RHO Markets lending protocol loses $7.6 million to apparent whitehat

An apparent misconfiguration by the RHO Markets lending protocol allowed operators of an MEV bot to take $7.6 million from the project's users across multiple chains.

In a stroke of luck for the RHO team, the MEV bot operator sent RHO an on-chain message indicating they were willing to return all of the funds, although they first demanded that RHO "admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."

RHO is built on the Scroll Ethereum layer-2 network. Scroll temporarily paused the chain as RHO investigated the loss.

WazirX exchange hacked for $235 million

After a $230 million "suspicious transfer", Indian cryptocurrency exchange WazirX has paused withdrawals and acknowledged that one of their multisignature wallets was compromised. The attacker began selling off the tokens, causing the price of tokens like Shiba Inu to drop around 10%.

WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.

WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.

Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users.

Trip.com accused of "rug pull" as it shuts down its Trekki NFTs

An illustration of a bright blue cartoon dolphin, wearing a safari hat and vest, holding a cameraTrekki NFT (attribution)
Travel company Trip.com has some perturbed crypto holders on its hands, after shutting down the "Trekki" NFT project it launched in June 2023. The company's dolphin-themed NFTs had come with a roadmap that promised eventual staking features, "travel to grow" and "travel to earn" mechanisms, and other developments, which have been cancelled. However, Trip.com promised that its discount coupon functionality would remain.

"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.

Users of LI.FI protocol suffer losses of at least $10 million

Users of the cross-chain swapping API LI.FI Protocol, and of projects that build on top of it, suffered wallet drains amounting to at least $10 million (and counting). An attacker was able to exploit the users who had set infinite approvals. The protocol urged those who had interacted with several affected smart contracts to revoke permission, and warned: "Please do not interact with any LI.FI powered applications for now!"

Three arrests made in relation to Metamax pyramid scheme

Three people have been arrested in connection to a crypto pyramid scheme called Metamax. Those behind the scam promised that people who invested in the scam could then earn income of up to $400 a day simply by watching, sharing, liking, and reviewing videos. There was, of course, a referral component as well, where people earned commission on the "investments" of people they referred. And for people who chose to invest in one of Metamax's fixed investment plans, they were promised 1.5% daily returns.

Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.

Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.

Minterest hacked for $1.4 million

An attacker stole $1.4 million from the defi lending project Minterest. Using a flash loan attack, they manipulated the exchange rate calculated by the project, allowing them to withdraw more tokens than they originally loaned.

Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.

Dough Finance hacked for $1.9 million

Defi platform Dough Finance was hacked for 608 ETH ($1.8 million) by a hacker using a flash loan attack funded through the Railgun privacy service.

Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.

Popular defi protocol websites replaced with wallet drainers amid mass Squarespace domain hijacking

Websites providing the frontends for some popular defi services, including Compound Finance, were compromised and replaced with wallet drainers: websites resembling the usual frontend, but which drain unsuspecting users' wallets when used.

Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.

The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."

Web2 is going just great!

Doja Cat's Twitter account hacked to promote meme token

Tweet by Doja Cat: "buy $DOJA or else" followed by a Solana address. There's a photo of her brandishing a toy scimitar and she's wearing a chainmail hood.Tweet from Doja Cat's hacked account (attribution)
The Twitter account belonging to rapper Doja Cat was compromised on July 8, tweeting to her 5.6 million followers that they should "buy $DOJA or else", and various other messages to that effect. Doja Cat quickly posted on her Instagram account to say that the Twitter account had been compromised.

The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.

Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.

Bittensor wallets drained

Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth around $8 million, was siphoned. Although blockchain sleuth zachxbt hypothesized that the attack may have been thanks to a private key leak, Bittensor later claimed that affected users had in fact been compromised by a malicious Bittensor package that had been uploaded to Python's PyPi package manager. It's not yet clear how the malicious package made it onto the package manager.

Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.