...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
The malicious video chat software attack vector has been widely used in the crypto world, with a victim losing cryptocurrency to an attacker using the same technique and impersonating an Andreessen Horowitz partner last month.
So far, the MonoSwap attacker has laundered $1.3 million via the Tornado Cash cryptocurrency mixer.
The affected domain was hosted on Squarespace, which could connect this compromise to similar events earlier in the month affecting domains registered there.
In a stroke of luck for the RHO team, the MEV bot operator sent RHO an on-chain message indicating they were willing to return all of the funds, although they first demanded that RHO "admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."
RHO is built on the Scroll Ethereum layer-2 network. Scroll temporarily paused the chain as RHO investigated the loss.
WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.
WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.
Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users.
"Can't believe @Trip a multibillion company is also a rugged project," wrote one person in response to the shutdown announcement.
Unsurprisingly, the project turned out to be a pyramid scheme. On June 25, the Philippines SEC issued a warning, noting that the project was not registered with them, and that it "has the characteristics of a 'Ponzi scheme'". Shortly afterwards, Metamax deleted their Twitter account, and shut down victims' online access to their accounts.
Local news estimated that the scheme affected around 15,000 victims, mainly in Cyprus and Greece. Three people have been arrested in connection to the scheme, including a retired Cypriot police officer. One of the suspects turned himself in to police, claiming that he himself was a victim of the scam, and that he believed his life was in danger as he was being threatened by Metamax victims. Days later, a bomb was detonated near a home he once rented.
Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.
Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.
No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.
