Onyx apparently didn't learn their lesson the first time around, when they were exploited for $2 million in November 2023 by an attacker taking advantage of a known vulnerability affecting empty markets on the protocol. This same bug seems to have contributed to this exploit, although Onyx has claimed the hack was due to a separate vulnerability in an NFT liquidation contract.
Onyx hacked for $3.8 million via the same exploit used against them less than a year ago
Truflation hacked for around $5 million
Truflation is a blockchain-based project that provides economic data including inflation rates and asset valuations. The platform has been backed by Coinbase Ventures, Chainlink, and others.
OpenAI Twitter account once again hacked and used to promote scam token
This latest hack is only the latest in a slew of Twitter account compromises "announcing" a scam token. Over a year, OpenAI CTO Mira Murati had her account hacked to promote an "$OPENAI" token. Three months ago, accounts belonging to chief scientist Jakub Pachocki and researcher Jason Wei were hacked and used to post the same scam as today.
Shezmu hacked for almost $5 million, negotiates bounty
Shortly after the attack, Shezmu offered a 10% "bounty" for the return of the funds. The attacker responded that they would only consider a 20% bounty. Shezmu agreed to the terms, and announced to their followers that they had achieved a recovery from the "white hat" hacker.
BingX hacked for $52 million
Some accused the exchange of trying to cover up the theft by announcing "temporary wallet maintenance" without disclosing that a theft had occurred. The team later announced that "there has been minor asset loss", and stated that the lost funds would be restored out of the company's capital.
Around $10 million of the stolen assets were frozen during recovery efforts after the theft.
Germany seizes 47 cryptocurrency exchanges reportedly used by ransomware groups
Websites for these exchanges now show notices announcing a law enforcement operation called "Operation Final Exchange". The page announces to visitors "This was your final exchange!", and in a letter addressed to "ransomware affiliates, botnet operators and darknet vendors", warns that authorities are now working to trace the illicit users of the exchange.
- "Germany seizes 47 crypto exchanges used by ransomware gangs", BleepingComputer
Almost $2 million taken from users of Telegram "Banana Gun" crypto trading bot
Banana Gun acknowledged the attack on Twitter and shut down the bot. They posted that they did not believe their backend was compromised, and stated that they believed the attack occurred via a "front-end vulnerability" — though it was not clear what this might have referred to.
- "Telegram bot Banana Gun’s users drained of over $1.9M", CoinTelegraph [archive]
Arrests made after $243 million stolen from one individual in Gemini phishing attack
The FBI raided a luxury home in Miami in connection to the theft, and arrested two men in their early twenties. Authorities worked with crypto investigators including zachxbt to trace the stolen funds.
Rari Capital settles with the SEC
The company and co-founders will pay fines, and the individuals will agree to five-year bans from serving as officers or directors.
The regional SEC director stated, "We will not be deterred by someone labeling a product as 'decentralized' and 'autonomous'," alluding to crypto firms' tendencies to try to skirt securities regulations by claiming to be "decentralized".
Rari has featured on Web3 is Going Just Great before, when they were exploited for around $80 million in April 2022 and when they were exploited for around $15 million in May 2021. The project effectively wound down soon after the second theft.
- "SEC Charges DeFi Platform Rari Capital and its Founders With Misleading Investors and Acting as Unregistered Brokers", U.S. Securities and Exchange Commission [archive]
Ethena website compromised
They later were able to deactivate the website and regain control of the domain. "Remember scammers are always chasing you," they wrote on Twitter.