The SEC charged that the group had not registered their sale of the bonds as was required under US securities laws. BarnBridge shut down very shortly after the complaint was filed, without any input from its community, despite ostensibly being community governed.
- "BarnBridge DAO Agrees to Stop Unregistered Offer and Sale of Structured Finance Crypto Product", Securities and Exchange Commission press release [archive]
Catalyx announced in a press release on December 28 that they had "recently discovered a security breach on the Platform in connection with the holding of crypto assets on behalf of clients. Management suspects that this security breach, which may involve an employee, has resulted in the loss of a portion of the crypto assets held by the Company on behalf of its clients".
Catalyx did not state how much had been stolen.
- Interim Cease Trade Order by the Alberta Securities Commission [archive]
- "CatalX CTS Ltd. Announces Security Breach, Loss of Crypto Assets and Ongoing Investigation", press release by Catalyx [archive]
Qredo had already been forced to perform layoffs in September and then November, and in November was searching for a rescue after saying their user "activity ha[d] fallen" in the "prolonged cryptowinter".
On December 15, Qredo had also announced that they would be shutting down their Ankex trading platform, which was previously led by Michael Moro, who was previously booted as CEO from Genesis Trading.
The Aurory team posted on Twitter to acknowledge the hack, writing that they'd disabled SyncSpace as they investigated. They also wrote that SyncSpace had been audited months ago, but that the audit had failed to detect the vulnerability.
One attacker claimed in on-chain messages that the original attack had been perpetrated by someone else, but that they were one of the many copycat attackers, describing themselves as someone who had "[come] here to pick up residual garbage". They requested victims send additional ETH to get their NFTs back. "If you want the monkey nft back, then you need to pay me a bouty, which is what I deserve", they wrote, asking for NFT holders to send them 10% of the Ape floor price.
Meanwhile, NFT holders were urged to revoke access to NFT Trader, since the platform seemed aware of the attack but unable to stop it. NFT Trader was ultimately able to thwart the attacker to stem additional bleeding, likely thanks to help from community members who pointed out a way the contract could be shut down.
Later, the "residual garbage" attacker returned 36 Bored Apes and 18 Mutant Apes after a Yuga Labs co-founder paid the 120 ETH (~$260,000) ransom.
Although SafeMoon claimed to have created a token that would "safely go to the moon", executives allegedly siphoned millions of dollars of investor funds to spend on personal expenses including luxury cars and real estate.
In the bankruptcy filing, SafeMoon has claimed to have 50–99 creditors, between $10 and $50 million in estimated assets, and $100,000 to $500,000 in estimated liabilities.
A hacker was able to obtain access to Ledger's source code management tool and push out a new release that contained code that would drain wallets as users connect them. Because the library is so widely used, many crypto applications were vulnerable — including Revoke.cash, a security-focused project intended to help people guard against attacks on their wallets.
CTO of the Sushi crypto project issued a broad warning: "Do not interact with ANY dApps until further notice." At least $600,000 has been drained from multiple users so far.
CoinList reportedly allowed 89 users to sign up for accounts on the platform, most of whom had stated that they were residents of Russia but provided addresses in Crimea.
- "OFAC Settles with CoinList Markets LLC for $1,207,830 Related to Apparent Violations of the Ukraine-/Russia-Related Sanctions Regulations", Department of the Treasury enforcement release [archive]
- "Four Individuals Charged for Laundering Millions from Cryptocurrency Investment Scams", Department of Justice press release [archive]