On May 23, crypto sleuth zachxbt tweeted that the project appeared to have executed their exit scam, bridging around 31.6 million Tether to various addresses. Platform users began to report that they could not withdraw funds.
The attacker has already drained locked votes and sold some of the $TORN tokens, which are governance tokens that both entitle the holder to a vote but also were being traded for $5–$7 around the time of the attack. The attacker has since tumbled 360 ETH (~$655,300) through Tornado Cash to obscure its final destination. Meanwhile, $TORN plummeted in value more than 30% as the attacker dumped the tokens.
The attacker now has full control over the DAO, which according to crypto security researcher Sam Sun grants them the ability to withdraw all of the locked votes (as they did), drain all of the tokens in the governance contract, and "brick" (make permanently non-functional) the router.
Croatian cryptocurrency investment company BitLucky reportedly collapses; more than $75 million allegedly missing
Some have expressed the opinion that BitLucky was a Ponzi scheme all along, given the unreasonable promises of 5–25% monthly returns. The editor of a crypto news outlet also expressed that "there was a 'line of [red] flags'", including that Burazer never wanted to appear in the media or have his picture shown online.
- "Najveća domaća kripto prevara? Riječanin klijentima uzeo 70 milijuna €. Upravo je u bijegu", Jutarnji list (in Croatian)
- "DeFi protocol WDZD Swap exploited for $1.1M: CertiK", CoinTelegraph
The funds are not at risk, but it will take at least a week before the funds are unstuck because any code change requires a DAO vote. "Considering governance times, if approved, the fix will be applied in approximately 7 days from now: 1 day of delay to start voting, 3 days of voting, 1 day of timelock on Ethereum, and 2 extra days of timelock on Polygon," explained a post by Bored Ghost Developing, a contributor to Aave.
Phishing-as-a-service company "Inferno Drainer" steals assets nominally worth $5.9 million in three months
One Inferno Drainer victim lost assets worth around $417,000. They later sent an on-chain message to the thief, writing: "you are ruining my life and for me this money was a lifetime's work, I won't have enough my family..." They asked the attacker to return 50% of the funds stolen from them, offering to not report the scammer to Interpol and other authorities in return, and even offering to "sign a contract allowing you to use legally the stolen crypto".
However, Grumpy Cat's owner owns trademarks associated with Grumpy Cat, and it seems she has become aware of the coin. On May 18, she minted an NFT and transferred it to the Grumpy Cat Coin deployer address. The NFT image is a copy of a cease and desist letter representing Grumpy Cat Limited. The letter describes the coin offering as a "blatant and willful infringement of our client's trademark rights", and insists that the coin creators stop all activities related to the coin offering or face legal action. The letter also mentioned that the URL of the project website —
grumpycat.fyi — was a violation of the Anti-Cybersquatting Consumer Protection Act. The project subsequently changed its domain to
gccoin.fyi in an apparent effort to avoid this issue.
Simultaneously, a message addressed to holders of the Grumpy Cat Coin was posted to Grumpy Cat's Twitter account, describing the token as a "desperate, sad attempt to scam unwitting traders" by "SlumDoge Millionaire and their cohorts".
The New York Attorney General found that Coin Cafe's misleading fee structure was still in effect even after the company obtained a BitLicense from the Department of Financial Services.
The project had been audited by blockchain security firm CertiK, and displayed the "audited by CertiK" badge on their website. This added to criticisms of CertiK, who have come under fire for auditing multiple projects that later turned out to be scams. CertiK defended themselves, writing that, "As an auditor, we cannot force projects to implement our recommendations, but we can clearly and publicly call out vulnerabilities where we find them". They argued that they had identified vulnerabilities within their audit that ultimately allowed for the exploit, including the high degree of centralization and the upgradability of the smart contracts.