Phishing scammers impersonate Andreessen Horowitz employee to drain crypto wallets

DMs from a person impersonating Peter Lauten:
Impersonator: "hi 👋"
Victim: "Hello Peter"
Impersonator: "It's great connecting with you here. I'm from @a16z, and we're on the lookout for compelling stories in the web3 space for our "My First 16" podcast. We love diving into the early stages of innovative projects - the ups, the downs, and everything in between."Messages from a scammer impersonating Peter Lauten (attribution)
Attentive phishers noticed when Andreessen Horowitz partner Peter Lauten changed his Twitter username from @peter_lauten to @lauten, and snapped up the previous username. They then began contacting various targets in the cryptocurrency world, asking to set up meetings to arrange appearances on the venture capital firm's crypto podcast.

The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.

According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.

Memecoin team accused of hacking influencer Twitter account to manipulate markets

According to crypto sleuth zachxbt, the team behind the Solana-based $CAT memecoin hacked the Twitter account of "Gigantic-Cassocked-Rebirth" (@GCRClassic) crypto influencer.

First, the team sniped their own $CAT token launch to obtain 63% of the token supply, ultimately selling a portion of it for around $5 million. Then, they took out $2.3 million and $1 million long positions on the ORDI and ETHFI tokens, respectively. Finally, they posted from the compromised influencer account to shill the ORDI and ETHFI tokens to his massive following. Ultimately, their gambit doesn't appear to have been incredibly successful: they made around $34,000 on the ORDI position, but lost $3,500 on the ETHFI position. However, as zachxbt noted, it's possible they also opened positions on centralized exchanges where the outcomes aren't publicly visible.

Rain cryptocurrency exchange hacked for $14.8 million

Bahrain-based cryptocurrency exchange Rain was exploited for around $14.8 million dollars on April 29. The exchange did not publicly disclose the hack until the suspicious outflows across wallets on multiple blockchains were noticed by blockchain investigator zachxbt.

After zachxbt sounded the alarm on May 13, Rain admitted that they had had a "security incident", but stressed that customer funds were safe, and stated that the Rain Group had "covered any potential losses resulting from this incident".

ZKasino rug pulls after raising $33 million

A project promising to build a decentralized casino managed to raise $33 million, despite an anonymous team that had exhibited several instances of shady behavior throughout ZKasino's development. The project promised that everyone who bridged ETH to their layer-2 chain would be able to receive their ETH back 1:1 in thirty days.

Instead, the project's creators transferred those more than 10,500 ETH ($33 million) to Lido, an Ethereum staking service. As for the "return" of funds, the project team indeed followed through with their promises to return the crypto... except instead of ETH, depositors received the project's native token, ZKAS, which would vest over a period of 15 months. The project announced that they had calculated the ZKAS distribution based on a discounted rate, "as a favour to our users who have bridged to participate in the ecosystem". Gee, thanks!

One investor in the project wrote, "We made a mistake investing in Zkasino early. ... [I]t sounds like a scam, but 95% of crypto consists of such crap. With memecoins pumping every day, people believe this could be the next one."

It seems that ZKasino's creators have links to other crypto scams, including a failed "ZigZagExchange", which raised around $15 million that was allegedly misallocated to work on the ZKasino project. Crypto sleuth zachxbt had also described the team as "proven bad actors" in December, listing multiple instances in which they had avoided making promised payments.

After the rug pull, the project's planned IDO on Ape Terminal and AIT Launchpad were canceled, and MEXC (which had invested in the project's seed round) canceled the token listing.

"Munchables" crypto game exploited for $62.5 million

A small round furry shape with big blue eyes and thin legs, somewhat resembling a soot spriteA Munchable (attribution)
The "Munchables" crypto game explains: "Schnibbles grow on every realm across the Munchable's world. Each realm has their own unique and distinctive schniblet, and the Munchables react differently based on their compatibility to the schniblets fed to them. When creating an account for the Munchables, you must choose the location of your snuggery." Right then.

Things went awry in the land of the schnibbles and snuggeries when an attacker siphoned around 17,400 ETH ($62.5 million). Various descriptions of the attack circulated, with blockchain sleuth zachxbt attributing it to a recently hired developer, and crypto developer 0xQuit claiming the theft appeared to have been "planned since deploy".

Some began discussing the possibility that the Blast layer-2 blockchain might forcibly roll back the chain to "undo" the hack. Some have argued this is contra to the crypto ethos or would set a bad precedent, while others have argued that as a blockchain focused more on gaming and experimentation and less on decentralization and other facets of crypto ideology, it would be a reasonable step.

Some hours after the attack, the exploiter was convinced to return the funds.

TICKER project developer steals $900,000

Tweet by MIDA (@brgMIDA): "im not sorry for any of you, tbh
you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich, you were expecting to receive 10,100,1000x money for that donation or wtf, "they dont tell us it gonna 1000x when they are down the streets tho", cuz you would have otherwise mfer? go touch grass anon, and apply donating from hands to hands to people in needs in your closest physical community and turn the world a better place instead, i love you
social contracts do not have a place on the blockchain anons, i don't know why it is not much more evident for all of you"Tweet by TICKER thief (attribution)
A developer brought on to run a presale for the $TICKER token stole $900,000 from the project. 15% of the token supply was sent to the developer to distribute via an airdrop, but instead of doing so, the developer sold the majority of the tokens for around $900,000.

After the thief was identified by blockchain sleuth zachxbt, they posted a long message on Twitter, writing, "im not sorry for any of you, tbh. you are all morons if you believe all it needs to make it here is to send your money to a custodial address and get rich". The thief later spent some of the money on Milady NFTs and memecoins.

zachxbt stated that he had identified the developer, including his full name, location, and other details. He encouraged those who were scammed to contact him if they were interested in pursuing legal action.

Phisher impersonating influential crypto trader in Twitter replies scams over $2.6 million

Tweet by real Ansem account: i dont launch coins bros, but i can give allo to good stuff in other ways soon
Tweet by fake Ansem account closely resembling the one above it: 
im about to launch my own token $BULL this weekend
link presale: [redacted link]
min 1 sol
max 3 sol
lets run it up yallAnsem impersonator responding to a tweet by the real account (attribution)
Someone impersonating Ansem, an influential crypto trader, was able to scam people out of more than $2.6 million simply by replying to the real Ansem's tweets. Using an account mimicking the real account, with only a slight difference in the username, a phisher convinced Ansem's followers that he was creating his own Solana memecoin and asked them to buy in.

In one of the real Ansem's tweets, Ansem wrote "i dont launch coins bros" — nevertheless, followers eager to get in early on a new memecoin clicked a link offering a presale and had their wallets drained.

Altogether, people lost $2.6 million to the scam. One individual lost $1.2 million.

"The AI Protocol" burns tokens after holder suffers $4.3 million theft

Someone who held over 111.6 million ALI tokens from a project called The AI Protocol was phished by someone using a wallet drainer service using a permit phishing technique. The tokens were priced at around $4.3 million.

Blockchain sleuth zachxbt was able to coordinate with the project to organize a community governance vote to burn the stolen tokens before the attacker was able to cash out. Although this doesn't return the stolen funds to their original owner, it at least keeps the attacker from profiting.

"Crypto inheritence" project Serenity Shield hacked, token price plummets 99%

Serenity Shield, a project aiming to solve "crypto inheritence", has been hacked. Although the project prominently claims to help "ensur[e] your financial and personal security", they seem to have some trouble ensuring their own.

An attacker stole 6.9 SERSH tokens from a MetaMask wallet belonging to the project. Although the tokens were ostensibly priced at $5.6 million, the thief was only able to sell them for around $586,000.

Serenity Shield confirmed the breach, and encouraged people to stop trading $SERSH as they planned to relaunch the token. "Rest assured, we are deploying all necessary safety measures to ensure a foolproof system," they wrote. This time it will be secure, they promise.

The team also sent a message to the hacker, offering a 15% "bounty" and a promise not to pursue legal action in exchange for the return of the stolen funds.

According to crypto sleuth zachxbt, the attack seems to be linked to exploits of OKX (December 2023) and Concentric (January 2024).

$440,000 stolen as MicroStrategy's Twitter account is hacked

Michael Saylor sitting in front of a large model shipMichael Saylor (attribution)
MicroStrategy, the company founded and chaired by Bitcoin maximalist Michael Saylor, suffered a Twitter account compromise on February 26. Although MicroStrategy ostensibly develops software, it's better known for its massive Bitcoin holdings, driven by Saylor.

Although Saylor has been publicly critical of Ethereum, that didn't seem to raise flags among those eager to receive an airdrop of the Ethereum-based "MSTR" token that the company's Twitter account claimed they had just launched. Those who fell for the phishing link were redirected to a website that spoofed the real MicroStrategy website, with malicious code that drained funds.

Around $440,000 was stolen thanks to the fake announcement, with the majority of it coming from one wallet that was drained of a variety of tokens notionally worth around $425,000.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.