Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

Apparent whitehat exploits El Dorado Exchange, claiming developers built in a backdoor to steal user funds

The new Arbitrum-based El Dorado Exchange (EDE) was exploited for around $580,000. In an interesting twist, the attacker claimed to be a whitehat who was exposing that the developers had "implemented a backdoor that allowed them to force liquidate any position they desired. This activity involved intentionally signing incorrect prices to manipulate users' positions and steal their funds".

The attacker promised to return all funds, minus a 10% "white hat fee", if the developers "admit to manipulating the prices", and also offered to disclose other vulnerabilities they claimed to have found in the project.

The project founders wrote in response: "Yes we acknowledge making an ill-advised decision to manipulate the price. However our intention was to blacklist those who had previously exploited the system, fully aware that all transactions are recorded on the blockchain. We did not aim to misappropriate users funds as this would leave a traceable record. We will promptly remove the problematic bomb contract."

The exploiter began returning funds shortly afterwards.

Theme tags: Hack or scam, Shady business
Blockchain tags: Blockchain: BNB Chain, Ethereum
Tech tags: DeFi

BKEX crypto exchange halts withdrawals due to money laundering investigation

The BKEX crypto exchange announced on May 29 that they would be suspending withdrawals, claiming it was related to a police investigation. "Recently, the platform users' funds were involved in 'money laundering' and BKEX is currently cooperating with the police to collect evidence, for which we will suspend withdrawals to cooperate with the work", they wrote in an announcement on their website.

The exchange offered no estimate of when withdrawals might be re-enabled.

Theme tags: Law, Shady business

Jimbos Protocol exploited for $7.5 million

Three days after the launch of its v2 protocol, the Arbitrum-based Jimbos Protocol was exploited for 4,090 ETH (~$7.5 million). The project had not properly controlled for slippage, which enabled an attacker to use a flash loan to manipulate the trading pairs on the project. The attacker then bridged the stolen funds to the Ethereum chain.

After the attack, Jimbos Protocol tweeted "We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals. We will release further information when possible." They also sent an on-chain message to the exploiter, offering to stop all investigations if the hacker returns 90% of the stolen funds.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Nigerian crypto trading app Patricia suffers multimillion dollar theft, freezes withdrawals

Patricia, a retail cryptocurrency trading app in Nigeria, froze withdrawals after revealing that they had suffered a ₦2 billion hack. According to the outlet TechCabal, despite announcing the hack in May 2023, the incident actually occurred in January 2022, but Patricia had managed to hide it up until that point.

The stolen ₦2 billion would have been worth around US$4.8 million based on the value of the Naira at the time of the theft.

Theme tags: Hack or scam

Malfunctioning bot costs Poo Finance token hunters $440,000

Some traders hoping to snipe new tokens launched by Poo Finance (yes, really) decided to try to use a MEV bot to snag priority ordering compared to other pending blockchain transactions. They spent a combined 240 ETH (~$440,000) to be spent on the tokens and on bribes paid to the bot. However, the bot sent the tokens to the wrong Uniswap pool, ultimately obtaining only 4 ETH (~$7,300) of Poo Finance tokens.
Theme tags: Bug
Blockchain tags: Blockchain: Ethereum

Coinone employees "admit to facts" in case regarding token listing bribes

A lawyer for a broker and the former director of the South Korean cryptocurrency exchange Coinone have told a court that their clients "admit the facts of the prosecution". The director, "Mr. Jeon", is accused of accepting more than ₩2 billion (~$1.5 million) in bribes in exchange for listing shady tokens on the exchange. In one case, the exchange was the only platform to list a token called "Furiever Coin", which has been linked to a kidnapping and murder investigation in Seoul.

Four executives were arrested in connection to the investigation in April, under suspicion that they had received ₩2.4 billion (~$2.2 million) in bribes in exchange for listing dozens of coins.

Coinone is one of the most popular South Korean cryptocurrency exchanges. In July 2022, it was among the seven exchanges raided by Korean authorities in the wake of the Terra/Luna collapse, as the country began applying harsher scrutiny to crypto platforms.

Theme tags: Law, Shady business

Crypto payments firm Unbanked to shut down

The US-based crypto payments and custody platform Unbanked announced in a blog post that they will be shutting down services. The company was founded in 2018, and claimed they wanted to provide regulated, on-shore services to US-based companies hoping to engage with crypto. As is common with blockchain company shutdowns these days, they blamed US regulators. Referring to their choice to build the company in the US, they wrote: "We unfortunately learned... taking this path lead [sic] to a lot of wasted time and excessive costs. To state it bluntly, US regulators are actively trying to stop companies (banks and fintechs) from supporting crypto assets – even when the companies are trying to do it correctly and by the book. Their efforts are working and ultimately limited Unbanked’s ability to raise capital and run a self-sustaining business."

However, Unbanked also let on that their closure was more related to an investment falling through than to any regulatory issues. The company wrote that a $5 million investment was never delivered, and that the company had "exhausted all options" funding-wise.

Theme tags: Collapse

DCG shutters TradeBlock subsidiary

Digital Currency Group, the parent company of several companies in the crypto industry including Genesis, Grayscale Investments, and CoinDesk, announced that it will be shuttering TradeBlock, its trade execution and prime brokerage services unit. The company cited the typical reasons: "crypto winter" and "the challenging regulatory environment for digital assets in the U.S."

The decision comes amidst broader troubles for DCG, which is embroiled in the bankruptcy proceedings of its Genesis subsidiary. Earlier in May, DCG missed a $630 million payment to Genesis.

Theme tags: Collapse, Contagion

Hackers steal around $170,000 after compromising Steve Aoki's Twitter account

Headshot of Steve AokiSteve Aoki (attribution)
Twitter account compromises remain a lucrative way to scam crypto enthusiasts. Someone was able to compromise the Twitter account belonging to electronic musician and crypto enthusiast Steve Aoki, posting a fake link to his NFT project that drained unsuspecting traders' wallets.

The scam was helped along by ben.eth, a Twitter personality who retweeted one of the tweets by the compromised account in which Aoki appeared to endorse a token created by ben.eth. According to crypto sleuth zachxbt, multiple followers of ben.eth were impacted by his retweet, which zachxbt characterized as "quote tweet[ing] a phishing scam posted by the compromised @steveaoki account for clout". Ben.eth ultimately promised to reimburse his fans who lost money thanks to his tweets.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

Transactions stuck on Multichain blockchain bridge due to "force majeure"

The Multichain blockchain bridge, formerly known as Anyswap, encountered an apparent issue as users' funds were delayed for over 24 hours in getting to their destination. Some reported delays since as far back as May 21. The delay was blamed on a backend upgrade "taking longer than expected". Multichain later tweeted that "some of the cross-chain routes are unavailable due to force majeure, and the time for service to resume is unknown". They also announced that they would compensate affected users.

Meanwhile, rumors swirled that the Multichain team had been arrested by Chinese police, though there doesn't seem to be much corroborating evidence of this.

The issues and the rumors sparked a drop in token price of around 30%. Several large parties also appeared to distance themselves from the project and its token, including the Fantom Foundation, which withdrew 449,740 MULTI (~$2.4 million) in liquidity on SushiSwap.

On May 31, Multichain issued a statement that "we are currently unable to contact CEO Zhaojun and obtain the necessary server access for maintenance", and wrote that even more bridges were being impacted by the same issues as in the previous week.

Theme tags: Bug, Hmm

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.