Curve Finance, a prominent decentralized finance (DeFi) protocol, is offering a bug bounty reward to anyone who can help identify the exploiter behind a significant incident that drained more than $61 million from its pools on July 30.
Several other protocols affected by the attack have also contributed to the bounty, amounting to over $6 million, in the hopes of encouraging the hacker to come forward.
Recently, the attacker responded to the bug bounty offer on August 3 by returning some of the stolen assets to Alchemix and JPEGd.
However, the hacker did not complete refunds to other affected pools. With the deadline for voluntary returns passed, Curve Finance is now extending the bounty to the public.
The reward stands at 10% of the remaining exploited funds, which currently amounts to $1.85 million USD.
The bounty will be awarded to anyone who can identify the exploiter in a way that leads to their conviction in the courts.
Nevertheless, if the exploiter chooses to return the funds in full, the matter will not be pursued further.
Prior to returning the funds, the attacker left a message seemingly directed at the Alchemix and Curve teams.
In the message, the exploiter claimed to be refunding not out of fear of being caught, but rather to avoid damaging the projects involved.
The attack took place on July 30 and involved the exploitation of vulnerabilities in vulnerable versions of the Vyper programming language through reentrancy attacks.
This led to the drainage of substantial amounts of cryptocurrencies from Curve’s pools, including $13.6 million from Alchemix’s alETH-ETH, $11.4 million from JPEGd’s pETH-ETH, and $1.6 million from Metronome’s sETH-ETH.
The incident exposed weaknesses in various DeFi projects and triggered widespread efforts to recover the stolen funds throughout the DeFi ecosystem over the past week.
In conclusion, Curve Finance is actively seeking to identify the responsible party behind the significant exploit that resulted in substantial losses from its pools.
They are offering a substantial bug bounty reward to incentivize anyone with pertinent information to come forward and help bring the attacker to justice.
The incident has raised awareness of the vulnerabilities present in DeFi projects and spurred efforts to enhance security measures across the ecosystem.
Other Stories:
U.S. Senators Call for Crackdown on North Korea’s Cryptocurrency Funding of Nuclear Program
Latvia Sees Decline in Crypto Asset Purchases Amidst Concerns Over Fraud and Money Laundering
Coinbase CEO Affirms Commitment to US Amid Regulatory Uncertainty
On August 1, the Chamber of Digital Commerce (CDC), a prominent blockchain and digital assets advocacy organization in the United States, released a detailed report focusing on the U.S. Securities and Exchange Commission’s (SEC) lawsuit against Ripple.
The report, titled “SEC v. Ripple Ruling: Impact and Analysis,” thoroughly analyzes the case’s outcome and highlights its significant implications for the future of the cryptocurrency industry.
One crucial aspect of Judge Analisa Torres’s ruling, as outlined in the report, is the establishment of a crucial precedent that distinguishes between an investment contract and the underlying asset.
The report delves into Torres’s classification of Ripple’s XRP token distributions into three distinct categories: institutional sales, programmatic sales, and other distributions.
By applying the Howey test, the judge sought to determine whether these distributions constituted an offer and sale of investment contracts.
The CDC expressed its contentment with the ruling, which was in line with their amicus brief supporting Ripple. Perianne Boring, the CEO, and founder of the CDC emphasized the ruling’s importance in setting a precedent for future legal encounters within the crypto industry.
She underscored the significance of establishing a balanced playing field in the digital asset sector and the organization’s dedication to advocating for policies that support the United States’ leadership in the digital economy.
READ MORE: Chamber of Digital Commerce Publishes Impactful Analysis on SEC’s Ripple Lawsuit
However, while the ruling was seen as a positive step towards logical crypto regulations, the CDC firmly believes that definitive regulatory clarity can only be achieved through effective legislation enacted by Congress.
The CDC acknowledged the introduction of several blockchain and digital asset regulatory bills in both the U.S. House and Senate.
However, the report also expressed uncertainty about the potential enactment of these bills, mainly due to constraints posed by the legislative calendar.
Despite the challenges, the CDC remains committed to advocating for a comprehensive legal framework for digital assets.
Such a framework would create a conducive environment for digital asset product launches and foster innovation in the crypto industry.
In a previous instance, the CDC accused the SEC of overstepping its authority and unfairly labeling crypto assets as securities in its insider trading case against former Coinbase employees.
In conclusion, the CDC’s report on the SEC’s lawsuit against Ripple sheds light on the significance of the ruling’s impact on the cryptocurrency industry.
The report emphasizes the need for a balanced regulatory environment and effective legislation to bring about clarity in the digital asset sector.
The CDC continues to play a vital role in advocating for a comprehensive legal framework that supports innovation and growth in the burgeoning world of digital assets.
Other Stories:
JPEG’d DeFi Protocol Recovers $10 Million in Stolen Crypto After Hacker Returns Funds
Bitcoin’s Hodl Strategy Outperforms Crypto Funds by 68.8% in H1 2023
Elon Musk Puts Rumors to Rest: X Has No Plans to Launch Crypto Tokens
The FBI has issued a warning about the growing threat of criminal actors exploiting social media platforms to deceive users in the nonfungible token (NFT) and cryptocurrency space.
The scams involve hijacking legitimate NFT developer accounts or creating fake accounts that closely resemble authentic ones to promote fraudulent NFT releases.
The fraudulent posts often utilize phrases like “limited supply” and present promotions as “surprise” or unannounced mint events, aiming to create a sense of urgency among potential victims.
The scammers include phishing links in these announcements, directing unsuspecting users to spoofed websites that appear to be genuine extensions of particular NFT projects.
Upon visiting these scam websites, victims are prompted to connect their wallets to claim or purchase NFTs.
However, the wallets are connected to drainer smart contracts, leading to a loss of funds or assets for the individuals.
While this is one common method of scamming, there are other ways in which people can fall victim to such attacks even without directly connecting their wallets to suspicious websites.
In one incident, a user mistakenly clicked on a spoof LooksRare NFT marketplace website and did not connect their hot wallet, yet they lost over $300,000 worth of NFTs.
READ MORE: Bitcoin’s Hodl Strategy Outperforms Crypto Funds by 68.8% in H1 2023
The fake website was even promoted as a paid ad at the top of Google’s search results, highlighting the ongoing issue with such scams on the search engine.
There have been reports of other significant losses, including someone losing $446,000 worth of Bitcoin, Ether, and Pepe tokens to a phishing link.
The scams appear to be orchestrated through a Pink drainer address, and two fake airdrop links promoted by hijacked accounts on Avalanche and QwQiao.
To protect themselves from these scams, the FBI has outlined several tips for individuals in the NFT and crypto community.
It advises users to thoroughly research and vet any opportunities, especially surprise NFT drops or giveaways, before clicking on links.
Additionally, people should double-check website URLs and account names for any discrepancies to avoid falling prey to impersonators.
In conclusion, the FBI has issued a cautionary statement to raise awareness of the growing threat posed by criminals exploiting social media to deceive NFT and cryptocurrency users.
By staying vigilant and following the recommended precautions, individuals can protect themselves from falling victim to these sophisticated scams.
Other Stories:
Chamber of Digital Commerce Publishes Impactful Analysis on SEC’s Ripple Lawsuit
JPEG’d DeFi Protocol Recovers $10 Million in Stolen Crypto After Hacker Returns Funds
Elon Musk Puts Rumors to Rest: X Has No Plans to Launch Crypto Tokens
Robinhood, the popular trading platform, announced its second-quarter results, marking a significant achievement of turning profitable for the first time since going public.
Despite a decline in revenue during the second quarter of 2023, the company managed to report a net income of $25 million and earnings per share (EPS) of $0.03.
This is in stark contrast to the first quarter of the year when they had incurred a net loss of $511 million and an EPS of -$0.57.
The drop in revenue was notable in several transaction-based sources. Revenue from cryptocurrency transactions decreased by 18% to $31 million, while options and equities revenue also witnessed declines of 5% to $127 million and 7% to $25 million, respectively.
Over the past year, the company’s revenue has experienced an overall decrease of 4%, going from $202 million in June of the previous year to $193 million.
Despite the revenue dip, Robinhood managed to improve its total operating expenses, leading to its profitable Q2 results.
The earnings before interest, taxes, depreciation, and amortization (EBITDA) saw a remarkable 31% sequential increase, reaching $151 million, with a corresponding margin gain of five percentage points, reaching 31%.
EBITDA is a crucial metric used by analysts and investors to gauge a company’s operational performance within its industry.
READ MORE: U.S. Judge Denies Motion to Dismiss SEC Lawsuit Against Terraform Labs
Robinhood’s total assets under custody experienced a 13% growth, reaching $89 billion in the last quarter. The increase was attributed to higher equity valuations and consistent net deposits.
Moreover, the company showed promising progress in its crypto assets under custody, which grew from $8.431 billion in December 2022 to $11.503 billion in June 2023.
Vlad Tenev, the CEO and co-founder of Robinhood Markets, expressed his satisfaction with the achievement, stating, “In Q2, we reached a significant milestone by achieving GAAP profitability for the first time as a public company.”
GAAP stands for Generally Accepted Accounting Principles, representing standard accounting principles and guidelines used by companies for financial reporting.
The report revealed that Robinhood’s net deposit for the quarter amounted to $4.1 billion, reflecting an annualized growth rate of 21% concerning assets under custody in Q1 2023.
Additionally, the net deposits over the past 12 months amounted to $16.1 billion, indicating a growth rate of 25% over the course of a year.
Overall, despite the drop in revenue from certain transactions, Robinhood’s second-quarter results marked a significant turning point, as they successfully achieved profitability and demonstrated positive growth trends in various aspects of their business operations.
Other Stories:
Decentralized Exchange on Coinbase’s Base Network Pauses Trading Amidst Concerns of Exploit
Binance CEO CZ Unveils Plan to Launch Smaller Algorithmic Stablecoins
IRS Issues New Ruling: U.S. Crypto Investors Must Report Staking Rewards as Gross Income
The United States Securities and Exchange Commission (SEC) is moving forward with its lawsuit against Terraform Labs, as a U.S. judge overseeing the case denied the firm’s motion to dismiss on July 31.
This legal battle began on February 16 when the SEC filed a suit against Terraform Labs and its founder, Do Kwon, accusing them of orchestrating a multi-billion dollar crypto asset securities fraud.
Terraform Labs’ legal representatives tried to have the case dismissed in April, followed by additional materials supporting their motion in June.
Judge Jed Rakoff of the Southern District Court of New York reviewed the arguments and found that, for the purpose of this motion, all well-pleaded allegations must be taken as true, and all reasonable inferences must be drawn in favor of the SEC.
Terraform Labs had argued that the SEC lacked jurisdiction over the company and its founder.
They also contested the agency’s classification of tokens like Mirror Protocol (MIR), Terra Classic (LUNC), and TerraUSD Classic (USTC) as securities.
Terraform Labs further suggested that the SEC should wait for Congressional action on crypto regulation.
However, Judge Rakoff rejected the claim that the SEC lacked the authority to regulate crypto tokens without Congressional authorization.
READ MORE: Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset
He also disagreed with Terraform Labs’ reliance on the “Major Questions Doctrine.”
The judge extensively analyzed the Howey test, an important legal framework for determining whether an asset qualifies as a security.
He emphasized that no formal contract is necessary to meet the Howey test, and tokens themselves may be considered securities in court arguments.
Furthermore, Judge Rakoff rejected the idea of distinguishing between tokens like MIR and LUNA based on their manner of sale.
This rejection contrasts with a similar case involving Ripple Labs Inc., where another judge had drawn such a distinction.
The Ripple case involved the SEC’s claim that XRP was not a security when sold on the secondary market, which was partially accepted, providing Ripple with a partial win.
With Judge Rakoff’s ruling, the SEC’s case against Terraform Labs continues, indicating that the court is not following the same approach as in the Ripple case.
This ruling might have implications for future cases involving crypto assets and could set a precedent for the SEC’s regulation of the crypto industry.
Other Stories:
SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market
BNB Smart Chain (BSC) Hit by Copycat Attacks
Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal
The cryptocurrency market experienced its most challenging month in 2023, as revealed by a report from Web3 outlet De.Fi, shared with Cointelegraph.
Losses in July amounted to a staggering $486 million, surpassing the total losses from the entire year of 2022 by more than six times.
This alarming trend followed a series of high-profile hacks and exploits that occurred during the month, accompanied by a flurry of legislative activity surrounding the regulation of cryptocurrency and digital assets.
Unfortunately, the recovery efforts for the stolen funds proved insufficient, with only $6.15 million, representing a mere 1% of the total stolen amount, successfully reclaimed.
Researchers at De.Fi expressed their concern over the lack of effective measures to quickly recover lost funds.
They emphasized the critical role played by the cryptocurrency sector in recuperating stolen or lost assets, stating that it is vital in mitigating the adverse effects of such unfortunate incidents.
The report highlighted that the majority of the losses originated from the Ethereum network, accounting for $447 million lost across 36 cases.
Notable incidents included the Multichain hack, which resulted in $231 million in losses, and the Alphapo exploit, causing approximately $100 million in damages.
Following Ethereum, the network with the next highest losses was Base, where a single case led to $23 million being lost.
Binance took third place, reporting a loss of nearly $11 million across 18 cases.
READ MORE: BNB Smart Chain (BSC) Hit by Copycat Attacks
The report attributed the primary cause of the losses in July to “access control issues,” accounting for a significant portion of the funds lost at $364 million.
Additionally, there were over 38 reported cases of “rugpulls,” resulting in approximately $36 million in losses, and reentrancy attacks led to around $78 million in damages.
Despite the concerning statistics, there was a glimmer of positive news in the report:
July saw no reports of exit scams, providing a ray of hope amidst the otherwise bleak scenario.
The De.Fi team’s report underscored the urgency for improved security measures, regulatory efforts, and robust recovery strategies within the cryptocurrency space.
Without prompt and effective action, the market’s vulnerability to hacks and exploits may continue to exacerbate losses and hinder its overall growth and stability.
Other Stories:
Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset
SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market
Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal
Curve Finance, the decentralized finance (DeFi) protocol, is facing another challenge in addition to recovering from a recent $47-million hack. Concerns have arisen among holders of the protocol’s token regarding a potential massive dump.
On August 1, Delphi Digital, a crypto research firm, revealed in a Twitter thread that Curve Finance founder Michael Egorov had taken loans backed by a significant portion of the circulating supply of Curve DAO (CRV).
These loans amount to around $100 million and are secured by 427.5 million CRV tokens.
One of the loans, on Aave, involves 305 million CRV supporting a 63.2-million Tether (USDT) loan.
Delphi Digital noted that if the CRV token’s price were to drop by 36%, the position could be liquidated at $0.3767, which is below the current trading price of CRV at approximately $0.5975.
On Frax Finance, Egorov holds 59 million CRV supporting a debt of 15.8 million Frax (FRAX).
The loan carries additional risks due to Fraxlend’s time-weighted variable interest rate, which doubles every 12 hours when the loan is at 100% utilization.
The interest rate can reach an alarming 10,000% in just 3.5 days, making liquidation a possibility regardless of the CRV token’s price.
To mitigate these risks, Egorov has been working to reduce the debt and utilization rate by paying 4 million FRAX in the last 24 hours.
However, users have been quick to withdraw their liquidity as soon as Egorov makes payments.
READ MORE: BNB Smart Chain (BSC) Hit by Copycat Attacks
To address this liquidity issue, Egorov implemented a Curve pool to incentivize liquidity in the lending market.
Within four hours of its launch, the pool attracted $2 million in liquidity and decreased the utilization rate from 100% to 89%.
The situation has drawn comparisons to FTX founder Sam Bankman-Fried using FTX Token (FTT) as collateral and raised concerns within the community, with some fearing that it could hinder the DeFi industry’s progress and discourage potential investors.
Cointelegraph attempted to reach out to Egorov for comment, but there was no immediate response.
In summary, Curve Finance’s CRV token holders are now facing worries about a potential massive token dump due to the significant loans taken by the protocol’s founder, backed by a substantial amount of CRV tokens.
Efforts are being made to manage the risks, but the situation has drawn attention and concern from the crypto community.
Other Stories:
2023 Ranking: 4 Best Crypto Projects To Buy
SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market
Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset
A zero transfer phishing attack recently orchestrated by a scammer resulted in the theft of $20 million worth of Tether (USDT) on August 1.
The incident unfolded when the scammer managed to get hold of 20 million USDT from the victim’s address, which was identified as 0x4071…9Cbc.
The victim intended to send the money to address 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570, but due to the scammer’s cunning manipulation, it was redirected to a phishing address, 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.
The scammer’s ploy started with the victim’s wallet receiving $10 million from a Binance account. After sending it to another address, the victim unknowingly fell prey to the scammer’s trickery.
The scammer initiated a fabricated Zero USDT token transfer from the victim’s account to the phishing address.
When the victim later attempted to transfer 20 million USDT, they mistakenly believed they were sending it to their desired address.
However, they were, in fact, transferring the amount to the scammer.
Upon discovering the scam, Tether promptly blacklisted the victim’s wallet, raising concerns about the swiftness of the issuer’s response.
READ MORE: Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset
The success of this type of phishing attack is partially attributed to the common practice among users of only checking the first or last five digits of a wallet address, rather than verifying the entire address. This oversight causes them to send assets to a phishing address unknowingly.
The mechanics of the zero transfer scam can be explained as follows: When a victim sends a certain amount of coins to an address for an exchange deposit, the attacker duplicates a similar-looking address under their control.
They then execute a transaction for zero coins from the victim’s wallet to this mimic address.
When the victim reviews their transaction history, they might mistake the phishing address for the actual deposit address and proceed to send their coins to it.
Unfortunately, such zero transfer phishing scams have become increasingly common within the cryptocurrency ecosystem over the past year.
In fact, the first known instance of this type of scam occurred in December 2022, and it has since caused losses exceeding $40 million due to various reported attacks.
In conclusion, the prevalence of zero transfer phishing attacks highlights the need for increased vigilance and awareness among cryptocurrency users.
By verifying complete wallet addresses and staying informed about emerging scam techniques, users can better protect their digital assets from falling into the hands of malicious actors.
Additionally, issuers and platforms within the crypto industry should continue to develop robust security measures to mitigate the impact of these scams and safeguard their users’ funds.
Other Stories:
BNB Smart Chain (BSC) Hit by Copycat Attacks
Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal
SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market
The BNB Smart Chain (BSC) recently experienced copycat attacks due to a vulnerability in the Vyper programming language, similar to the exploit faced by the decentralized finance (DeFi) protocol Curve Finance.
Blockchain security firm BlockSec reported on July 30 that approximately $73,000 worth of cryptocurrencies on BSC were stolen across three separate exploits.
The exploitation of liquidity pools on Curve Finance also led to significant losses, surpassing $41 million, as estimated by BlockSec.
The root cause of the vulnerability was identified as a malfunctioning reentrancy lock in Vyper versions 0.2.15, 0.2.16, and 0.3.0, which are widely used by various DeFi pools.
Since Vyper is designed for the Ethereum Virtual Machine, it is plausible that other protocols utilizing these versions might also be affected.
Following the news of the exploit, both white hat and black hat hackers engaged in on-chain activities, attempting to thwart each other’s exploit attempts or recover funds.
One individual, known as “c0ffebabe.eth,” seemed to act as a potential white hat and secured some funds for safekeeping.
READ MORE: Worldcoin’s Iris Scanning Project Raises Privacy and Sovereignty Concern
On July 30, this individual issued an on-chain message requesting affected protocols to contact them in order to arrange the return of funds.
To date, “c0ffebabe.eth” has returned nearly 2,900 Ether (ETH), equivalent to approximately $5 million, to Curve in one transaction.
Another transaction saw them moving 1,000 ETH to a seemingly newly-created wallet, likely the cold wallet mentioned earlier for additional safekeeping.
The situation has raised concerns about the security of Vyper and its implications for other Web3 projects.
Given the wide adoption of this programming language, it is crucial for developers and protocols to be vigilant about potential vulnerabilities and promptly address them to protect user funds.
In conclusion, the BNB Smart Chain faced copycat attacks due to a Vyper programming language vulnerability, echoing the exploit witnessed on the Curve Finance DeFi protocol.
The incident has underscored the importance of robust security measures in the rapidly evolving landscape of decentralized finance and serves as a reminder for projects to prioritize the safety of their users’ assets.
Other Stories:
Kyrgyzstan Expands Cryptocurrency Mining with Government Backing at Hydro Power Plant
French Data Protection Agency Investigates Worldcoin
Pro-XRP Lawyer Alleges SEC’s Actions Driven by Safeguarding Corporate Capitalism
Heartland Tri-State Bank of Elkhart, part of the ongoing crisis in the U.S. banking system, was closed on July 29 by the Kansas Office of the State Bank Commissioner, and the Federal Deposit Insurance Corporation (FDIC) took control.
The FDIC stated that on July 31, the bank’s four branches would reopen as branches of Dream First Bank during regular business hours.
Depositors of the failed bank would become customers of Dream First Bank, and all transactions, including withdrawals, deposits, and loans, would be processed through the acquiring bank.
Customers were advised to use their existing branch location until the transition was complete.
This collapse marked the second bank crisis of the week, following the merger of PacWest and Banc of California on July 25, as both institutions attempted to stabilize amid the turmoil in the banking industry.
Rising U.S. interest rates and poor risk management were believed to be the primary reasons behind the bank’s failure, alongside the inflation surge.
READ MORE:Revealed: The Best Crypto Marketing & PR Agency
The U.S. Federal Reserve had raised its benchmark rate to 5.25% in July, the highest rate since 2007, in an attempt to tackle inflation, which reached 4.1% year-over-year in June.
As of March, Heartland Tri-State Bank held approximately $139 million in total assets and $130 million in total deposits.
Dream First Bank agreed to purchase all the assets of the failed bank, with the FDIC estimating that the cost to the Deposit Insurance Fund (DIF) would be $54.2 million.
The DIF, created in 1933 by Congress and managed by the FDIC, aims to protect deposits in the nation’s banks.
The FDIC noted that Dream First Bank’s acquisition was the least costly resolution for the DIF compared to other alternatives.
In response to the recent failures at major banks, Democrats in the House Financial Services Committee introduced several bills in June aimed at strengthening the safety and soundness of the banking system and enhancing bank executive accountability.
Representative Maxine Waters emphasized that Congress must take action to address these failures promptly.
The collapse of Heartland Tri-State Bank follows the troubled First Republic Bank’s acquisition by JPMorgan in May and the dramatic collapse of Silicon Valley Bank in March, both of which had caused significant disruptions in the U.S. banking system.
These events underscore the urgency of addressing the challenges faced by financial institutions and the need for measures to stabilize the banking sector.
Other Stories:
Why Didn’t Bitcoin (BTC) Enter a New Rally?
SEC and Binance Oppose Eeon’s Intervention in Crypto Exchange Lawsuit
3 Best Crypto Projects That Will Boom In 2023 & The Next Bull Run