50 Cent claims his accounts were compromised to promote a memecoin

Tweet by 50cent: "Get Rich or Die Tryin! 💪🏾 Get the official $GUNIT Now"Scam tweet from 50 Cent's account (attribution)
50 Cent has claimed his Twitter account and website were hacked to promote a memecoin called $GUNIT. "I have no association with this crypto," the rapper wrote on Instagram.

50 Cent also claimed in the post that "Who ever did this made $300,00,000 in 30 minutes." It's not clear where 50 Cent got this number, because the token has only done $19.8 million in volume. One wallet made around $722,000 off the token, and three others also made over $100,000.

BtcTurk exploited for at least $55 million

The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted deposits and withdrawals while investigating, and said they are working with law enforcement.

It appears that assets notionally worth around $55 million were stolen. Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.

According to newly installed Binance CEO Richard Teng, Binance froze $5.3 million of the stolen assets.

CertiK and Kraken accuse each other of misconduct over bug report and $3 million "testing"

Prominent blockchain security firm CertiK has accused American cryptocurrency exchange Kraken of threatening them after they reported a bug. According to CertiK, they discovered a bug in the exchange software, which they tested with multiple transactions over several days. Some of these were large transactions, which CertiK said they performed to test whether Kraken had alerting in place to detect higher-value transfers. When they reported the vulnerability to the exchange, they say the exchange patched the bug, but then threatened CertiK employees and demanded they repay a "mismatched" amount of crypto allegedly taken during the testing period.

However, others have noted that the number of transactions and amount of cryptocurrency taken by CertiK while "investigating" the bug seems to far exceed the norm for whitehat security researchers, and that they took cryptocurrency amounting to millions of dollars — making their "testing" look a lot more like a blackhat theft. Furthermore, CertiK made several transfers to Tornado Cash as part of their "testing" — an entity that is sanctioned by the United States.

Kraken alleged that CertiK did not disclose the full extent of their employees' transactions, and refused to return the $3 million they had taken. They also alleged that CertiK had attempted to extort them. Kraken said they had been in contact with law enforcement, and were "treating this as a criminal case".

Ultimately, CertiK returned the funds. However, it's not clear if criminal action may be ongoing.

Holograph exploited for more than $1.2 million

The Holograph tokenization project was exploited on June 13 after they took advantage of a flaw in a smart contract that allowed them to mint 1 billion HLG tokens. Notionally worth $14.4 million at the time the tokens were minted, relatively low liquidity meant that the introduction of a billion additional tokens crashed the token price by 80%. The attacker ultimately was able to cash out around 348 ETH (~$1.2 million).

One of the addresses involved in the exploit appears to have contributed to the Holograph protocol, though it's not clear if they took advantage of insider knowledge to pull off the heist.

UwU Lend re-enables protocol after hack, immediately gets hacked again

After suffering a $20 million loss in a June 10 hack, the UwU Lend defi lending protocol has now seen another $3.7 million in suspicious outflows only days later. Although UwU Lend paused the protocol after the attack, they re-enabled it on June 12, claiming to have identified and resolved the vulnerability. This apparently wasn't the case, given the same attacker quickly repeated their exploit.

UwU Lend was created by Michael Patryn, aka Omar Dhanani, aka "0xSifu", who has been behind several cryptocurrency projects that have suffered major exploits. This is not exactly helping concerns among some observers that perhaps Sifu is the common denominator in these suspicious losses.

Phishing scammers impersonate Andreessen Horowitz employee to drain crypto wallets

DMs from a person impersonating Peter Lauten:
Impersonator: "hi 👋"
Victim: "Hello Peter"
Impersonator: "It's great connecting with you here. I'm from @a16z, and we're on the lookout for compelling stories in the web3 space for our "My First 16" podcast. We love diving into the early stages of innovative projects - the ups, the downs, and everything in between."Messages from a scammer impersonating Peter Lauten (attribution)
Attentive phishers noticed when Andreessen Horowitz partner Peter Lauten changed his Twitter username from @peter_lauten to @lauten, and snapped up the previous username. They then began contacting various targets in the cryptocurrency world, asking to set up meetings to arrange appearances on the venture capital firm's crypto podcast.

The scammers followed a familiar playbook in which they asked their targets to download video call software called "Vortax", which was actually wallet draining malware. However, these scammers had a leg up on some others who have been running that scheme: the Andreessen Horowitz website still listed Lauten's old username on their website, giving even skeptical victims some reassurance that the account was legitimate.

According to crypto sleuth zachxbt, who first reported on this incident, one victim lost $245,000 when his wallets were drained by the malware.

UwU Lend suffers almost $20 million hack

The defi lending protocol UwU Lend was hacked for around $20 million. After various blockchain security firms observed suspicious outflows of funds, the protocol acknowledged there had been a "situation" on their Twitter account, and wrote that they had paused the protocol while they were investigating.

UwU Lend was founded by Michael Patryn, aka Omar Dhanani, aka "0xSifu" — a co-founder of the ill-fated QuadrigaCX exchange and ex-con. He also pseudonymously ran the defi cryptocurrency project Wonderland until his identity was revealed after the protocol suffered a meltdown.

Loopring's "most secure" wallet hacked for at least $5 million

Although Loopring markets its wallet application as "Ethereum's most secure wallet", that's evidently a pretty low bar. They disclosed that they had suffered a breach in their wallet recovery service, which allows individuals to designate trusted entities to recover assets or freeze compromised accounts. An attacker was able to "recover" assets from wallets that had only designated a single Loopring guardian, pilfering at least $5 million.

Loopring announced that they had suspended their account recovery operations, and were working with law enforcement to trace the attackers.

New York Attorney General sues over $1 billion NovaTech and AWS Mining crypto pyramid schemes

Cynthia and Eddy Petion, with a car behind them printed with the NovaTech brandingCynthia and Eddy Petion (attribution)
The New York Attorney General’s office has sued Cynthia and Eddy Petion over two allegedly fraudulent cryptocurrency pyramid schemes called AWS Mining and NovaTech. They particularly targeted victims of Haitian descent, promoting their schemes in Creole, leveraging their victims’ religion, and promising them “financial freedom” and “freedom from the plantation”.

In reality, the schemes were pyramid schemes in which investors earned crypto for recruiting others to buy in. NovaTech also used the funds from newer investors to pay out the supposed “returns” from the investment scheme, in a classic Ponzi fashion. From August 2019 – April 2023, victims deposited more than $1 billion into NovaTech. Though it was described as a trading operation, only about $26 million ever went into crypto trading.

In June 2022, the couple secretly sold their Florida house and moved to Panama, while continuing to pretend they were in the state. Speaking to another operator of the scheme, Cynthia Petion advised: “leave the country…they can’t serve you if they can’t find you lol.”

Blockchain developer loses over $48,000 after posting private key to Github

A blockchain developer posted on Twitter that he had lost almost $50,000 after his cryptocurrency wallet was drained. He explained that he had been working on a software project on Github in a private repository that contained his wallet's private key. In order to apply for a funding grant from the Optimism project, he had to make the repository public. However, he forgot that the secret key was in the repository.

Generally, it is very bad practice to store sensitive secrets in Github, even when projects are set to private.

"Got drained of everything," he wrote on Twitter. A commenter asked how long it took for the attacker to steal the money after the private key became publicly visible. "2 min", he replied.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.