Bifrost wrote in their post-mortem analysis that because the attack was limited to the BTC address registration server, and the hack didn't exploit any smart contract or protocol vulnerabilities, a security audit performed by Theori "is still valid" — leading one to wonder why anyone should trust an "audited" platform if $2.25 million in assets can be stolen without invalidating an audit.
- "Post-mortem: BiFi-BTC illegal address registration", Bifrost blog
Hackers used NFTs from the popular Doodles collection as collateral to borrow wETH, then withdrew all but one of the NFTs, allowing them to perform a re-entrancy attack. The attacker then laundered the funds using the Tornado Cash cryptocurrency tumbler.
According to Omni, only funds belonging to the platform that were being used for testing were taken by the attacker.
- "Hacker drains $1.4 million worth of ETH from NFT lender Omni", The Block
- Exploiter wallet on Etherscan
Although they initially dodged naming the counterparty, CEO Mark Lamb eventually publicly stated that this counterparty was Roger "Bitcoin Jesus" Ver, who he said failed to meet a $47 million margin call. However, Ver publicly refuted this claim, stating that CoinFLEX in fact owed him money. Both parties went back and forth, each accusing the other of misrepresenting the situation.
On July 9, the company stated that they would be seeking arbitration to recover $84 million from Ver — an updated figure that they said factored in the "significant loss in liquidating his significant FLEX coin positions".
In late June, the exchange laid off 30% of staff and took other measures to cut costs. They later disclosed they were short $70 million, partly from exposure to the Terra ecosystem which collapsed in May.
- "Peter Thiel-Backed Crypto Lender Vauld Files for Protection Against Creditors", The Wall Street Journal
What he didn't mention was the lawsuit that had just been filed against the company, by investors who allege that Ravlich and his co-founders lied to investors and never created any usable product or service. Investors claim to have lost millions in cryptocurrency, and one alleged that Ravlich and his compatriots used a shell company in the Cook Islands to make it harder for him to recoup his losses.
Hypernet initially promised to build a system for renting unused computing power, and in 2018 raised around $20 million in an initial coin offering. In late 2021, Hypernet "pivoted hard" into NFTs, which one investor stated was a "knee jerk reaction to the flavour of the day" and a "last-ditch attempt to find a non-existent market for a non-existent product".
The legal complaint reads, "Prior to Plaintiff coming on board, Defendants had no unified, organized, or overarching investment strategy other than lending out the consumer deposits they received. Instead, they were desperately seeking a potential investment that could earn them more than they owed to their depositors. Otherwise, they would have to use additional deposits to pay the interest owed on prior deposits, a classic 'Ponzi scheme.' The recent revelation that Celsius does not have the assets on hand to meet its withdrawal obligations shows that Defendants were, in fact, operating a Ponzi-scheme."
This is not Reddit's first foray into NFTs. The platform launched four 1-of-1 "CryptoSnoo" NFTs in June 2021, which allow the four holders to display the NFTs on their profile. The "Collectible Avatars" appear to be an attempt to open this same functionality to a broader group of Redditors, while simultaneously appearing to try to sidestep the more negative sentiment around NFTs that has developed since their last project.
2gether had previously made news in August 2020, when hackers stole 114 Bitcoin and 276 ETH — then worth around €1.183 million ($1.2 million), and representing 15% of customer funds. The company successfully raised €1.5 million ($1.52 million) in a financing round several months later to cover the loss.
- La plataforma de criptomonedas 2gether cierra y deja a 100.000 afectados, La Vanguardia (in Spanish)