...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
DeltaPrime paused the protocol on both Arbitrum and Avalanche, stopping the attacker from being able to steal more funds than they already had.
DeltaPrime was hacked previously on September 16, losing $6 million after a leaked private key enabled an attacker to mint a huge number of the platform's stablecoin deposit receipts.
Short of finding a vulnerability in Renzo, the trader's only real choice is to plead with Renzo to change their smart contract in such a way as to release the funds. While this is technically possible, Renzo has told the trader they could not grant his request due to "regulatory limitations".
Other crypto platforms affected included TEN Finance and Movement. Because the animations library is widely used, other non-crypto-related websites also showed the prompt.
Shortly after the theft, M2 acknowledged the hack and announced that "the situation has been fully resolved". This apparently involved M2 restoring customer funds from their own assets, rather than recovering the stolen assets.
In the process of selling off tokens, an arbitrage bot was able to take advantage of the price difference by selling the rapidly crashing SUN token into a second liquidity pool that apparently went unnoticed by the hacker, and the bot operator also profited around $560,000.
The government has not made any statements regarding the movement of assets.
The following day, $19.3 million in tokens were returned to the original wallet.
As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.
Both studios had several games in progress, and two of Phoenix Labs' games were explicitly designed for younger players. Developers reportedly voiced discomfort with incorporating blockchains into the games, selling digital items to children.
Later, Forte pulled the plug on several in-development games at both studios. Then, Forte shut down Rumble in 2024, laying off all employees. Forte also laid off over 100 people from Phoenix Labs that year.
Various security researchers have observed that the attack appears to be linked to a slew of social engineering attacks perpetrated by cybercriminals out of North Korea.
This is the second Radiant Capital exploit this year, after a $4.5 million theft in January that was enabled by an unaddressed vulnerability in the underlying Compound Finance code.
Kwon urged the Cosmos governance team to perform a full audit of the code written by these developers, and develop more protocols to prevent issues like this going forward. He also called for the governance team to blacklist Zaki Manian.
The attacker stole around $1.1 million of the cartoon frog-themed PEPE tokens, and another roughly $50,000 of the also cartoon frog-themed APU token.
After the incident, some questioned why the tokens had been sent to an investor without a vesting contract, given they were supposed to be locked for a period of time to prevent sale.
The victim wallet sent a message to the thief, offering "a peaceful resolution to this situation" in which the thief could keep 20% of the total amount taken (around $6.5 million).
A security firm working with Bedrock had tried to warn Bedrock of the vulnerability several hours before the attack, but the team was asleep. The vulnerable contracts had been deployed a day and a half prior to the attack, and had not been audited.
Fortunately for Bedrock, security groups were able to pause third-party projects surrounding Bedrock, which helped to limit the losses — which ultimately could have been as high as the entire value of funds on the protocol.
Onyx apparently didn't learn their lesson the first time around, when they were exploited for $2 million in November 2023 by an attacker taking advantage of a known vulnerability affecting empty markets on the protocol. This same bug seems to have contributed to this exploit, although Onyx has claimed the hack was due to a separate vulnerability in an NFT liquidation contract.
Truflation is a blockchain-based project that provides economic data including inflation rates and asset valuations. The platform has been backed by Coinbase Ventures, Chainlink, and others.
This latest hack is only the latest in a slew of Twitter account compromises "announcing" a scam token. Over a year, OpenAI CTO Mira Murati had her account hacked to promote an "$OPENAI" token. Three months ago, accounts belonging to chief scientist Jakub Pachocki and researcher Jason Wei were hacked and used to post the same scam as today.
Shortly after the attack, Shezmu offered a 10% "bounty" for the return of the funds. The attacker responded that they would only consider a 20% bounty. Shezmu agreed to the terms, and announced to their followers that they had achieved a recovery from the "white hat" hacker.
Some accused the exchange of trying to cover up the theft by announcing "temporary wallet maintenance" without disclosing that a theft had occurred. The team later announced that "there has been minor asset loss", and stated that the lost funds would be restored out of the company's capital.
Around $10 million of the stolen assets were frozen during recovery efforts after the theft.
Websites for these exchanges now show notices announcing a law enforcement operation called "Operation Final Exchange". The page announces to visitors "This was your final exchange!", and in a letter addressed to "ransomware affiliates, botnet operators and darknet vendors", warns that authorities are now working to trace the illicit users of the exchange.
Banana Gun acknowledged the attack on Twitter and shut down the bot. They posted that they did not believe their backend was compromised, and stated that they believed the attack occurred via a "front-end vulnerability" — though it was not clear what this might have referred to.
The FBI raided a luxury home in Miami in connection to the theft, and arrested two men in their early twenties. Authorities worked with crypto investigators including zachxbt to trace the stolen funds.
The company and co-founders will pay fines, and the individuals will agree to five-year bans from serving as officers or directors.
The regional SEC director stated, "We will not be deterred by someone labeling a product as 'decentralized' and 'autonomous'," alluding to crypto firms' tendencies to try to skirt securities regulations by claiming to be "decentralized".
Rari has featured on Web3 is Going Just Great before, when they were exploited for around $80 million in April 2022 and when they were exploited for around $15 million in May 2021. The project effectively wound down soon after the second theft.
They later were able to deactivate the website and regain control of the domain. "Remember scammers are always chasing you," they wrote on Twitter.
DeltaPrime acknowledged the attack on Twitter, and announced that "the risk is contained". They also stated that they were "looking into other ways to reduce user losses to a minimum", including by pulling from the protocol's insurance pool.
Nguyen famously removed the game from app stores shortly after it surged to popularity, stating that he felt guilty that people were becoming addicted to the game. This makes the game's reappearance — complete with loot boxes and other addictive features — feel somewhat dark.
On September 15, Nguyen returned from a seven-year Twitter hiatus to post: "No, I have no related with their game. I did not sell anything. I also don't support crypto."
Although Nguyen held the Flappy Bird trademark, he did not sell it to this group. Instead, they registered the trademark themselves after arguing he had abandoned it.
"There is still time. You can still roll it back and pretend it never happened. Please. None of us want this crypto slop, this desperate cash grab, this attempt at 'creating something great,' this game where buzzwords seem more important than gameplay," wrote one player on the game's subreddit.
A tweet announcing the game was celebrated by some crypto advocates, but attracted some critical responses from players. One wrote, "releasing a blockchain game a year after the weird hype about that technology died so now you got a shitty concept and don't even get a pay-off for it. let's see how this is going to turn out :)"
