Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

MailerLite hack enables over $700,000 in crypto phishing thefts

A phishing email appearing to come from WalletConnect: "You're invited! We hope this email finds you well and thriving in the world of decentralized finance! Today, we're thrilled to bring you an exclusive celebration that promises to elevate your crypto experience to new heights. This is not just another airdrop; it's a rare opportunity to amplify your crypto portfolio and be part of something extraordinary. The team at WalletConnect, in collaboration with Web3Inbox, is hosting a special occasion to express our gratitude to our valued users and community members."WalletConnect phishing email (attribution)
After hackers gained access to various accounts on the MailerLite email marketing software via a social engineering attack on an employee, they were able to send malicious phishing emails that appeared as though they had been genuinely sent from companies including the CoinTelegraph crypto media outlet and the crypto firms Wallet Connect, Token Terminal, SocialFi, and De.Fi.

The emails appeared to announce airdrops and exclusive offers from those companies, and recipients were invited to connect their wallets to claim tokens. Those wallets were then drained.

The attackers stole a variety of cryptocurrencies, and some outlets have reported the theft has totalled more than $3.3 million. However, because a substantial amount of that number comes from the illiquid Xbanking token, the actual liquid value of the tokens is likely closer to $700,000. The attackers have begun mixing the stolen funds through the Railgun privacy service.

Theme tags: Hack or scam

Animoca Brands-owned Gamee tokens stolen

An attacker was able to gain access to the Gamee (GMEE) token's source code repository, then exploit a vulnerability in the code to transfer 600 million GMEE tokens to their own wallets. At the token's market price of $0.025 before the hack, these tokens were ostensibly priced at $15 million, though the token value plunged around 60% to below $0.01 following the theft as the attacker began selling the tokens.

GMEE is the token belonging to the Gamee blockchain-based gaming platform, which was acquired by the Animoca Brands company in 2020. Animoca is mostly known for its crypto-metaverse project, The Sandbox.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Polygon
Tech tags: blockchain gaming

Concentric Finance exploited for $1.8 million

The Concentric Finance yield aggregator project issued a statement that the protocol had been exploited after a social engineering attack on a team member that had access to the project's deployer wallet.

Tokens priced at around $1.8 million were drained from the project vaults. In a tweet, Concentric urged users to revoke contract approvals to avoid further losses.

The wallet addresses used by the exploiter appeared to connect the attacker to the $2.7 million OKX DEX theft in December 2023.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

Terraform Labs files for bankruptcy

Terraform Labs, the company behind the Terra blockchain, has filed for bankruptcy. Its flagship product, the Terra stablecoin and associated LUNA token, failed spectacularly in May 2022. Its CEO, Do Kwon, was arrested in March 2023, and remains in custody awaiting a decision on whether he will be extradited to the United States or South Korea — both of which are looking to charge him over his role in the scheme.

Despite all of that, Terraform Labs had continued to operate. However, it is now in dire financial straits, and has now filed for Chapter 11 bankruptcy in an attempt to sort out its financial obligations amid costly legal cases. Terraform Labs is currently a defendant in a complaint by the SEC, as well as several class-action lawsuits.

According to the company's bankruptcy filing, it has between $100 million and $500 million in assets, and liabilities in the same range.

Theme tags: Collapse, Law
Blockchain tags: Blockchain: Terra

Dwight Howard's NFT project flops

An illustration of Dwight Howard in 3/4 profile, wearing shades with "Ballers" across the front in LEDs, and a tank top with the Avalanche logo pinned on a strapBallers NFT project artwork (attribution)
NBA star Dwight Howard is clearly at least a year (probably two) late to the time when celebrities and star athletes could drop some low-effort NFTs and sell out the whole batch immediately. After announcing his "Ballers" project on January 20, offering 3,000 NFTs for a mint price of 2 AVAX (~$60) apiece, he only managed to sell about 300 of them within a day or so.

After the dismal launch, Howard tried a few somewhat desperate-seeming moves to try to attract interest in the project: promising to send free crypto to some holders, redoing all the art after criticism of its quality, and slashing the NFT supply to 1,500. Despite all that, only 465 NFTs have sold (15% of the original supply, netting Howard 930 AVAX — around $28,400).

The flop was so bad that a member of the team behind the Avalanche blockchain put out a tweet distancing themselves from the project, stating that they didn't even know about the project until he announced it. "Gone are the days that individuals/Brands with large followings can just drop IP related NFTs out of nowhere and expect it to do well," they wrote, seemingly criticizing Howard's approach by writing that NFT creators must "mak[e] sure to do it in an organic way with proper intentions."

Theme tags: Bad idea, Hmm
Blockchain tags: Blockchain: Avalanche
Tech tags: NFT

CFTC files complaint against Debiex platform for using "romance scam tactics" to steal $2.3 million

The CFTC has filed a complaint against Debiex, a shadowy cryptocurrency platform whose precise location and executives are unknown. The company's employees primarily targeted Chinese Americans, and used common romance scam techniques: first striking up a friendship or romantic relationship with the victim, then convincing them that they could earn huge profits by putting money on Debiex.

Debiex, however, only resembled a cryptocurrency trading platform. In reality, the website merely mimicked a trading platform, and the funds supposedly deposited there for trading purposes were taken by Debiex.

The CFTC identified five victims who were allegedly defrauded of a combined $2.3 million.

Theme tags: Hack or scam, Law

Colorado pastor charged for cryptocurrency scam he says he perpetrated at God's command

A still frame from a video of a man speaking to a camera, with the subtitles: "So the charges are that Kaitlyn and I pocketed $1.3 million and I just want to come out and say that those uh charges are true."Eli Regalado (attribution)
A Colorado-based pastor for an online ministry sold INDXcoin to his followers and others in the Christian faith. However, there was no way for buyers to cash out the tokens. Meanwhile, Regalado and his wife spent the money on a Rolls Royce, jewelry, and designer handbags — and, according to Regalado, "a home renovation the Lord told us to do."

Regalado posted a video to his supporters explaining that he had been sued by the Colorado state securities regulator. "So the charges are that Kaitlyn and I pocketed $1.3 million, and I just want to come out and say that those uh charges are true," said Regalado in the video, presumably causing a cold chill to run down the spine of his defense attorney in the middle of whatever he was doing.

According to Regalado, God told them to first invest in a separate coin, which turned out to be a scam. Then, says Regalado, God told him to make his own currency, which Regalado called INDXcoin, "but also give them a 10x". Who knew God was a degen! Regalado had told investors that the funds would be going to "widows and orphans", but spent most of it on himself and his wife.

Theme tags: Hack or scam

Luis Rubiales' NFT launch condemns "radicalism and feminist extremism" and describes alleged assault as "a small mistake"

Luis RubialesLuis Rubiales (attribution)
Apparently, former president of the Royal Spanish Football Federation Luis Rubiales has decided the way to rehabilitate his reputation after forcibly kissing a soccer player and being banned from football is to... release an NFT project.

In an announcement posted on Rubiales' Twitter account, the South Korean Moon Labs wrote: "Yes, we agree that Mr. Luis Rubiales made a small mistake in women world cup." The statement went on to condemn "extremism and radical feminism", and downplay Rubiales' actions as not "really" sexual assault. "Yes, Luis did small mistake but probably the biggest mistake was losing Luis Rubiales in football part [sic]."

Theme tags: Yikes
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

$2.7 million disappears from funds meant to compensate Hector Network investors

In July 2023, angry investors in the Hector Network project opted to "rage quit" — an option reserved by some defi projects that allows investors to vote to liquidate a project's remaining treasury and distribute it to token holders. The successful rage-quit vote in Hector's case came after the protocol lost $8 million in the Multichain disaster, although investors say that was only the final straw in a series of poor management choices and inflated salaries that saw the project treasury dwindle from over $100 million to around $16 million.

Now, another $2.7 million is gone after an apparent thief was able to exploit a smart contract that was intended to distribute payouts to Hector's token holders. They then swapped the tokens from the USDC stablecoin to ETH.

Investors in the project are furious, especially because various parties had warned Hector Network about apparently insecure practices. Hector Network's team, meanwhile, have not acknowledged the theft, although a law firm involved in the project liquidation promised a statement would be forthcoming.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Fantom
Tech tags: DAO, DeFi

TrueUSD loses peg (again) as traders sell due to fears over its stability

TrueUSD, a stablecoin connected to Justin Sun, deviated from its intended $1 peg to around $0.983 as traders sold off more than $100 million of the token seeking safer options. The fears seemed to be sparked by the rapidfire and massive hacks of the Justin Sun-connected HTX (hacked for $115 million) and Poloniex (hacked for $120 million) in November.

Adding to those is the fact that TrueUSD recently paused its real-time reserves attestations, due to systems reporting liabilities that exceeded assets, though TrueUSD (obviously) claimed this was just an error.

Theme tags: Hmm
Tech tags: stablecoins

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.