Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Start from the top

Myanmar-based romance scam operation pulls in $100 million in less than two years

A pig-butchering operation in Myanmar has scammed victims of more than $100 million in Tether in less than two years, according to a report from Chainalysis and the anti-human trafficking organization International Justice Mission.

Many of the workers for the romance scam group are themselves victims of human trafficking. The operation is based in a "compound" near Myanmar's border with Thailand, and researchers estimate that thousands of trafficked workers operate the scam from the "self-contained city".

The scam may put more pressure on Tether, whose role in human trafficking and high-volume romance scam operations has been scrutinized more heavily in recent months and years. Tether has frozen some assets belonging to romance scammers in the past, but remains the token of choice for many of these groups.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Tron

RiskOnBlast gambling platform rug pulls for $1.3 million

RiskOnBlast, a gambling and trading platform on the new ethereum layer-2 Blast blockchain, appears to have performed the blockchain's first major rug pull — before the blockchain has even officially launched. Blast was created by the developers of the Blur NFT platform, and received funding from the Paradigm crypto VC.

The team behind Blast had even helped to promote the RiskOnBlast platform, tweeting from its official account that Blast was "a new challenger" in the ecosystem with "undeniable" potential.

On February 25, the platform drained more than 420 ETH (~$1.3 million) from more than 750 user wallets on their platform. The project's anonymous team then laundered the funds through various services and exchanges. All social media accounts for the project were taken offline.

Theme tags: Rug pull
Blockchain tags: Blockchain: Ethereum
Tech tags: blockchain gaming

Australian disappears with more than US$585,000 erroneously transferred to his cryptocurrency account by OTCPro

When businessman Kow Seng Chai transferred AU$99,500 (~US$65,000) to a cryptocurrency account on the Australian OTCPro cryptocurrency trading platform on January 25, he received an unexpected windfall thanks to an extra 0 erroneously added to the amount. When he saw the AU$995,000 ($650,000) in his account, he set to work, cashing out the excess funds through multiple withdrawals of the maximum amount.

OTCPro didn't notice their error until February 4, by which point Chai had already disappeared. They were able to recoup some funds that Chai had left in the OTCPro account, putting their total loss at around AU$490,000 (US$320,000).

A judge issued an injunction to try to prevent Chai from leaving the country, and issued a freeze on his assets. However, a freeze may be ineffective depending on if and how Chai has laundered the funds.

Theme tags: Hmm

Blueberry Protocol narrowly avoids $1.3 million hack

The Blueberry defi leverage project had a bug in their lending contract, where improper decimal handling allowed for an exploit. An attacker tried to exploit the vulnerability, but was front-run by c0ffeebabe.eth, a well-known MEV bot operator and whitehat who has in the past been able to front-run other exploits and return the funds to the projects.

About 457.7 ETH ($1.35 million) was drained from the project, but 366.6 ETH ($1.08 million) of that was able to be returned. The remaining ~91 ETH (~$265,000) was lost to validator payments.

Blueberry paused their protocol as they investigated the hack, and stated that they "aim for a full repayment to users as the goal".

Theme tags: Good news, Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

DeezNutz_404 hacked for $170,000

I might otherwise skip over news of a $170,000 hack, given how commonly thefts of that scale happen in the crypto world, but with a name like this... come on.

One thing that keeps me from ever trying my hand as a crypto project hacker is that if I made $170,000 from exploiting a project called "DeezNutz_404", I would immediately be caught because I wouldn't be able to resist telling everyone I know that I'd just made enough money to not have to work for a couple years by exploiting deez nuts.

Anyway, there was a bug in their code that allowed an attacker to mint infinite tokens and steal around 58.65 ETH (~$170,000).

Theme tags: Bug, Hack or scam

Axie Infinity co-founder suffers $9.5 million loss after wallet compromise

Jeff "Jihoz" Zirlin, a co-founder of the Axie Infinity blockchain game, lost around $9.5 million as two of his crypto wallets were compromised. The thief stole 3,248 ETH ($9.5 million), which they quickly laundered with the Tornado Cash cryptocurrency mixer.

Some were briefly concerned that Axie Infinity's Ronin Bridge had been hacked (again), since the funds moved out of the bridge. Jihoz and others were quick to emphasize that the bridge had not been affected, and it was simply a personal wallet compromise.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

Influencer "Crypto Rover" accused of pump-and-dump and other shady behavior

Influencer "Crypto Rover" taking a selfie with an exaggerated concerned expression, and the bitcoin logo next to himCrypto Rover (attribution)
A popular cryptocurrency influencer known as "Crypto Rover" has been accused by blockchain sleuth zachxbt of shady behavior, including accepting promotional payments from crypto projects and then not following through on his end of the deal, dumping tokens after promising followers he would hold, and secretly purchasing tokens for memecoin projects before pumping the price by posting about them.

Zachxbt outlined various incidents, including how Crypto Rover purchased "Stoned Pepe" tokens before posting to his hundreds of thousands of followers that he thought the token would "do at least a 10x", and claiming that he had inside info on the project. He also detailed how Rover had taken a $10,000 payment and 1% of the supply of a new token that he promised to promote, then never promoted — despite promising the team that he could "pump projects from 1/2m to 10m easy".

After zachxbt published his research, Rover deleted his Telegram channel.

Theme tags: Shady business

Over $55 million taken from defunct AAX crypto exchange

The Hong Kong-based AAX cryptocurrency exchange suspended withdrawals in November 2022, only days after the FTX collapse and related chaos in the cryptocurrency world. They claimed that user funds were safe, but the exchange never restored service. A month later, police arrested two of the company's executives.

Now, over a year later, the Cyvers blockchain security firm has observed more than 24,000 ETH (~$55.6 million) has been moved from wallets used by the platform. Although there could be innocuous explanations for money moving off a defunct platform, whoever was moving the funds used various decentralized services to launder the money, appearing to be trying to make it more difficult to trace.

Theme tags: Shady business

Airdrop hunters spam Github projects

A Github issue titled "github" with the text "i'm a scroll contributor"Airdrop farming Github issue (attribution)
After projects like Celestia and Starknet distributed airdrops of crypto tokens to people who had contributed to their open source Github repositories, airdrop hunters have begun spamming other projects in hope that they might one day receive tokens for their "contributions". In the recent Starknet airdrop, one individual received 1,800 STRK (~$3,200 at current estimates, though the token isn't actively trading yet) for an unmerged pull request fixing a typo in project documentation, so the hope that relatively trivial contributions could result in a windfall isn't completely unjustified.

Several repositories for crypto projects that have not launched tokens were inundated with hundreds of trivial Github issues apparently written in the hopes that in the event of an airdrop, they would be considered contributions.

"Please don't submit a GitHub issue just for farming purposes," wrote one employee of a crypto project receiving such spammy contributions. "The [project] core team is stretched thin enough as it is, please don't make our lives harder." Several projects had to limit who was allowed to open new issues in their repositories to try to tackle the spam.

Theme tags: Bad idea

FixedFloat exchange hacked for $26 million

The FixedFloat cryptocurrency exchange was exploited for around 409 BTC (~$21.17 million) and 1,728 ETH (~$4.85 million) for a total loss of just over $26 million. FixedFloat is a decentralized cryptocurrency exchange that doesn't require user registration or Know Your Customer, making it popular for hackers looking to launder stolen funds.

FixedFloat first wrote that they had "encountered some minor technical problems", then acknowledged that there had been a hack. FixedFloat is non-custodial, so no user funds were impacted, however some have reported frozen transactions and missing funds from using the service on social media.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Bitcoin, Ethereum
Tech tags: DeFi

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.