Investors seek to recoup around $35 million from Canadian "Crypto King" in his early 20s

Aidan Pleterski and a woman with her face blurred stand in front of a lime green Lamborghini in what appears to be an upscale suburbAidan Pleterski with one of his many cars (attribution)
"[I] was a 20-something-year-old kid" said Aiden Pleterski, when asked why he kept his "investment" scheme going when he knew he couldn't repay his existing customers. Although he once described himself as the "Crypto King" in several articles he paid to have run, Pleterski is now undergoing a bankruptcy process and facing multiple lawsuits, where creditors are trying to first find and then recoup the more than $35 million they've collectively entrusted to him.

So far, the court has seized two McLarens, two BMWs, and a Lamborghini — only a few cars out of the eleven luxury cars Pleterski owned, plus another four he was renting. Investors have also asked about the $45,000-a-month lakefront mansion he was renting in Ontario, watches, and gold bars, hoping they could be liquidated to repay some of his debts.

Pleterski had promised investors that he would invest on their behalf, taking 30% of any capital gains, with a goal of achieving 10–20% gains biweekly. He also promised that any loss on the initial investment would be paid back in full. Pleterski had made some money in crypto as a teenager, but according to him, he lost most of the money he was given to invest in late 2021 and early 2022 "in a series of margin calls and bad trades". An investor claims that at one point, he was given pictures and videos of financial statements showing an account with $311 million, but when he checked with the company supposedly maintaining the account, they said they had no accounts with that kind of funds. So far, the court and investors alike have struggled to untangle Pleterski's mess — according to him, he was unorganized and didn't track his finances or debts.

Wintermute hacked for $160 million

The algorithmic market maker Wintermute suffered a major hack, according to their CEO. He estimated the loss at around $160 million, also writing that the company is "solvent with twice over that amount in equity left".

Wintermute hasn't disclosed more about the attack, but it's possible that the hacker may have exploited the vulnerability in the vanity wallet address generator Profanity, which was disclosed five days prior. The crypto asset vault admin had a wallet address prefixed with 0x0000000, a vanity address that would have been susceptible to attack if it was created using the Profanity tool.

This is the second incident involving Wintermute in the past few months. In June, the group provided the wrong wallet address to the Optimism project, and Optimism sent 20 million OP tokens to a non-existent address. Another person noticed the error before they did and was able to take the tokens. They ultimately returned 17 million of the tokens to Wintermute, keeping the rest as a "bounty". $OP have been trading at around $1 as of mid-September.

SEC files emergency action to stop CryptoFX scam

CryptoFX is a crypto-based scheme targeted specifically to Latines, promising to invest its victims' assets in cryptocurrencies and teach its customers how to trade crypto. It also reportedly functioned as a pyramid scheme, using a "referral program" to incentivize people to recruit friends, family, and people in their communities.

The United States Securities and Exchange Commission filed an emergency action to stop the fraud and freeze assets, which was granted on September 29, 2022. The SEC then filed a complaint against the company and its leaders Mauricio Chavez and Giorgio "Gio" Benvenuto. The SEC alleged CryptoFX had raised at least $12 million from 5,000 investors, which ostensibly would be put into crypto markets but instead was primarily used to "fund [Chavez's] real estate company and extravagant lifestyle".

Sparkster settles for $35 million with the SEC; SEC charges crypto influencer

The firm Sparkster and its CEO Sajjad Daya settled with the U.S. SEC after a cease-and-desist arguing that Sparkster sold securities worth at least $30 million without registration. The firm and Daya agreed to settle with the SEC, and will pay more than $35 million to a fund that will be distributed to the investors who were harmed.

The SEC also charged crypto influencer Ian Balina for his involvement with the scheme. He allegedly accepted a 30% bonus on the $5 million worth of SPRK tokens he purchased in an agreement to promote the project on YouTube, Telegram, and other channels, but did not disclose his compensation. He also organized an investing pool with more than 50 investors, and also didn't register it with the SEC. Balina had advertised that he could help people "make millions with initial coin offerings".

UK financial regulator warns against FTX exchange

The United Kingdom's Financial Conduct Authority issued a warning that FTX is not authorized by them, but is targeting consumers in the UK. "Almost all firms and individuals offering, promoting or selling financial services or products in the UK have to be authorised or registered by us," they wrote in the announcement, noting that FTX is not. Because of this, "you are unlikely to get your money back if things go wrong".

A spokesperson from FTX said they believed that "a scammer is impersonating FTX", which they said they thought led to the warning. However, that statements in the warning are accurate: FTX is not registered with the FCA, and they serve UK customers.

Scammer earns 13 ETH ($17,500) from fake Mutant Ape scheme

An illustration of an ape with skin made from various animal prints, a bright green muzzle with a tongue stuck out and wrapped around a beer can, X-ed out eyes, a bone necklace, and a WW2 pilot helmet with teeth around the brimMutant Ape #21080 (attribution)
The owner of Mutant Ape #21080 was approached with an offer to trade their ape for another Mutant Ape (#55) and an extra 0.5 ETH ($675) to sweeten the deal. The trader agreed, and moved forward with performing the trade on SudoSwap, one of several platforms that allows people to set up NFT-for-NFT swaps. Unfortunately, he didn't check that the "Mutant Ape #55" that the trader was offering was actually the genuine article. The scammer had created a bunch of fake Mutant Apes that look identical through the SudoSwap frontend, but are clearly fakes if you look at the contract.

The trader ended up with a worthless counterfeit and a measly 0.5 ETH for his pricey NFT. The scammer quickly flipped the real Mutant for 13.5 ETH, making a tidy $17,500 profit.

Whale illustrates price manipulation risk in GMX exchange, profits more than $400,000

A candles chart showing a pattern of the AVAX token dropping in price and then going back up as a whale manipulates the price.AVAX chart (attribution)
GMX is a decentralized cryptocurrency exchange that boasts zero price impact trades. On most exchanges, users have to contend with slippage: a difference between the price of a token when the user goes to enter the trade and the price when the trade is executed. A sufficiently large trade can itself cause slippage, particularly with crypto assets with lower liquidity.

A whale was able to take advantage of this "feature" by taking large positions in AVAX, the token belonging to the Avalanche blockchain, which has relatively low liquidity compared to larger tokens like Bitcoin or Ether. The whale then manipulated the price by making large trades on a centralized exchange, taking an estimated profit of between $400,000 and $450,000 after fees.

Some had publicly expressed concerns about the possibility of such an exploit earlier in September: Taureau, a founder of another decentralized exchange, had outlined the possibility of an exploit like this on a podcast episode on September 1.

GMX responded to the incident by capping the size of positions that users can take on AVAX. Another project, MM.Finance, announced they would be pausing order execution on their MadMex platform, which is a fork of GMX.

Binance accounting bug involving Helium tokens results in $19 million of erroneous payouts

Helium has two different tokens: HNT, which is paid out to people who run Helium hotspots, and MOBILE, which is paid to those maintaining the new Helium 5G network. However, Binance erroneously treated both tokens as HNT within their exchange. As a result, anyone who sent MOBILE to Binance wound up with that same number of HNT tokens in their wallet — a big benefit, given that HTN has traded between $4 and $7 this past month, and MOBILE is not yet easily tradable.

Binance distributed around 4.8 million HNT before discovering and patching the bug, valued at around $19 million.

Hours after Ethereum transition to proof-of-stake, SEC Chair says PoS crypto could be classed as securities

Official portrait of Gary GenslerSEC Chairman Gary Gensler (attribution)
In the early hours of September 15, Ethereum completed "The Merge —  the long-awaited transition from its original proof-of-work consensus mechanism to proof-of-stake.

Later that day, SEC Chairman Gary Gensler pointed to the staking mechanism as a signal that an asset might be a security as determined by the Howey test.

There has been much discussion over whether cryptocurrencies in general or individually should be considered securities, commodities, or possibly even something else. Broadly, people within the crypto community don't want to see the assets fall under SEC jurisdiction, as the SEC is seen as much less friendly to the industry than the CFTC.

Vulnerability discovered in vanity wallet generator puts millions of dollars at risk

The 1inch Network disclosed a vulnerability that some of their contributors had found in Profanity, a tool used to create "vanity" wallet addresses by Ethereum users. Although most wallet addresses are fairly random-looking, some people use vanity address generators to land on a wallet address like 0xdeadbeef52aa79d383fd61266eaa68609b39038e (beginning with deadbeef), or one with lots of 0s at the end, or some other address the user thinks looks cool.

However, because of the way the Profanity tool generated addresses, researchers discovered that it was fairly easy to reverse the brute force method used to find the keys, allowing hackers to discover the private key for a wallet created with this method.

Attackers have already been exploiting the vulnerability, with one emptying $3.3 million from various vanity addresses. 1inch wrote in their blog post that "It's not a simple task, but at this point it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions."

The maintainer of the Profanity tool removed the code from Github as a result of the vulnerability. Someone had raised a concern about the potential for such an exploit in January, but it had gone unaddressed as the tool was not being actively maintained.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.