Developers accuse Binance of stealing their hackathon idea after Binance launches similar AI NFT product

Tweet by BNB Chain: "The grand prize winners of our third track, Lifestyle in #Web3, is the wonderful team Chatcasso 🥇

Chatcasso is a guided platform that allows users to easily and conveniently mint NFTs using only text input through the use of AI technology.

[9/11]"Tweet by BNB chain in January 2023 announcing the hackathon winner (attribution)
If you're thinking about entering into a BNB Chain hackathon, you might want to think again. On March 1, Binance announced a new "Bitcasso" product: a tool for users to create NFTs via AI image-generation.

Shortly after its launch, a group of developers accused Binance of stealing an idea they had presented at a December 2022 BNB Chain hackathon. Those developers had been awarded first place and $5,000 for "Chatcasso", a nearly identical tool.

Binance has refuted the allegations of theft, with a spokesperson acknowledging the "similarities" but claiming that "Bicasso was designed and developed independently more than two weeks before the BNB hackathon".

"It's disheartening to see a company that claims to support innovation and development steal from the very people who are working hard to build the ecosystem. Who would feel safe entering a hackathon? I don't." wrote one of the developers from the team. The developer also stated that they had not signed any contracts that would have assigned the rights to their work to the company, as is the case in some hackathons.

BitBNS discloses that they were hacked in February 2022, hid it as "system maintenance"

An investigation by crypto sleuth zachxbt uncovered that the Indian crypto exchange BitBNS had been hacked on February 1, 2022, but hid it from users. After experiencing a $7.5 million theft, the exchange tweeted "system maintenance in progress", suggesting they were having problems with Amazon Web Services.

After zachxbt's investigation, BitBNS admitted that they had hidden the hack from customers. "Law enforcement advised us that the users should be educated about the incident only after the investigation is completed or reaches a dead end," said BitBNS CEO Guarav Dahake, who also said that some funds were ultimately recovered thanks to law enforcement and cooperation from other exchanges.

FTX co-founder Nishad Singh pleads guilty, agrees to co-operate against SBF

Portrait of Nishad SinghNishad Singh (attribution)
Nishad Singh, a co-founder of FTX and its former director of engineering, has agreed to plead guilty to six criminal charges and co-operate against his former boss, Sam Bankman-Fried. Singh has pled guilty to one count of wire fraud, three counts of conspiracy to commit fraud, one count of conspiracy to commit money laundering and one count of conspiracy to defraud the United States by violating campaign finance laws.

In direct messages to a Vox journalist in November 2022, shortly after the FTX bankruptcy, Bankman-Fried wrote that Singh had left, and that he was feeling "ashamed and guilty" because customer deposits were missing.

According to bankruptcy filings, Singh had received a $543 million loan from Alameda Research. Some of this may have gone towards illegal political donations, which Singh admitted in court to making, saying they were intended to bolster Bankman-Fried's and FTX's influence among politicians.

Two BNB-based projects attacked for around $700,000 each

Two BNB-based defi projects have been exploited for around $700,000 each in attacks that one of the projects has claimed were perpetrated by the same group. First, an attacker siphoned more than 2,400 BNB (~$728,000) from the Dungeonswap defi project.

Later, 80% of funds in the liquidity pool for the defi project LaunchZone were suddenly drained, tanking the LZ token price over 80% to $0.026 from its previous price of around $0.15. The stolen funds were priced at around $700,000.

Some questioned if LaunchZone had rug-pulled. However, the project claimed that "$LZ is being hacked from [Dungeonswap] exploiter" and urged its users to "please keep calm". They also announced that they had paused trading and transfers of the LZ token.

Large Algorand holders have wallets drained

Over a period of several days, around 25 accounts on the Algorand blockchain have been drained of funds. The attack appears to be targeted at high-value accounts, and over 13 million ALGO (~$3.3 million) has been drained so far.

John Woods, the CTO of the Algorand Foundation, acknowledged the spate of hacks, writing, "I agree that there's too many of these hacks to be a coincidence". However, he stated that he was confident it was not an issue with Algorand itself. The Algorand wallet provider MyAlgo subsequently urged users to withdraw funds from wallets that use mnemonic phrases for recovery, suggesting that there may have been an issue with their software.

hideyoapes suffers $200,000 wallet drain

An illustration of an ape with cream-colored fur. Its eyes are half-lidded and its mouth is open in a grimace or smile. It has a tuft of brown hair on its head.Bored Ape #5917 was the most expensive NFT stolen, selling for 68.6868 wETH (~$112,750) (attribution)
"I still don't quite understand what happened here", wrote hideyoapes.eth after their wallet was drained of around 30 NFTs. They had previously owned several pricey NFTs from the various Yuga Labs collections, including a Bored Ape, Mutant Ape, three Bored Ape Kennel Club NFTs, a SewerPass, and two Otherdeeds.

The thief sold all the NFTs and then transferred the proceeds from the sales to their own wallet. Altogether they made off with 127.3 wETH (~$208,000).

On Twitter, hideyoapes explained that they had downloaded and installed the MetaMask wallet extension from MetaMask's official website. "I didn’t think anything of it because it was the legit site and verified chrome app. While I was sleeping all my assets were sold," they wrote. At this point, it's not clear how exactly the hack was perpetrated.

Solana tries turning it off and on again (twice)

It's just like mid-2022 again! As transactions slowed to a crawl, developers embarked on a "coordinated restart" — a euphemism for the rather centralized way this supposedly decentralized network has to routinely go about fixing itself.

One "coordinated restart" apparently wasn't enough, because a second one followed later that day. Developers reportedly didn't know why the blockchain suddenly began to slow, though it followed shortly after validators began adopting a new version of Solana code, pointing to a possible culprit in the new release. The new version had reportedly operated for six months on the testnet before it began to be deployed.

Other theories were also considered, as reported by CoinDesk: "One leading theory was that a 'fat block' gunked up the blockchain's mechanics."

The outage is reminiscent of the ones that plagued the network through 2022, leading some to question whether it could be suitable for replacing critical infrastructure.

Per a court order, Oasis rewrites the rules for Jump Crypto to recover stolen assets

In a world where "code is law", crypto users don't necessarily expect that the smart contracts might change out from under them — particularly given contracts are often assumed to be immutable once they're deployed. However, for various reasons including the need to patch bugs in deployed contracts, some projects use upgradable smart contracts.

This decision was what allowed Jump Crypto to obtain a court order requiring the Oasis platform to "upgrade" a smart contract in such a way that Jump Crypto could remove stolen funds from where the hacker had placed them on the Oasis protocol. Oasis released a defensive statement, writing that their cooperation in the recovery was "only possible due to a previously unknown vulnerability in the design of the admin multisig access", and that "we will be making no further comment at this time". Oasis is a frontend for the MakerDAO project, which was originally started as part of MakerDAO but later spun into a separate entity, though it still appears to enjoy preferred status by MakerDAO.

The stolen funds in question were the proceeds of the February 2022 Wormhole bridge exploit, in which attackers stole 120,000 wETH (then ~$326 million; now $192 million). After the hack, Wormhole's parent company Jump Crypto plugged the hole left by the hack with their own funds. Since then, the attackers have been moving the funds throughout the cryptocurrency ecosystem, even taking out a highly-leveraged position on in Lido-staked Ether last month.

Ultimately, Jump was able to recover around $140 million via their "counter-exploit". While many celebrated the recovery, some were concerned about the precedent of a so-called defi platform changing a smart contract to remove funds from a wallet at the direction of a court. Some described the upgradability as a "backdoor". "If they'd do it for Jump, what does that say about possible coercion via state actors?" wrote one trader on Twitter.

Metroverse blockchain game implodes

An isometric rendering of a square tile on which there are multiple city buildings including skyscrapers and futuristic structures, rendered in neon colors.Block #6086 (attribution)
The Metroverse NFT-based game caught the end of the 2021–22 crypto bull market, minting the Genesis collection in January 2022. The project sold out quickly, netting the project creators 2,000 ETH (~$6.3 million) from the mint alone, not to mention 5% royalties on the 25,361 ETH in trading volume since. The project promised to deliver a "land trading NFT strategy game" with mechanics they said would be "similar to Sim City", and flashy artwork drew in an excited fanbase.

Ultimately, the project delivered a game that was a far cry from Sim City, and which only a small subset of players designated as "leaders" could even play. As interest in NFTs and crypto prices began to fall, the community became increasingly dissatisfied with the project creators, who they felt had delivered a subpar game, engaged in an additional cashgrab mint, and took actions like performing a reverse-split of the token which they believed harmed secondary market prices.

Tensions emerged between the project team and the community, with the project team dismissing all criticism as "FUD" and accusing their community members of "sabotage", and community members accusing the project team of rug-pulling and failing to listen to feedback. The team shut down the project Discord, claiming that the community was only making it harder for them to do what they had promised to do, and saying that the attacks were damaging to their mental health. The team promised to complete the last item on the roadmap, but stated that they would not be continuing to develop the project or add additional roadmap items due to the current NFT markets and the "non-stop attacks from the community".

Very shortly after closing the Discord, the project team changed their mind and announced that they would be closing the project entirely. They announced that the upcoming battle would be the last available to play, but that they would be airdropping tokens to players as promised in the last item on the roadmap, and open-sourcing the code. Multiple project team members deleted their social media, and project AMAs were wiped from the Metroverse YouTube channel.

These gestures were far from enough to satisfy an angry community, some of whom threatened to dox the anonymous team behind the game or take legal action against the founders. The team themselves fired back with legal threats, contacting community members to tell them that they believed their conversations on a separate Discord server involved illegal activities that are "not only morally reprehensible but may also constitute serious criminal offenses".

Some community members claimed to have spent tens of thousands of dollars on the project. "I spen[t] like 25 eth at 3k" wrote one. "I spen[t] 250k" shared another.

Crypto investment scheme with links to UK Parliament vanishes

The Guardian published a report on Phoenix Community Capital, a cryptocurrency investment project that solicited investments in part based on credibility it built by ingratiating itself with parliament. The firm drew in approximately 8,000 investors, some of whom put in tens of thousands of pounds, before vanishing in September: the website went offline, and portfolio accounts became inaccessible. A post to the company's Twitter account reported the firm was "under new management", but the new company has said they have no obligation to make previous investors whole.

The firm built credibility by sponsoring an APPG — all-party parliamentary group — and its co-founder, Luke Sullivan, was active as a speaker for parliamentary groups and events hosted by MPs. The firm promoted itself based on these ties to the UK government, including by publishing a blog post about how they "brought the Metaverse to the Palace of Westminster".

Some investors say they have lost more than $100,000 each. One such investor is Alan Rogers, a former Premier League footballer who sunk around $50,000 into the rather Ponzi-looking scheme.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.