. Kraken said they had been in contact with law enforcement, and were "treating this as a criminal case".

Ultimately, CertiK returned the funds. However, it's not clear if criminal action may be ongoing.

Martin Shkreli claims to have been behind a Donald Trump memecoin

Martin Shkreli sits at a table, arms crossed and smirkingMartin Shkreli (attribution)
After Arkham Intelligence announced a $150,000 bounty for anyone who could prove the identity of the person behind a Donald Trump memecoin called $DJT, blockchain sleuth zachxbt quickly rose to the occasion. He submitted evidence that Martin Shkreli, the "pharma bro" who spent years in federal prison for financial fraud and who was previously known for hiking the price of an anti-malaria drug 56×, was behind the token. This wouldn't have been Shkreli's first foray into the blockchain world, after he launched a "web3 drug discovery platform", and then later dubiously claimed to have been hacked for over $450,000 after his computer was infected by a trojan after he torrented a porn video.

Shkreli attempted to frontrun the news in a Twitter space, and came out with his own claims that he had collaborated with Barron Trump to create the token, and with Andrew Tate to pump its price. However, fellow felon and memecoin pumper Roger Stone subsequently crawled out of the woodwork to claim that neither Barron nor Donald Trump was involved with $DJT.

Shkreli has yet to provide solid proof that he created the memecoin, though zachxbt's research tends to be very strong. If true, Shkreli faces potential legal repercussions, as he is still on parole after his release in 2022. The terms of his parole require him to "refrain from engaging in self-employment which involves access to client's assets, investments, or money, or solicitation of assets, investments, or money", and to make financial disclosures to the courts. Shkreli was also banned from the securities industry in 2018, as part of a settlement with the SEC.

Holograph exploited for more than $1.2 million

The Holograph tokenization project was exploited on June 13 after they took advantage of a flaw in a smart contract that allowed them to mint 1 billion HLG tokens. Notionally worth $14.4 million at the time the tokens were minted, relatively low liquidity meant that the introduction of a billion additional tokens crashed the token price by 80%. The attacker ultimately was able to cash out around 348 ETH (~$1.2 million).

One of the addresses involved in the exploit appears to have contributed to the Holograph protocol, though it's not clear if they took advantage of insider knowledge to pull off the heist.

UwU Lend re-enables protocol after hack, immediately gets hacked again

After suffering a $20 million loss in a June 10 hack, the UwU Lend defi lending protocol has now seen another $3.7 million in suspicious outflows only days later. Although UwU Lend paused the protocol after the attack, they re-enabled it on June 12, claiming to have identified and resolved the vulnerability. This apparently wasn't the case, given the same attacker quickly repeated their exploit.

UwU Lend was created by Michael Patryn, aka Omar Dhanani, aka "0xSifu", who has been behind several cryptocurrency projects that have suffered major exploits. This is not exactly helping concerns among some observers that perhaps Sifu is the common denominator in these suspicious losses.

Phishing scammers impersonate Andreessen Horowitz employee to drain crypto wallets

DMs from a person impersonating Peter Lauten:
Impersonator: "hi 👋"
Victim: "Hello Peter"
Impersonator: "It's great connecting with you here. I'm from @a16z, and we're on the lookout for compelling stories in the web3 space for our "My First 16" podcast. We love diving into the early stages of innovative projects - the ups, the downs, and everything in between."Messages from a scammer impersonating Peter Lauten (attribution)
Attentive phishers noticed when Andreessen Horowitz partner Peter Lauten changed his Twitter username from @peter_lauten to @lauten, and snapped up the previous username. They then began contacting various targets in the cryptocurrency world, asking to set up meetings to arrange appearances on the venture capital firm's crypto podcast.

The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.

According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.

Terraform Labs, Do Kwon reach $4.5 billion settlement with the SEC

Terraform Labs and its former CEO Do Kwon have agreed to settle the SEC's civil action against them with a $4.5 billion payment of disgorgement, interest, and penalties. Kwon and the company were behind the collapsed Terra/Luna stablecoin project, which imploded in May 2022. It was among the first dominoes in what ended up being an industry-wide collapse.

If the settlement is approved by the judge, Kwon will personally be responsible for around $200 million of the settlement payment, with Terraform Labs shouldering the rest. Although the settlement is among the largest the SEC has received in a securities fraud lawsuit, it's unlikely the company will ever pay anything close to the total amount, as it is in bankruptcy and claims to have only around $150 million in assets remaining. Both the company and Kwon will be banned from trading crypto asset securities.

The substantial fine is among the lesser of Kwon's worries at the moment, as he is still in jail in Montenegro pending extradition to either South Korea or the United States to face serious criminal charges for his role in the fraud.

UwU Lend suffers almost $20 million hack

The defi lending protocol UwU Lend was hacked for around $20 million. After various blockchain security firms observed suspicious outflows of funds, the protocol acknowledged there had been a "situation" on their Twitter account, and wrote that they had paused the protocol while they were investigating.

UwU Lend was founded by Michael Patryn, aka Omar Dhanani, aka "0xSifu" — a co-founder of the ill-fated QuadrigaCX exchange and ex-con. He also pseudonymously ran the defi cryptocurrency project Wonderland until his identity was revealed after the protocol suffered a meltdown.

Loopring's "most secure" wallet hacked for at least $5 million

Although Loopring markets its wallet application as "Ethereum's most secure wallet", that's evidently a pretty low bar. They disclosed that they had suffered a breach in their wallet recovery service, which allows individuals to designate trusted entities to recover assets or freeze compromised accounts. An attacker was able to "recover" assets from wallets that had only designated a single Loopring guardian, pilfering at least $5 million.

Loopring announced that they had suspended their account recovery operations, and were working with law enforcement to trace the attackers.

New York Attorney General sues over $1 billion NovaTech and AWS Mining crypto pyramid schemes

Cynthia and Eddy Petion, with a car behind them printed with the NovaTech brandingCynthia and Eddy Petion (attribution)
The New York Attorney General’s office has sued Cynthia and Eddy Petion over two allegedly fraudulent cryptocurrency pyramid schemes called AWS Mining and NovaTech. They particularly targeted victims of Haitian descent, promoting their schemes in Creole, leveraging their victims’ religion, and promising them “financial freedom” and “freedom from the plantation”.

In reality, the schemes were pyramid schemes in which investors earned crypto for recruiting others to buy in. NovaTech also used the funds from newer investors to pay out the supposed “returns” from the investment scheme, in a classic Ponzi fashion. From August 2019 – April 2023, victims deposited more than $1 billion into NovaTech. Though it was described as a trading operation, only about $26 million ever went into crypto trading.

In June 2022, the couple secretly sold their Florida house and moved to Panama, while continuing to pretend they were in the state. Speaking to another operator of the scheme, Cynthia Petion advised: “leave the country…they can’t serve you if they can’t find you lol.”

Blockchain developer loses over $48,000 after posting private key to Github

A blockchain developer posted on Twitter that he had lost almost $50,000 after his cryptocurrency wallet was drained. He explained that he had been working on a software project on Github in a private repository that contained his wallet's private key. In order to apply for a funding grant from the Optimism project, he had to make the repository public. However, he forgot that the secret key was in the repository.

Generally, it is very bad practice to store sensitive secrets in Github, even when projects are set to private.

"Got drained of everything," he wrote on Twitter. A commenter asked how long it took for the attacker to steal the money after the private key became publicly visible. "2 min", he replied.

Lykke exchange hacked for over $23 million

The UK-based Lykke crypto exchange suffered an exploit that saw more than $23.6 million stolen from the platform. The platform shut down trading two days later, and some customers reported seeing balances of 0 in their accounts.

The theft was first noticed by outside researchers, who saw the suspicious outflows and accused the platform of not communicating the security breach to its customers. The following day, Lykke acknowledged the attack and informed customers via email.

DOJ indicts Epoch Times executive for crypto scam

Widong "Bill" Guan, Chief Financial Officer of the far-right Epoch Times media company, has been indicted on money laundering conspiracy and bank fraud charges for his alleged involvement in a cryptocurrency scam and money laundering operation. According to the Justice Department, Guan used cryptocurrency to purchase prepaid debit cards that were loaded with fraudulently obtained unemployment insurance benefits. Guan and others then laundered the funds through bank accounts they'd fraudulently opened using stolen personal information.

According to the DOJ, banks became suspicious when the revenue for the Epoch Times increased 410% — from around $15 million to around $62 million — from the previous year.

Velocore decentralized exchange exploited for $6.8 million, Linea blockchain halts in response

The Velocore DEX, built on the Linea Ethereum layer-2 blockchain, was exploited for around $6.8 million in ETH. The hacker was able to take advantage of a bug in the project's smart contract in the logic to calculate swap fees. Using a flash loan attack funded through Tornado Cash, the attacker drained most of the tokens from the pool, bridged the tokens back to the Ethereum mainnet, and then tumbled the stolen funds back through Tornado.

In an unusual move, the operators of the Linea layer-2 blockchain chose to unilaterally halt the chain in order to stop the outflow of stolen assets. Because Linea — like many layer-2 chains — is highly centralized, it was possible for the Linea team to unilaterally stop the production of blocks.

This was very controversial, as a single operator being able to unilaterally control the operation of a blockchain goes against much of the cryptocurrency ethos. Following their action, they tried to explain that "Linea's goal is to decentralize our network - including the sequencer. When our network matures to a decentralized, censorship-resistant environment, Linea's team will no longer have the ability to halt block production and censor addresses - this is a primary goal of our network".

Japanese crypto exchange DMM Bitcoin loses $308 million

A Japanese cryptocurrency exchange called DMM Bitcoin has announced that they suffered an "unauthorized leak" of 4,502.9 bitcoin (~$308 million) from a company wallet. They've provided very little in additional details around how the loss occurred, or who may have been involved. They have taken some of their services offline as they investigate the incident.

The company claims it will replace the lost funds with help from other companies in their group.

This is one of the largest cryptocurrency thefts in recent history, rivaling the roughly $320 million theft from the Wormhole bridge in February 2022 and the $477 million theft from FTX in November 2022.

FTX executive Ryan Salame sentenced to 7.5 years imprisonment

Ryan SalameRyan Salame (attribution)
Ryan Salame was the CEO of FTX Digital Markets which was the Bahamian portion of the FTX business. In September 2023, just before Sam Bankman-Fried's trial began, Salame pleaded guilty to one count each of conspiracy to operate an unlicensed money transmitting business and conspiracy to make unlawful political contributions and defraud the Federal Election Commission. He was the only co-conspirator of four to not plead under a cooperation agreement, and he did not testify at Bankman-Fried's trial.

In his sentencing memo, Salame asked for a sentence of no more than 18 months imprisonment, claiming that "he was duped, as was everyone else, into believing that the companies were legitimate, solvent, and wildly profitable." Judge Kaplan didn't seem to agree, ultimately passing down a sentence greater than the five to seven years requested by prosecutors. He also will pay $6 million in forfeiture, $5 million in restitution, and spend three years on supervised release.

Salame is the first of Bankman-Fried's co-conspirators to be sentenced.

Memecoin team accused of hacking influencer Twitter account to manipulate markets

According to crypto sleuth zachxbt, the team behind the Solana-based $CAT memecoin hacked the Twitter account of "Gigantic-Cassocked-Rebirth" (@GCRClassic) crypto influencer.

First, the team sniped their own $CAT token launch to obtain 63% of the token supply, ultimately selling a portion of it for around $5 million. Then, they took out $2.3 million and $1 million long positions on the ORDI and ETHFI tokens, respectively. Finally, they posted from the compromised influencer account to shill the ORDI and ETHFI tokens to his massive following. Ultimately, their gambit doesn't appear to have been incredibly successful: they made around $34,000 on the ORDI position, but lost $3,500 on the ETHFI position. However, as zachxbt noted, it's possible they also opened positions on centralized exchanges where the outcomes aren't publicly visible.

"Normie" memecoin plummets 99% after exploit

An attacker perpetrated a flash loan attack on the "Normie" memecoin on the Base layer-2 blockchain to drain millions of NORMIE tokens. The vulnerability was evidently discovered in March, but never patched.

Although the token claimed to have a market cap of $42 million, the attacker was only able to cash out around 224 wETH (~$882,000). However, the losses to some holders of the token were much more substantial. One individual had put around $1.16 million into $NORMIE, and those holdings are now priced at around $150.

The attacker has been negotiating the possible return of funds to the project team, who has expressed interest in relaunching the token.

Caitlyn Jenner launches memecoin amid deepfake confusion

Tweet by Caitlyn Jenner: "make america great again!!! 🇺🇸 and we love crypto! @pumpdotfun 🫡" with a photo of Jenner grasping hands with Donald TrumpJenner's launch tweet (attribution)
Olympic athlete-turned-Trumpworld media personality Caitlyn Jenner has confused many by apparently launching a memecoin on pump.fun and heavily promoting it on her Twitter account with more than 3 million followers. Her original post featured a photo of her grasping hands with Donald Trump, with the text "make america great again!!! 🇺🇸 and we love crypto!".

At first, people widely believed her account had been hacked, given how frequently celebrity token promotions turn out to be compromised Twitter accounts. Then, she began joining Twitter spaces and posting videos about the token, but with the emergence of more and more convincing deepfakes, even those didn't convince people that it was truly Jenner behind the token.

Despite the confusion — or perhaps because of it — the token has been popular.

The token launch was linked to Sahil Arora, a person allegedly connected to multiple celebrity rug pulls and pump-and-dumps. However, Jenner quickly turned on Arora shortly after the token's launch, posting on Twitter "FUCK SAHIL! He scammed us! BIG TIME!" and that "Sahil appears to be fully out".

Jenner is not the first in her family to get mixed up with crypto. In October 2023, her stepdaughter Kim Kardashian was fined over $1 million for unlawful touting of a crypto security.