Web3 is Going Just Great

The rumor has been amplified by Tron founder Justin Sun, who tweeted: "First Digital Trust (FDT) is effectively insolvent and unable to fulfill client fund redemptions. I strongly recommend that users take immediate action to secure their assets." First Digital responded by insisting they were solvent, and denounced Sun's comments as "a typical Justin Sun smear campaign to try to attack a competitor to his business".

On March 31, the attacker sent an on-chain message to the platform, writing: "Hello I tried to move funds to tornado but I used a phishing website and all the funds have been lost. I am devastated. I am terribly sorry for all the havoc and losses caused. All the 2930 eth have been taken by that site owners. I do not have coins. Please redirect your efforts towards those site owners to see if you can recover some of the money. I am sorry."

The zkLend project instructed the thief to return any remaining funds to their wallets, though no such transfer has happened yet.

There has been substantial conversation over whether the hacker had truly been in turn scammed out of the stolen funds, had made up a fake phishing site to try to obscure the path of stolen money, or perhaps whether the whole event had been an April Fools' joke. However, zkLend noted on Twitter that the phishing website, which imitates the Tornado Cash platform, has been operational for five years and is likely not connected to the hacker.

An instructional video posted to social media by the platform encourages people to "do [their] patriotic duty" by going to a District Court in a blue state, then "Secretly snap a photo of the judge. Don't let the bailiff see you." The video shows a person uploading a photograph of Judge James Boasberg, who is presiding over the Trump administration deportation flights case, and reporting him for "terrorism".

The project has been likened to Stasi programs in which citizens were paid to spy and report on their neighbors.

The founder of ICERAID, Jason Meyers, claims that he had had conversations with the White House about the project, although the website for the tool states it is not affiliated with any government agency and is not a website of the US government. Meyers has faced several enforcement actions resulting in disciplinary penalties over his involvement in security sales, and in 2014 was permanently banned by FINRA from broker-dealer activities after misappropriating investor funds. Meanwhile, multiple users have complained about not receiving their promised ICERAID tokens, and the project reportedly changed its terms after the token presale to reduce the amount of money buyers would earn for participating.

zachxbt has previously accused Coinbase of not doing enough to protect customers from hundreds of millions of dollars in scams, and he noted that in these cases, Coinbase had not marked the thief wallets as malicious in various cryptocurrency compliance tools.

In addition to promoting the token through the usual means, Novogratz got a large tattoo on his shoulder representing the token. Sadly for him, although the LUNA token would later fade away after crashing in spectacular (and fraudulent) fashion, tattoos are forever.

HyperLiquid validators voted to delist the JELLY token. They also evidently overrode the JELLY price provided by the market oracle in an attempt to reduce their losses, leading an unrelated crypto executive to question "Is that even legal?"

Recently, $7 million was spent in a Polymarket market over whether Ukraine would agree to Trump's proposed mineral deal. Though no mutual agreement was reached, the market resolved to "yes". When it was challenged, a large holder of the UMA token cast a substantial number of yes votes to sway the outcome of the resolution, leaving the outcome in place.

Although Polymarket acknowledged that "This market resolved against the expectations of our users and our clarification" (referring to a Polymarket clarification that the resolution was too early as no mutual agreement was reached), they also refused to issue any refunds, writing that "this wasn't a market failure". "This is an unprecedented situation, and we have been in war rooms all day internally and with the UMA team to make sure this won't happen again. This is not a part of the future we want to build," the team member added.

This is the second time Abracadabra has been exploited, after suffering a $6.5 million theft in January 2024.

Binance announced that they had fired the employee, as "This behavior constitutes front-running based on non-public information obtained from his previous role and is a clear breach of company policy." The company became aware of the insider trading after they were alerted by outside parties who submitted tips to the company.

This is the second Zoth exploit in two weeks, following a $285,000 theft on March 6 by an attacker who took advantage of a bug in one of the platform's smart contracts.

Four.Meme acknowledged the latest theft on Twitter, writing that they intended to reimburse users who lost money.

Infini experienced a different form of "financial freedom" when attackers liberated almost $50 million from the company after a thief with access to a wallet with admin rights drained tokens, then swapped them for the DAI stablecoin, which unlike USDC cannot be frozen by its issuer.

The attack came only a day after a celebratory tweet from the company in which it had announced that they had achieved $50 million in total value locked, suggesting that the theft affected substantially all of the assets on the platform. Despite this, they have claimed that transactions on the platform are unaffected, and when someone asked how that was possible, they simply replied: "We've got solid runway to operate. No worries."

Infini attempted to contact the thief via on-chain message, threatening that they had "gathered critical IP and device information" about them, and asking them to return 80% of the funds in exchange for a promise that Infini "will cease further tracking or analysis, and you will not face accountability". However, Infini's 48-hour deadline has come and gone without any reply.

Bybit CEO Ben Zhou confirmed the attack on Twitter, writing that an attacker used an advanced phishing technique to take control of the hot wallet. Zhou also promised "Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss."

Attackers compromised a private key belonging to the game's creators, which allowed them to drain wallets that still had an active session with the game.

However, within hours of the launch, insiders began selling off their holdings of the token. The token had been highly concentrated among insiders, with around 82% of the token held in a small cluster of apparently insider addresses. Those insiders cashed out around $107 million, crashing the token price by around 95%.

After the crash, Milei deleted his tweet promoting the project. He later claimed he was "not aware of the details of the project and after having become aware of it I decided not to continue spreading the word (that is why I deleted the tweet)."

All in all, this customer is actually pretty lucky as far as erroneous transfers go. FTX's bankruptcy team still has access to FTX wallets, and are still actively working on recovering and disbursing assets to creditors. In some cases in the crypto world, erroneous transfers are lost forever.

zachxbt recounted how scammers routinely spoof phone numbers and use stolen personal information to gain trust with victims on phone calls, where they claim to be Coinbase employees informing users of unauthorized account access. They then walk victims through "securing" their accounts, but in reality they direct people to cloned versions of the Coinbase website where the victims are made to transfer their assets to the scammers.

zachxbt concluded, "Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. ... Coinbase is in a position where they have the power to make these changes and set a good example but they have chosen to do little to nothing ."

Altogether, around $827,000 has passed through the AlleyCat creator's Sportsbet.io account in seven months. Crypto scam-spotting account Rug Pull Finder has alleged that the AlleyCat creator is also behind other rugpulls.

The AlleyCat cryptocurrency project is based on the 1983 Atari game of the same name, though the crypto project does not appear to have any affiliation with (or approval from) the game's creators.

However, crypto media firm Decrypt reached out to a spokesperson for the Las Vegas Sphere and discovered that no such deal had been reached.

Dogwifhat creators have since backtracked, replacing the tweet with a version omitting the "officially confirmed" portion, but still claiming that they "have been in ongoing negotiations with various parties to collaborate on the Sphere ad placement". They promised to return the funds "if, by any chance, the plan is not executed".

However, poor security by the software developers allowed attackers to ship a remote access trojan (RAT) along with the DogWifTools release. Once the package was downloaded, the trojan began scanning infected devices for crypto private keys, login information, and other sensitive data. Attackers even used scans of identification documents taken from their targets' computers to create Binance accounts.

Ultimately, around $10 million was stolen from would-be scammers. Along with the virus, the people who compromised DogWifTools left an angry note on infected machines: "Solana is a fucking joke and a scam from the beginning, it was designed for criminals by criminals! As a result, we have confiscated all your crypto, because you deserved it! You people who use automated tools to run these scam tokens are fucking disgusting to us. It's about time you got fucked over for once. Solana is nothing more than a shitty platform that enables scammers and rug pullers to steal from innocent users."

They also launched an onion website containing a message: "We specifically targeted scammers in the crypto market who were using tools to gain an unfair advantage over innocent, day-to-day traders. ... We believe it was morally correct to confiscate money that was not rightfully theirs." They added that they would soon be publishing the user data they stole on the scammers.