...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
It appears the attacker was able to gain access to the smart contract admin key, which gave them the ability to upgrade the contracts to enable malicious functionality.
OKX announced that they would reimburse the losses, and pursue legal action against the exploiter.
KuCoin has admitted to allowing New Yorkers to trade securities and commodities on the platform, and representing themselves as an "exchange" without having registered as such.
In addition to paying the fine, KuCoin has agreed to shut down all New Yorkers' accounts in the coming months and prevent residents of the state from signing up for new accounts.
Because there was not sufficient liquidity for such a large trade at the going price, the trade was ultimately fulfilled, but at a 63% loss. Before the trade, that quantity of tokens was priced at around $2.28 million; however, Yearn received only around $780,000 in stablecoins because of the slippage.
Yearn quickly identified the issue and embarked on a campaign to ask nicely for the counterparties in the trade to please give some of their profits back. In on-chain messages, Yearn wrote: "one of yearns multisigs made a costly mistake last night that affected a critical source of yCRVs liquidity. we identified you as having made a profit off of this and are kindly requesting that you return as much as you see reasonable to yearns main multisig: ychad.eth. sorry we have to ask this, but hope you can understand." Doesn't hurt to ask, I guess. So far, only one wallet has taken them up on the offer, returning 2 ETH (~$4,400).
After tracing the attacker's attempts to launder the money through Tornado Cash and then obfuscate that it had come from the mixing service (something that raises flags at some exchanges), zachxbt observed the funds go to a broker of Magic: The Gathering based in the United States. Altogether, the hacker appeared to be spending millions on starter decks, alpha sets, and sealed boxes — often overpaying by 5-10%. These items routinely sell for hundreds or thousands of dollars.
The thief is probably a creative money launderer rather than an massive MTG fan, and is probably reselling the cards to further obscure the source of the money. Then again, MTG is more than a little addictive.
Kwon filed a last-ditch appeal of the extradition decision on December 6. A decision is scheduled on the matter by December 15. Milovic is unlikely to publicly announce Kwon's extradition destination until then.
Both South Korea and the United States have sought Kwon's extradition on criminal charges related to the Terra/Luna scheme. Federal prosecutors in the Southern District of New York indicted Kwon on eight fraud and market manipulation charges in March 2023. He and his company also face a civil lawsuit from the Securities and Exchange Commission.
Binance announced a compensation plan for users who purchased the token during an eligibility period and who were unable to resell, in an apparent attempt to placate the angry traders who accused Binance of "scamming" them by halting trading.
AEUR was issued by Anchored Coins, a Swiss stablecoin issuer.
Meanwhile, the founder of the Nostr social media platform has accused Nostr Assets of being an "affinity scam" by falsely suggesting in their platform name and $NOSTR token naming they are affiliated with the Nostr project. Nostr Assets has described the allegations as "unfounded", saying that their use of the Nostr network means the name is "pertinent", and suggesting that Nostr's founder has no basis to dictate who can use the Nostr name as it is a decentralized and open source project.
Robb, also known as "pokerbrat2019", convinced at least 11 people to give him a total of $1.2 million, which he said he would use to develop various MEV bots. Instead of doing so, he pocketed the money, offering a litany of excuses for why the project was continually delayed.
Robb had previously been convicted of a $4 million scam in 2002 after soliciting funds for an online gambling platform, instead using the money to buy a car and fund his own gambling.
Projects relying on these pre-built smart contracts will have to lock the old contract and deploy new ones, then provide new versions of tokens via airdrop or a claim page — a fairly disruptive process.
Major NFT marketplace OpenSea issued a statement that they were working with ThirdWeb about a vulnerability "impacting some NFT collections". Rarible also stated that some NFT collections on their platform were affected, including some on the Polygon sidechain. Coinbase and Base also disclosed that some projects on their platforms were vulnerable. Projects by groups including Cool Cats and Mocaverse will need to be migrated.
According to research group ScamSniffer, the attacker has stolen at least $5 million from at least 21 victims in the past four months.
No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.
