Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

JPEX appears to be a $191 million fraud

After the Hong Kong-based JPEX exchange limited withdrawals amidst what appeared to be an impending collapse of the platform, things are now looking a lot more like fraud.

Police have received more than 2,200 complaints pertaining to the exchange, involving $191 million (and counting) in possible losses. Eleven people, including various crypto influencers who had promoted the exchange, were taken in for questioning. However, police have said those eleven people were not likely central to the fraud, and that the leaders of the JPEX project are on the run.

According to the South China Morning Post, "The alleged case of financial fraud involving HK$1.37 billion is the largest of its kind in Hong Kong's history."

Theme tags: Collapse, Hack or scam

Upbit briefly suspends Aptos transactions after people were able to deposit counterfeit tokens

Upbit, a major South Korean cryptocurrency exchange, suddenly suspended deposits and withdrawals of the Aptos $APT token after some users were able to deposit and withdraw fake versions of the token that were intended to spoof the original. Because of a bug in how Upbit verified tokens, transfers of the spoofed token were identified as transfers of the native Aptos token, which could have caused a massive loss if users began redeeming the fake Aptos tokens as though they were real.

However, a bug on the part of the counterfeiter prevented massive losses. The spoofer used only six decimal places instead of eight, meaning that those who tried to redeem the fake tokens only received $250 instead of $25,000.

Upbit later re-enabled Aptos transactions after patching the bug.

Theme tags: Bug, Hack or scam

Huobi exchange hacked for $8 million

Justin Sun confirmed on September 25 that his crypto exchange Huobi (recently rebranded to "HTX") had been hacked for 5,000 ETH ($8 million) the prior day. He reassured customers that the exchange would be covering the shortfall, and that "all user assets are #SAFU".

Sun offered a bounty to the hacker to return 95% of the funds, also promising to hire them as a "security white hat advisor" for the exchange. Otherwise, he threatened to go to law enforcement.

Two weeks later, the thief returned the funds, with a note that their hot wallet key had leaked. Huobi paid the $410,000 bounty.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

Mixin Network discloses $200 million hack

The operators of the Mixin Network disclosed that hackers had stolen around $200 million in funds in the largest known hack of the year (to date). Mixin Network is a cross-chain project that boasts zero transaction fees.

In their announcement, Mixin wrote that "the database of Mixin Network's cloud service provider was attacked by hackers", leading to some confusion as Mixin is supposed to be a decentralized network that ostensibly shouldn't have a centralized cloud database.

Mixin announced they would be suspending deposits and withdrawals pending analysis of the incident. They also told users that they would be compensated "up to a maximum of 50%" on assets that had been stolen from them, and receive "tokenized liability claims" (that is, IOUs) for the rest.

Theme tags: Hack or scam, Hmm
Tech tags: DeFi

Wallet phished for $4.46 million in fake mining scam

Someone lost over $4.4 million of the Tether stablecoin after falling victim to a phishing scam that promised them fake mining rewards. A phisher lured in the victim, likely earning their trust and then promising high returns thanks to a "mining" operation. Typically, these projects fool their victims by showing them a growing balance on the platform's software, even as the phishers drain their wallets.

These types of scams draw in tens of millions of dollars each month, and one researcher has estimated around $350 million in Tether have been stolen in these types of scams since September 2021.

Theme tags: Hack or scam
Tech tags: stablecoins

Balancer frontend compromised

Balancer issued an urgent warning to stop using its web interface, as it was evidently compromised by malicious actors who redirected the funds to themselves. Within 30 minutes of the tweeted warning, $240,000 had already been stolen.

This is the second theft from Balancer in a month, after it warned of a critical vulnerability on August 22, and that vulnerability was exploited for around $2 million several days later.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

JPEX hikes withdrawal fees amidst possible collapse

"We believe that the platform will not collapse," wrote JPEX, amidst apparent collapse. JPEX is a Hong Kong crypto exchange that was advertising more than 20% APY on various staking products.

The JPEX cryptocurrency exchange was the subject of a September 13 consumer warning by the Securities and Futures Commission (SFC), who said they were promoting services to Hong Kong residents without proper licensure. The following day, attendees of the Token 2049 crypto event observed that JPEX had abandoned the booth they'd rented. Then, JPEX hiked their withdrawal fees to as high as $999, and limited withdrawals to $1,000.

According to the South China Morning Post, customers have filed at least 83 complaints about the exchange, pertaining to crypto assets priced at $4.3 million. Hong Kong police have disclosed they are investigating the firm.

JPEX released a statement that the SFC was "exerting undue pressure on our platform", and asserted that the watchdog should "bear full responsibility for undermining the prospects" of the crypto industry in the region. Later, they accused their "partnered third-party market makers" of "maliciously fr[eezing] funds". They announced that, as a result, they would be pausing their Earn product. They also suspended their platform's gaming feature.

Theme tags: Collapse, Hmm

PolkaWorld halts operations, blames community governance

PolkaWorld, a major community within the Polkadot blockchain project, has announced that they will have to suspend operations as a funding proposal was overwhelmingly rejected. In June, Polkadot changed their governance model to community voting, away from a model in which small groups of ostensible experts made decisions for the network. PolkaWorld has blamed the failure of their request for 16,842 DOT (~$70,000) to fund Q4 2023 operations on this new voting model, which shut down their request with 93.3% "no" votes.

"Personally, we believe decentralization only works for the 'informed', it's not for everyone, no offense meant," wrote PolkaWorld on Twitter.

Theme tags: Hmm

Killer Whales crypto reality show launches about two years too late

Promotional image for Killer Whales showing a group of judges standing behind the logoKiller Whales promo image (attribution)
Maybe they'd sunk too much money into producing Killer Whales to back out, or maybe its creators actually think that a Shark Tank-style crypto reality TV series is what it will take to return crypto to its former glory. A crypto-boosting show judged by crypto industry hustlers like Anthony "The Mooch" Scaramucci and shady operator Mario Nawfal has just published trailers for its scheduled January 2024 debut.

The trailer for the show features a duo pitching "Ape Water": Bored Ape-branded canned water that sells for $2.80/can. "We want to reimagine water... When you scan the can, that's when crypto and web3 is unlocked," says the booster. Revolutionary.

Even crypto Twitter seemed less than enthused, with one person writing that the show was "like Shark Tank, but cringe". Another wrote, "Just take a peep at the panel of judges it's full of crypto grifters and scammers".

Theme tags: Bad idea

Ethereum bungles "Holesky" testnet launch

Ethereum prepared to launch a new test network, called "Holesky", which was supposed to be massive compared to the mainnet in order to work on scaling problems. The launch was supposed to coincide with Ethereum's September 2022 "Merge", in which the network finally pulled off the long-awaited switch from proof of work to proof of stake.

However, the Holesky launch was a failure when developers misconfigured the network, causing it to fail to initiate. Developers announced they would try to relaunch the project a week after its intended go-live date. At least it was just a testnet.

Theme tags: Bug
Blockchain tags: Blockchain: Ethereum

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.