After zachxbt's investigation, BitBNS admitted that they had hidden the hack from customers. "Law enforcement advised us that the users should be educated about the incident only after the investigation is completed or reaches a dead end," said BitBNS CEO Guarav Dahake, who also said that some funds were ultimately recovered thanks to law enforcement and cooperation from other exchanges.
In direct messages to a Vox journalist in November 2022, shortly after the FTX bankruptcy, Bankman-Fried wrote that Singh had left, and that he was feeling "ashamed and guilty" because customer deposits were missing.
According to bankruptcy filings, Singh had received a $543 million loan from Alameda Research. Some of this may have gone towards illegal political donations, which Singh admitted in court to making, saying they were intended to bolster Bankman-Fried's and FTX's influence among politicians.
- "FTX Co-Founder Nishad Singh Pleads Guilty to Fraud Charges", The Wall Street Journal
- "FTX's Singh pleads guilty to six U.S. fraud, conspiracy charges", Reuters
Later, 80% of funds in the liquidity pool for the defi project LaunchZone were suddenly drained, tanking the LZ token price over 80% to $0.026 from its previous price of around $0.15. The stolen funds were priced at around $700,000.
Some questioned if LaunchZone had rug-pulled. However, the project claimed that "$LZ is being hacked from [Dungeonswap] exploiter" and urged its users to "please keep calm". They also announced that they had paused trading and transfers of the LZ token.
John Woods, the CTO of the Algorand Foundation, acknowledged the spate of hacks, writing, "I agree that there's too many of these hacks to be a coincidence". However, he stated that he was confident it was not an issue with Algorand itself. The Algorand wallet provider MyAlgo subsequently urged users to withdraw funds from wallets that use mnemonic phrases for recovery, suggesting that there may have been an issue with their software.
The thief sold all the NFTs and then transferred the proceeds from the sales to their own wallet. Altogether they made off with 127.3 wETH (~$208,000).
On Twitter, hideyoapes explained that they had downloaded and installed the MetaMask wallet extension from MetaMask's official website. "I didn’t think anything of it because it was the legit site and verified chrome app. While I was sleeping all my assets were sold," they wrote. At this point, it's not clear how exactly the hack was perpetrated.
One "coordinated restart" apparently wasn't enough, because a second one followed later that day. Developers reportedly didn't know why the blockchain suddenly began to slow, though it followed shortly after validators began adopting a new version of Solana code, pointing to a possible culprit in the new release. The new version had reportedly operated for six months on the testnet before it began to be deployed.
Other theories were also considered, as reported by CoinDesk: "One leading theory was that a 'fat block' gunked up the blockchain's mechanics."
The outage is reminiscent of the ones that plagued the network through 2022, leading some to question whether it could be suitable for replacing critical infrastructure.
This decision was what allowed Jump Crypto to obtain a court order requiring the Oasis platform to "upgrade" a smart contract in such a way that Jump Crypto could remove stolen funds from where the hacker had placed them on the Oasis protocol. Oasis released a defensive statement, writing that their cooperation in the recovery was "only possible due to a previously unknown vulnerability in the design of the admin multisig access", and that "we will be making no further comment at this time". Oasis is a frontend for the MakerDAO project, which was originally started as part of MakerDAO but later spun into a separate entity, though it still appears to enjoy preferred status by MakerDAO.
The stolen funds in question were the proceeds of the February 2022 Wormhole bridge exploit, in which attackers stole 120,000 wETH (then ~$326 million; now $192 million). After the hack, Wormhole's parent company Jump Crypto plugged the hole left by the hack with their own funds. Since then, the attackers have been moving the funds throughout the cryptocurrency ecosystem, even taking out a highly-leveraged position on in Lido-staked Ether last month.
Ultimately, Jump was able to recover around $140 million via their "counter-exploit". While many celebrated the recovery, some were concerned about the precedent of a so-called defi platform changing a smart contract to remove funds from a wallet at the direction of a court. Some described the upgradability as a "backdoor". "If they'd do it for Jump, what does that say about possible coercion via state actors?" wrote one trader on Twitter.
Ultimately, the project delivered a game that was a far cry from Sim City, and which only a small subset of players designated as "leaders" could even play. As interest in NFTs and crypto prices began to fall, the community became increasingly dissatisfied with the project creators, who they felt had delivered a subpar game, engaged in an additional cashgrab mint, and took actions like performing a reverse-split of the token which they believed harmed secondary market prices.
Tensions emerged between the project team and the community, with the project team dismissing all criticism as "FUD" and accusing their community members of "sabotage", and community members accusing the project team of rug-pulling and failing to listen to feedback. The team shut down the project Discord, claiming that the community was only making it harder for them to do what they had promised to do, and saying that the attacks were damaging to their mental health. The team promised to complete the last item on the roadmap, but stated that they would not be continuing to develop the project or add additional roadmap items due to the current NFT markets and the "non-stop attacks from the community".
Very shortly after closing the Discord, the project team changed their mind and announced that they would be closing the project entirely. They announced that the upcoming battle would be the last available to play, but that they would be airdropping tokens to players as promised in the last item on the roadmap, and open-sourcing the code. Multiple project team members deleted their social media, and project AMAs were wiped from the Metroverse YouTube channel.
These gestures were far from enough to satisfy an angry community, some of whom threatened to dox the anonymous team behind the game or take legal action against the founders. The team themselves fired back with legal threats, contacting community members to tell them that they believed their conversations on a separate Discord server involved illegal activities that are "not only morally reprehensible but may also constitute serious criminal offenses".
Some community members claimed to have spent tens of thousands of dollars on the project. "I spen[t] like 25 eth at 3k" wrote one. "I spen[t] 250k" shared another.
The firm built credibility by sponsoring an APPG — all-party parliamentary group — and its co-founder, Luke Sullivan, was active as a speaker for parliamentary groups and events hosted by MPs. The firm promoted itself based on these ties to the UK government, including by publishing a blog post about how they "brought the Metaverse to the Palace of Westminster".
The new indictment includes additional information about Bankman-Fried's alleged fraud. The indictment details SBF's attempts to circumvent due diligence by US banks by creating a fake company called North Dimension. Via North Dimension, SBF diverted funds to FTX, which was unable to get a bank account.
Bankman-Fried has entered a not guilty plea to the original eight charges, but has not yet entered a plea for the additional four.
These criminal charges add to securities fraud and other civil charges from the SEC, as well as civil charges out of the CFTC. Both civil cases have been stayed pending the outcome of the criminal case.
- Indictment, US. v. Sam Bankman-Fried