Web3 is Going Just Great

Resupply announced the theft shortly afterwards, and stated that they had paused the vulnerable contract.

Resupply is a fairly new project, having officially launched on March 20 — about three months before the exploit.

Aza Ventures was initially hesitant to name the scammer, hoping they could pressure the scammer to return the stolen funds, but later reports quickly named Self Chain founder Ravindra Kumar as the alleged culprit. Kumar posted on June 19, "I've been accused of serious wrongdoing, which is completely false."

On June 23, Self Chain announced that they had terminated Kumar as CEO "due to recent developments that diverge from the founding vision".

zachxbt noted that Nieves seems to have a gambling problem, depositing much of the stolen funds into crypto gambling websites. "You’ll see onchain how casino deposits get smaller as he loses funds," wrote zachxbt. "Recently this escalated to the point where he started stealing cuts from accomplices." He also appears to have used some of the stolen funds on luxury goods, including a Corvette and expensive watches.

Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions. The cyberattack comes shortly after Israel launched air strikes on Iran.

Meta Pool acknowledged the theft in a post shortly after the exploit was noticed by a blockchain security firm, and announced that the team had paused the project's smart contract.

ALEX announced they would reimburse stolen user funds.

This is the second exploit affecting ALEX Labs, after a thief stole around $2 million in May 2024.

The theft was originally noticed by crypto sleuth zachxbt, who observed a suspicious transfer of around $11.5 million in crypto assets on May 8. The funds sold on decentralized exchanges and then laundered through various cryptocurrency mixing services.

BitoPro originally only told customers that the platform was offline for "maintenance", but disclosed the theft on June 2 after zachxbt published his findings.

Cork had been audited in whole or in part by four different security firms. The project's funders include Andreessen Horowitz, OrangeDAO, and Steakhouse Financial, and Cork is a part of Andreessen Horowitz's Crypto Startup Accelerator.

This led some to question how decentralized the project truly is if the funds can be frozen in such a way.

Sui validators later voted to return the frozen assets to the Cetus project. Cetus also announced that users would be fully compensated, and that they would cover the $60 million gap with project treasury funds and a loan from the Sui Foundation.

Then, on May 12, the project posted a warning that the website for the Curve frontend was "hijacked" in an apparent domain takeover.

This is not the first such compromise for Curve, which suffered a frontend compromise in August 2022 that resulted in $620,000 in losses (later recovered with the help of some exchanges).

It wasn't long, however, before people began to speculate that Yu had faked his death. Wonderland CEO Daniele Sestagalli published a letter he said he had privately received from Yu, where he confessed to faking his death and described it as his "only viable exit from persistent harassment, blackmail, and threats". Others noted that wallets belonging to Yu had been cashing out $ZEREBRO tokens priced at around $1.3 million.

Reporters from the San Francisco Standard ultimately located Yu at his parents' house, where he was "agitated and shocked that he had been found after some routine internet searches", and "declined to talk about the false report of his death or how he may have benefited financially from it."

ZK Sync offered a 10% "bug bounty" to the thief, who accepted and returned 90% of the stolen funds.