Altogether, an estimated $1.7 million was moved through various services to obfuscate the flow of funds.
Wallets linked to Sam Bankman-Fried's Alameda Research unexpectedly begin selling off $1.7 million in tokens
3Commas did not come off looking very good after this incident, after they spent weeks denying any breach and accusing those who were concerned 3Commas had been compromised of spreading misinformation and "FUD".
Researcher zachxbt wrote that he had verified 44 victims who had lost a combined $14.8 million due to the leak, although he acknowledged that this was only the number of people he could verify and that the total number of people affected was likely much higher.
Users with assets on the platform will see a significant haircut in what they are allowed to withdraw. Midas intends to keep 55% of the Bitcoin, ETH, or stablecoins held by users in their accounts, as well as any rewards users had earned.
Lest the users be too upset that more than half of their assets no longer belong to them, fear not: Midas will be making up the difference in a new, valueless token that does not yet exist, but that will be associated with some future project that Midas has not described yet. You're welcome!
They've also announced they will be pivoting to "CeDeFi". Yes, that is indeed short for "centralized decentralized finance". No, I am not joking.
It quickly became apparent that a man named Avraham Eisenberg was behind the exploit. In screenshots leaked from a conversation in a private Discord channel shortly before the attack, Eisenberg talked about the exploit he had planned. "I'm investigating a platform that could maybe lead to a 9 figure payday. Should I do it?" he wrote. When someone replied, "unles[s] it is highly illegal", Eisenberg responded: "Are there rules these days?" When someone suggested responsibly disclosing the vulnerability to the protocol, Eisenberg refused, saying the bug bounty was likely to be too small.
Eisenberg later owned up to the attack, tweeting a thread in which he wrote that he "was involved with a team that operated a highly profitable trading strategy last week. I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are."
The feds apparently disagreed with his evaluation, and arrested Eisenberg in Puerto Rico on December 26. He is charged with commodities fraud and commodities manipulation.
BTC.com is the seventh largest Bitcoin mining pool, which also operates other crypto mining services. Its parent company, BIT Mining, is publicly traded on the NSYE.
- "Bitcoin mining pool BTC.com reports $3M cyberattack", Cointelegraph
- "BIT Mining Limited Subsidiary Experiences Cyberattack", press release
BitKeep has claimed that attackers were able to compromise a version of their software and introduce malicious code which enabled them to drain user funds. BitKeep recommended their users contact the team behind BNB Chain on social media to plead with them to freeze an address used by the hackers, although the attackers had already begun to tumble the funds.
This is the second BitKeep-related hack in the last few months. In October, hackers stole more than $1 million worth of BNB when the Swap feature of the BitKeep wallet was exploited.
Rubic paused their project to limit further thefts, and stated they would pursue audits before coming back online. They also stated that they would "strive to compensate for the losses".
Now, Hong Kong police have arrested Liang Haoming and Thor Chan, two executives connected to AAX. Police have reportedly accused the men of using the maintenance excuse to halt customer withdrawals while dealing with a liquidity crisis.
- "2 executives of crypto exchange AAX arrested in Hong Kong: Report", CoinTelegraph
- "虛擬貨幣交易平台AAX倒閉 警拘兩男涉欺詐 主腦捲2.3億潛逃海外", 香港01 (in Chinese)
Observers were quick to notice that the "hack" was made possible by the addition of a fake collateral token, which was then manipulated to liquidate the protocol's users, suggesting the "hack" was likely an inside job.
On December 26, Defrost claimed that the "hacker" had miraculously returned the money. The announcement didn't seem to convince the project's users, who left comments like, "It was never hacked. You tried to rug your users".
Defrost Finance's team had previously run a project called FinNexus, which also suffered a "hack" in May 2021 that was widely believed to have been a rug pull.
Now, it seems that The Pokémon Company International (TPCI) is doing something about it. They hired private investigators to try to locate and serve a company called Kotiota with legal papers, though ultimately were unsuccessful in finding their offices or any employees.
Kotiota was engaged in unusually brazen Pokéfraud, sending legal letters to news outlets who had written about the real Pokémon games and insisting they be named as a developer. Their website falsely claimed Kotiota had been working on various recent Pokémon games, and the company had even forged an agreement with TPCI to claim they had a license agreement.
Kotiota had been planning to release a Pokémon-based play-to-earn blockchain game and collection of NFTs in January 2023, but an Australian court has barred the company from doing so, and ordered them to stop using the Pokémon brand or claiming to have developed the games.