Web3 is Going Just Great

May 6, 2024

SEC sends Wells notice to Robinhood Crypto

Robinhood has disclosed that they received a Wells notice from the US Securities and Exchange Commission in relation to their "Robinhood Crypto" product. This indicates that the SEC believes that some of the assets that can be traded via Robinhood Crypto are securities.

In the past, Robinhood has removed cryptocurrencies from trading after they were alleged to be securities by the SEC, such as Solana (SOL), Cardano (ADA), and Polygon (MATIC) in the wake of the lawsuits against Binance and Coinbase. However, given the SEC's stance that most cryptocurrencies are securities, it seems likely that the SEC believes one or more of the 14 non-bitcoin cryptocurrencies Robinhood offers may also be a security.

Robinhood's Chief Legal Officer issued a statement that "We firmly believe that the assets listed on our platform are not securities and we look forward to engaging with the SEC to make clear just how weak any case against Robinhood Crypto would be."

"Robinhood Crypto gets Wells notice from US SEC", Reuters

May 5, 2024

GNUS.ai exploited for $1.27 million

(attribution)

An exploiter was able to create a fake version of the $GNUS token on the Fantom blockchain, then bridge the tokens to Ethereum and Polygon where they were then sold as though they were authentic. They were able to drain $1.27 million from the project's liquidity pools.

GNUS.ai (short for "Genius", not a reference to the animal) is one of many AI-related blockchain projects that has sprung out of the recent AI hype. This particular one promises to allow people to "utiliz[e] unused cycles" on various computing devices for computation-intensive AI systems, using cryptocurrency for payments.

May 3, 2024

Cred executives indicted

(attribution)

The former CEO, CFO, and CCO of the cryptocurrency lending service Cred have been indicted on multiple charges involving wire fraud and money laundering. They were charged in connection with their operation of the Cred platform, which went bankrupt in November 2020 after hiding its insolvency for several months.

Cred had claimed to customers that they engaged in only "collateralized or guaranteed lending", hedged their investments, and "comprehensive insurance", but hid that "virtually all the assets to pay the yield were generated by a single company whose business was to make unsecured micro-loans to Chinese gamers." Furthermore, they did engage in uncollateralized lending, did not hedge their investments, and did not hold insurance as they had claimed.

Around $150 million in customer funds were lost in the collapse based on prices at the time, though those crypto assets would have been priced substantially higher at various times since.

"Former CEO, CFO, And CCO Of Cred LLC Charged With Alleged Multi-Million-Dollar Cryptocurrency-Related Wire Fraud Conspiracy", U.S. Attorney's Office, Northern District of California [archive]

May 3, 2024

Wallet loses over $72 million to address poisoning

An Ethereum wallet was apparently drained of 1,155 wrapped bitcoin (~$72.7 million) when they transferred it to a malicious address that had been operating an address poisoning scheme.

Address poisoning is a scam tactic that takes advantage of crypto traders' tendencies to copy and paste wallet addresses from their transaction histories, since the addresses are long strings of characters that are not practical to type from memory. By creating a new wallet address with identical start and/or ending character strings to addresses used by the victim, and spamming the victim with transactions from that similar address, scammers are sometimes able to get victims to erroneously copy the spoofed address for future transfers.

That's what appears to have happened in this case, when a victim transferred 1,155 wrapped bitcoin — tokens pegged to the bitcoin price meant for use on the Ethereum blockchain — to the malicious address.

The victim and the exploiter later reached an agreement for the return of most of the funds, with the exploiter keeping $7.2 million as a "bounty".

Tweet by Cyvers Alerts [archive]

April 30, 2024

Pike Finance exploited for $2 million in two separate attacks

(attribution)

Pike Finance, a cross-chain lending protocol, was exploited twice in four days as attackers discovered vulnerabilities in the project's smart contracts.

The first attack, on April 26, was enabled by a flaw in the security measures related to transfers of the USDC stablecoin. An attacker was able to change the recipient address and amount, ultimately making off with almost $300,000 in the stablecoin. Pike released a postmortem two days later, acknowledging that the bug had been identified by a third-party auditor but had not been rectified by their team.

When the Pike team went to patch the smart contracts to thwart this attack, they introduced new, even worse vulnerabilities. As a result, on April 30, an attacker was able to upgrade the project's smart contracts to malicious ones, then withdraw $1.68 million in ETH, ARB, and OP tokens.

Pike Finance has offered a 20% reward for the return of the funds or information pertaining to the attacker, and has promised "a plan to make users whole". Pike, which launched in early 2024, is backed by Circle and Wormhole.

April 30, 2024

Roger Ver arrested for $50 million tax fraud

Roger Ver (attribution)

Roger Ver, an early bitcoin investor who later became an outspoken evangelist for the fork Bitcoin Cash, has been arrested on tax fraud charges. According to the Department of Justice, Ver evaded almost $50 million in owed taxes by concealing income and lying to tax preparers about his bitcoin assets as he attempted to renounce his US citizenship and become a citizen of the tax haven St. Kitts and Nevis.

Ver was arrested in Spain, and the United States will seek his extradition.

Besides his tax woes, Ver has also been caught up in accusations by CoinFLEX that he owed the platform around $84 million after failing to meet a margin call. Ver has in turn claimed that CoinFLEX owed him money. CoinFLEX filed for restructuring in August 2022.

"Early Bitcoin Investor Charged with Tax Fraud", U.S. Department of Justice [archive]

April 30, 2024

Changpeng Zhao sentenced to four months imprisonment

Changpeng Zhao (attribution)

Former Binance CEO Changpeng "CZ" Zhao has been sentenced to four months in prison after pleading guilty to money laundering-related charges. The charges were filed in November, and Zhao entered a guilty plea, resigned from the company, and agreed to pay a $50 million fine.

Prosecutors sought a three year sentence for Zhao, while Zhao requested to serve no time. The judge ultimately decided on a sentence closer to the five-month sentence that was being recommended by the Probation Office.

April 29, 2024

Rain cryptocurrency exchange hacked for $14.8 million

(attribution)

Bahrain-based cryptocurrency exchange Rain was exploited for around $14.8 million dollars on April 29. The exchange did not publicly disclose the hack until the suspicious outflows across wallets on multiple blockchains were noticed by blockchain investigator zachxbt.

After zachxbt sounded the alarm on May 13, Rain admitted that they had had a "security incident", but stressed that customer funds were safe, and stated that the Rain Group had "covered any potential losses resulting from this incident".

April 29, 2024

ZKasino scam suspect arrested by Dutch police

(attribution)

In the wake of the $33 million ZKasino rug pull, Dutch police have arrested an as yet unnamed 26-year-old who is likely "Derivatives_Ape", the creator of the project. The police also seized assets estimated at more than €11.4 million (~US$12.3 million) including real estate, a luxury car, and crypto. According to police, they began investigating the project only days earlier, after hearing reports of the rug pull on Twitter.

"More than 11 million euros seized and man arrested in investigation into gambling platform scam", Dutch Fiscal Information and Investigation Service [archive]

April 24, 2024

Instagram influencer Jay Mazini sentenced to seven years in prison for crypto fraud

Jay Mazini (attribution)

Jay Mazini, an influencer who often boasted of his wealth on Instagram by doing cash giveaways to random strangers, has been sentenced to seven years in prison after running "overlapping fraud schemes" that scammed victims out of at least $8 million. One of them involved a multi-million dollar cryptocurrency scam in which he would promise to pay higher prices for crypto, and would convince those who were interested to transfer their funds to him by providing doctored images of wire transfer confirmations to suggest that he'd fulfilled his end of the deal.

Mazini also ran a scam targeting the Muslim community in New York, via a company called Halal Capital. In reality, this was a Ponzi scheme, and payouts to his investors were funded in part by the crypto scam he was also running.

Mazini was arrested in March 2021 on kidnapping charges, after he kidnapped and beat someone who might have witnessed his frauds. He was sentenced to five years in prison for that charge, to which he pled guilty. His new fraud sentence will be served concurrently with the kidnapping sentence.

In addition to seven years in prison, Mazini has been ordered to forfeit $10 million. Restitution has not yet been determined.

"Instagram Influencer Known as 'Jay Mazini' Sentenced to 84 Months in Prison for Overlapping Fraud Schemes", U.S. Attorney's Office, Eastern District of New York [archive]
"Serial Scammer and Instagram Influencer Jay Mazini Pleads Guilty", The Daily Beast [archive]

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.