Goledo Finance contacted the attacker to offer a 10% "bounty" for the return of the remaining assets. In a message on January 29, the attacker wrote: "I hacked Goledo and want to negotiate".
Goledo Finance hacked for $1.7 million
Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK at around $1.7 million.
- Tweet by CertiK [archive]
- On-chain message from the attacker [archive]
Korean crypto karaoke platform Somesing hacked
Have you ever gone out to karaoke and thought "man, the only thing missing from this perfect night is a blockchain"? No? Weird.
Anyway, the South Korean Somesing platform — which is really more of a TikTok-but-just-for-song-covers clone than anything to do with karaoke — suffered a breach in which 730 million SSX tokens were stolen. These tokens are nominally priced at around $11.5 million, but around 2/3 of the stolen tokens were as yet undistributed and not a part of the circulating supply.
8,100 Bitcoin forfeited by Silk Road drugs distributor in guilty plea
The US government is cementing its status as one of the largest BTC holders by adding another 8,100 BTC (priced at almost $350 million today) to its stash. The tokens were forfeited in a plea agreement from Banmeet Singh, who sold large quantities of drugs including fentanyl, LSD, ecstasy, Xanax, Ketamine and Tramadol on various dark web marketplaces including the Silk Road.
Singh pled guilty to conspiracy to possess with the intent to distribute controlled substances and conspiracy to commit money laundering, charges for which he's expected to serve around 8 years in prison.
- "Defendant pleads guilty in dark web narcotics case involving largest cryptocurrency seizure of $150 million in drug proceeds", U.S. Attorney's Office, Southern District of Ohio [archive]
- "Dark-web drug-ring plea nets DEA millions in cryptocurrency", The Washington Post [archive]
WallStreetMemes token price plummets after staking contract exploited
Hackers were able to exploit a vulnerability in the staking contract for WallStreetMemes ($WSM), a memecoin and online casino project targeted at the "meme warriors" who frequent various financial meme communities, many of which formed around the Gamestop short squeeze.
The attackers were able to siphon 769 million $WSM from the contract, which was notionally worth around $7 million. However, the token lacks liquidity to support swapping hundreds of millions of tokens without depressing the price, and the token price dropped around 35% in the wake of the attack as the thief began to cash out over several days.
Meanwhile, WSM announced that they would be issuing a new token to replace the stolen tokens, and "renew[ing] the liquidity pool"... somehow.
- WSM exploiter wallets [archive]
- "Important Security Update", WallStreetMemes Medium [archive]
MailerLite hack enables over $700,000 in crypto phishing thefts
After hackers gained access to various accounts on the MailerLite email marketing software via a social engineering attack on an employee, they were able to send malicious phishing emails that appeared as though they had been genuinely sent from companies including the CoinTelegraph crypto media outlet and the crypto firms Wallet Connect, Token Terminal, SocialFi, and De.Fi.
The emails appeared to announce airdrops and exclusive offers from those companies, and recipients were invited to connect their wallets to claim tokens. Those wallets were then drained.
The attackers stole a variety of cryptocurrencies, and some outlets have reported the theft has totalled more than $3.3 million. However, because a substantial amount of that number comes from the illiquid Xbanking token, the actual liquid value of the tokens is likely closer to $700,000. The attackers have begun mixing the stolen funds through the Railgun privacy service.
- "MailerLite confirms hack that led to $3.3M crypto-phishing email attacks", CoinTelegraph [archive]
- "Coordinated crypto hack and phishing campaign floods investor emails: Alert", CoinTelegraph [archive]
- "Mailer Lite hacker impersonates crypto firms, draining $600,000 with phishing emails", The Block [archive]
Animoca Brands-owned Gamee tokens stolen
An attacker was able to gain access to the Gamee (GMEE) token's source code repository, then exploit a vulnerability in the code to transfer 600 million GMEE tokens to their own wallets. At the token's market price of $0.025 before the hack, these tokens were ostensibly priced at $15 million, though the token value plunged around 60% to below $0.01 following the theft as the attacker began selling the tokens.
GMEE is the token belonging to the Gamee blockchain-based gaming platform, which was acquired by the Animoca Brands company in 2020. Animoca is mostly known for its crypto-metaverse project, The Sandbox.
Concentric Finance exploited for $1.8 million
The Concentric Finance yield aggregator project issued a statement that the protocol had been exploited after a social engineering attack on a team member that had access to the project's deployer wallet.
Tokens priced at around $1.8 million were drained from the project vaults. In a tweet, Concentric urged users to revoke contract approvals to avoid further losses.
The wallet addresses used by the exploiter appeared to connect the attacker to the $2.7 million OKX DEX theft in December 2023.
Terraform Labs files for bankruptcy
Terraform Labs, the company behind the Terra blockchain, has filed for bankruptcy. Its flagship product, the Terra stablecoin and associated LUNA token, failed spectacularly in May 2022. Its CEO, Do Kwon, was arrested in March 2023, and remains in custody awaiting a decision on whether he will be extradited to the United States or South Korea — both of which are looking to charge him over his role in the scheme.
Despite all of that, Terraform Labs had continued to operate. However, it is now in dire financial straits, and has now filed for Chapter 11 bankruptcy in an attempt to sort out its financial obligations amid costly legal cases. Terraform Labs is currently a defendant in a complaint by the SEC, as well as several class-action lawsuits.
According to the company's bankruptcy filing, it has between $100 million and $500 million in assets, and liabilities in the same range.
- Chapter 11 petition, In re: Terraform Labs [archive]
Dwight Howard's NFT project flops
NBA star Dwight Howard is clearly at least a year (probably two) late to the time when celebrities and star athletes could drop some low-effort NFTs and sell out the whole batch immediately. After announcing his "Ballers" project on January 20, offering 3,000 NFTs for a mint price of 2 AVAX (~$60) apiece, he only managed to sell about 300 of them within a day or so.
After the dismal launch, Howard tried a few somewhat desperate-seeming moves to try to attract interest in the project: promising to send free crypto to some holders, redoing all the art after criticism of its quality, and slashing the NFT supply to 1,500. Despite all that, only 465 NFTs have sold (15% of the original supply, netting Howard 930 AVAX — around $28,400).
The flop was so bad that a member of the team behind the Avalanche blockchain put out a tweet distancing themselves from the project, stating that they didn't even know about the project until he announced it. "Gone are the days that individuals/Brands with large followings can just drop IP related NFTs out of nowhere and expect it to do well," they wrote, seemingly criticizing Howard's approach by writing that NFT creators must "mak[e] sure to do it in an organic way with proper intentions."
CFTC files complaint against Debiex platform for using "romance scam tactics" to steal $2.3 million
The CFTC has filed a complaint against Debiex, a shadowy cryptocurrency platform whose precise location and executives are unknown. The company's employees primarily targeted Chinese Americans, and used common romance scam techniques: first striking up a friendship or romantic relationship with the victim, then convincing them that they could earn huge profits by putting money on Debiex.
Debiex, however, only resembled a cryptocurrency trading platform. In reality, the website merely mimicked a trading platform, and the funds supposedly deposited there for trading purposes were taken by Debiex.
The CFTC identified five victims who were allegedly defrauded of a combined $2.3 million.