Web3 is Going Just Great

The more than 1,100 customers lost more than US$5 million. While some of the customers were likely sophisticated investors, Kraken made no effort to limit the product to such a group. Around 81% of the customers who used Kraken's margin product lost money.

This is far from Kraken's first run-in with regulators. The company has settled with US regulators over sanctions violations and failure to comply with securities regulations pertaining to its staking product. They also have an open lawsuit from the US SEC over alleged unregistered securities offerings and commingling corporate and customer funds.

Some blamed the theft on an apparent malicious Ethereum transaction the user had signed nearly three years prior. However, while a malicious transaction signature on Ethereum could explain the NFT thefts, it should not alone enable the theft of assets on the separate bitcoin blockchain.

Despite this, Ledger blamed its customer, telling a media outlet that "As we know, the user got phished when it comes to the ETH wallet, we can assume user error on the BTC side too".

Clober has offered a 20% "bug bounty" to the exploiter vi on-chain message, though they have not yet received any public reply.

Then, when a new token called THENA was listed on Binance and experienced major volatility as trading opened, Alpaca's issues came to a head. As the token price surged, the slow oracle failed to reflect price changes, allowing people to withdraw far more THENA than they had posted as collateral. THENA lenders have lost an estimated $2.8 million.

On December 10, Alpaca Finance proposed distributing $50,000 "saved" by their liquidation bot to the lenders who had lost funds. Alpaca Finance also banned users complaining about their losses in the project Discord, dismissing them as a "group bot/FUD attack".

The token followed the typical pattern of quickly pumping, then crashing spectacularly, losing around 90% of its "value". This is often an indicator of a pump-and-dump scheme by insiders, but Welch vehemently denied such wrongdoing, blaming the crash on "snipers".

"I really lost $43k apeing in 'hawk tuah' coin," wrote one buyer on Twitter. Other Twitter users marveled at a wallet that swapped $1.4 million worth of MOODENG (a memecoin based on the tiny hippo of the same name) only to lose it all on the $HAWK token.

Malicious versions of the library allowed exploiters to steal private keys and drain funds from dApps like various Solana bots.

Around $184,000 was stolen as a result of the compromise. Although it was caught fairly quickly, and the malicious code was removed from package managers, developers will need to update projects that used the malicious version of the library, and refresh any potentially exposed secrets.

Although the $450,000 theft is relatively small compared to some other crypto hacks, it represented around 6% of the total value locked on Clipper. Clipper stated they were working to trace and attempt to recover funds, and asked the hacker to contact them to potentially negotiate a return of some funds.

DEXX did not disclose how much was taken in the breach, but hundreds of victims have reported around $21 million in combined losses so far.

The creator of the platform stated that they had filed a police report with Singaporean authorities. They also attempted to contact the hacker via on-chain message to negotiate the return of funds, but have not received a response.

DeltaPrime paused the protocol on both Arbitrum and Avalanche, stopping the attacker from being able to steal more funds than they already had.

DeltaPrime was hacked previously on September 16, losing $6 million after a leaked private key enabled an attacker to mint a huge number of the platform's stablecoin deposit receipts.

Short of finding a vulnerability in Renzo, the trader's only real choice is to plead with Renzo to change their smart contract in such a way as to release the funds. While this is technically possible, Renzo has told the trader they could not grant his request due to "regulatory limitations".

The platform sent a message to the exploiter attempting to negotiate a return of some of the funds.

Other crypto platforms affected included TEN Finance and Movement. Because the animations library is widely used, other non-crypto-related websites also showed the prompt.

Shortly after the theft, M2 acknowledged the hack and announced that "the situation has been fully resolved". This apparently involved M2 restoring customer funds from their own assets, rather than recovering the stolen assets.

In the process of selling off tokens, an arbitrage bot was able to take advantage of the price difference by selling the rapidly crashing SUN token into a second liquidity pool that apparently went unnoticed by the hacker, and the bot operator also profited around $560,000.

The government has not made any statements regarding the movement of assets.

The following day, $19.3 million in tokens were returned to the original wallet.

As the token price stuttered along with these revelations, insiders apparently decided to quit while they were ahead, and cashed out in a quick and coordinated sale.

Both studios had several games in progress, and two of Phoenix Labs' games were explicitly designed for younger players. Developers reportedly voiced discomfort with incorporating blockchains into the games, selling digital items to children.

Later, Forte pulled the plug on several in-development games at both studios. Then, Forte shut down Rumble in 2024, laying off all employees. Forte also laid off over 100 people from Phoenix Labs that year.