Issue 6 – Vanity is often the unseen spur
Four hacks in one day, Gary Gensler v. Kim Kardashian, and a CNN rug pull
You may notice while reading this that I’ve reorganized a bit!
I’ve reordered some of the sections and removed some others, as I try to refine the right layout of things here and trim down what is sometimes an overlong newsletter. I’m considering publishing the crypto recaps separately from everything else, in two separate newsletters that would come more frequently. As always, feedback and thoughts welcome!
It has been a busy week in crypto.
In the courts
Checking in on the Celsius bankruptcy case: Celsius published a more than 14,000-page document containing a list of every Celsius user and all their transactions from the previous 90 days. Some people were less than enthused at the idea of being “doxed” in this way—particularly given that transaction amounts can in some cases be cross-referenced to connect real individuals to their crypto wallet addresses. I initially thought the disclosure was inadvertent, and that the document was meant to be sealed, but it turns out the bankruptcy judge required this public disclosure and only permitted the redaction of individual users’ home addresses. When I wrote “Anonymous cryptocurrency wallets are not so simple”, I can’t say I quite predicted this specific scenario.
These disclosures also confirmed that then-CEO Alex Mashinsky, his wife Krissy, and Celsius Chief Strategy Officer Daniel Leon all withdrew millions shortly before the company froze withdrawals, even while Alex Mashinsky was publicly reassuring people that everything was fine and their funds were safe. Initial headlines reported that these execs had cashed out around $42 million altogether, but that was based on the belief that Celsius CTO Nuke Goldstein (yes, Nuke Goldstein) had withdrawn large sums when in reality he was just moving funds between accounts at Celsius. In total, around $27 million was withdrawn by the Mashinskys and Leon in May and June.
Alex Mashinsky has also started selling off his CEL tokens. According to the Nansen analytics group and the crypto investigator Coffeezilla, wallets belonging to Mashinsky have cashed out nearly $1 million in CEL and USDC. The CEL sell-off (CEL-off?) seems like a strange move for someone who is also claiming that it should be no problem for Celsius to recover from bankruptcy, through a crypto mining scheme that is completely implausible.
The liquidation of Three Arrows Capital is continuing. For those who need a refresher, 3AC was apparently a load-bearing hedge fund in the crypto world. In mid June, it was revealed that the firm was insolvent, and their failure to repay debts kicked off a huge domino effect, contributing to the bankruptcy of Voyager among other things. 3AC’s founders are currently being… let’s just say cagey… about their whereabouts. That’s not slowing down the liquidation of the firm, though—eagle-eyed NFT watchers observed the movement of NFTs belonging to Starry Night Capital, an NFT fund controlled by 3AC. It was subsequently revealed that these NFTs were being moved to 3AC’s liquidator, where they will eventually be sold. Unfortunately for 3AC, and those they owe money, many of the NFTs were purchased close to the top of the NFT craze. Although Starry Night spent at least $21 million assembling the collection, the nearly 500 NFTs are currently estimated to be valued at roughly $3 million
The Financial Stability Oversight Council (FSOC) released their “Report on Digital Asset Financial Stability Risks and Regulation”, in the latest response to Biden’s March Executive Order. It’s 124 pages long. The summary of the report begins by saying that “Crypto-asset activities could pose risks to the stability of the U.S. financial system if their interconnections with the traditional financial system or their overall scale were to grow without adherence to or being paired with appropriate regulation, including enforcement of the existing regulatory structure.” The summary also includes this fairly scathing paragraph, which I will quote in full:
Some characteristics of crypto-asset activities have acutely amplified instability within the crypto-asset ecosystem. Many crypto-asset activities lack basic risk controls to protect against run risk or to help ensure that leverage is not excessive. Crypto-asset prices appear to be primarily driven by speculation rather than grounded in current fundamental economic use cases, and prices have repeatedly recorded significant and broad declines. Many crypto-asset firms or activities have sizable interconnections with crypto-asset entities that have risky business profiles and opaque capital and liquidity positions. In addition, despite the distributed nature of crypto-asset systems, operational risks may arise from the concentration of key services or from vulnerabilities related to distributed ledger technology. These vulnerabilities are partly attributable to the choices made by market participants, including crypto-asset issuers and platforms, to not implement or refuse to implement appropriate risk controls, arrange for effective governance, or take other available steps that would address the financial stability risks of their activities.
The Web3 is Going Just Great recap
Note: If you're an avid follower of the W3IGG site and don't need a recap, you can scroll on past to the "Coming up" section.
There were 15 new entries between October 3 and October 11, averaging 1.7 posts a day.
Gary Gensler tries to make an example of Kim Kardashian
The SEC announced with considerable fanfare that they had levied a $1.26 million fine against Kim Kardashian for unlawfully promoting a “crypto asset security”. Although she had included “#ad” in her post, she did not disclose how much or when she was paid for the promotion—requirements for when someone decides to advertise such assets to their followers. Kardashian agreed to settle the charges without admitting to wrongdoing, which probably makes sense—she only just announced that she would be launching a private equity firm, and a legal battle with the SEC and possible guilty verdict might not help with that endeavor. This is the same “pump-and-dump” token and the same promotional post for which Kardashian is also facing a class action lawsuit, which was filed in January and also names Floyd Mayweather and Paul Pierce as defendants.
Also notable about this incident is the degree to which the SEC (or possibly just Chairman Gensler) tried to generate hype around the settlement. Minutes after the charges were announced, Gensler appeared on CNBC—in a move that Fox Business claimed had SEC staffers “fuming”, accusing him of “being a publicity hound”, and claiming he was trying to bolster his reputation in advance of a possible bid for the Treasury Secretary seat. Gensler also released a YouTube video titled “Use Caution with Celebrity Endorsements of Investment Products”, complete with a cast of extras (including one who seems to resemble Jake Paul suspiciously closely).
In the grand scheme of things, $1.26 million is not even a noticeable blip in Kim Kardashian’s net worth (although neither is the $250,000 she was apparently paid for the promotion), but perhaps Gensler will succeed in his goal of discouraging other influencers from making similarly questionable endorsements of crypto tokens.
Some questioned why Kardashian was slapped with a fine for not disclosing how much she was paid, whereas Matt Damon got away with promoting Crypto.com on primetime television without doing so. The distinction is that Kardashian was promoting a specific crypto token, while Damon was touting a crypto exchange.
Binance Smart Chain halted following $127 million bridge exploit
In another of what has become a long string of $100+ million blockchain bridge attacks, an attacker was able to steal 2 million BNB (nominally worth around $586 million) from the BSC Token Hub bridge. Binance Smart Chain (BSC) is also sometimes called BNB Chain, a rebranding decision made by Binance, who want to “disassociate directly from the network and allow it to develop on its own”. The attacker only made off with a measly $127 million of their haul, though, because the chain was halted very quickly. Although this worked well to mitigate the hack, it also exposed the often-criticized level of centralization of the BSC blockchain. Binance CEO Changpeng Zhao (“CZ”) and the development team behind BSC seemed to feel a little bit sheepish about this, with CZ claiming it was not his tweet that had caused validators to halt the chain, and the BSC team promising to decentralize even more going forward.
CNN accused of rug pull
A little over a year after launching it, the cable news giant CNN has announced they will be sunsetting their “Vault” project: a set of NFTs catering to the collectors who want to “own”, say, one of the 43 copies of an NFT linked to a video clip of CNN predicting George W. Bush would win his election.
Outraged buyers accused CNN of “rug pulling” them, but CNN claimed that their shutdown was just the end of what had originally been planned to be a “6-week experiment”—nevermind that they neglected to mention to anyone that it was experimental or likely to be shut down in the future.
As an apparent attempt to placate angry users worried that the value of their NFTs might drop, CNN promised to return “either FLOW tokens or stablecoins” for “roughly 20% of the original mint price”. However, the project is built on the Flow blockchain, where users can only withdraw stablecoins $10 at a time—and with a $4 fee on each withdrawal.
Vanity is often the unseen spur
The bug in the Profanity vanity wallet address generator has claimed its most recent victim, enabling a $1.16 million theft from the QANX “quantum-resistant blockchain”. Although QANX hadn’t used Profanity to generate their vanity wallet address, they used a tool that derived from Profanity and had inherited its bug, thus allowing an attacker to gain control over the project wallet. This was the second theft impacting QANX this year, following a May theft of 370 ETH—at the time valued at around $700,000.
$116 million stolen from Mango Markets by attacker who then submitted a governance proposal to try to protect themselves from prosecution
An attacker successfully manipulated oracle prices in order to siphon SOL valued at $116 million from Mango Markets, a Solana-based decentralized lending project. However, the attacker is somewhat trapped with their SOL at this point—only a few exchanges have enough liquidity for an attacker to exchange this amount of SOL, and those exchanges (Coinbase, Binance, and Kraken) have frozen the attacker’s wallet addresses.
The attacker then attempted to come out on top by submitting a governance proposal to the Mango DAO that would grant the attacker $70 million in stablecoins in exchange for returning the stolen funds, a promise that the assets wouldn’t be frozen, and a promise that the DAO wouldn’t pursue a criminal investigation against the attacker. The attacker, of course, used their 32 million votes to vote in support of their own proposal. This wasn’t enough to offset the more than 300 million votes by other participants, but the DAO did subsequently approve a new proposal that was largely the same, but modified the “bounty” to around $47 million.
Bittrex fined $29 million for sanctions violations [link]
Rabby Wallet’s swap feature exploited a month after launch [link]
STAX Finance exploited for $2.3 million [link]
U.S. SEC is investigating Bored Apes creator Yuga Labs [link]
CoinDesk reports that Decentraland has just 38 daily active users [link]
Celsius exposes the names of all customers and their recent transactions in court filing – including their execs [link]
South Korea reportedly freezes $39.6 million in crypto belonging to Terra founder Do Kwon, Kwon says it isn’t his [link]
Zcash continues to suffer from spam attack that started months ago [link]
More than $1.1 million stolen from Sovryn defi protocol [link]
Buyer and seller of hacked account logins busted for $1 million tax fraud [link]
I joined the Bankless podcast for an episode, which should be coming out in the next couple of weeks. They’re a popular crypto podcast that I listen to once in a while—they are very pro-crypto, and I find their takes to be informative even when I don’t agree with them (which is fairly often). I thought it was a great conversation. We dug into some of our shared concerns about the crypto industry, and goals that I share with some people who are working on “web3” (even though I don’t share their optimism for web3 paths towards achieving those goals). We also, naturally, discussed some of the points where we disagree, but it didn’t veer into angry debate territory. Keep an eye out for that in the “In the news” section in the next newsletter or two.
CoinDesk put me on their list of candidates for their upcoming “2022’s Most Influential in Crypto” list, which I thought was neat. It’s cool of them to include some skeptics; Ben McKenzie is on the list, as are Crypto Critics Corner’s Cas Piancey and Bennett Tomlin. There’s also a whole list of crypto scammers and creators of failed projects on there, though, so it’s pretty clear they don’t necessarily see the list as a badge of honor.
I’ve got some travel coming up in each of the coming three weeks, so please bear with me if I’m a little slow on Web3 is Going Great updates! Should be minimal interruption next week and the following week, but when I’m in Lisbon for the week of November 1 for Web Summit, I suspect I will fall a bit behind. If the crypto industry could just hit pause on the hacks, grifts, and scandals for that week, that would be really appreciated.
In the news
Bloomberg, Is Web3 Really Going That Great? (Podcast)
I had a great conversation with Stacy-Marie Ishmael on the Bloomberg Crypto podcast. We talked about my skepticism of crypto, how I find material for Web3 is Going Just Great, who’s been hurt in crypto failures, why crypto has earned a reputation for being toxic, and various other topics.
That’s right folks, more people trying to make a crypto island! I spoke a little bit about these crypto island project ideas in general, and how they tend to devote a lot of time to flashy marketing and not so much time to specifics around, say, whether they are even allowed to sell the land.
Worth a read
Some more excellent reporting from Rest of World, this time on a planned technolibertarian paradise called Próspera, based on the island of Roatán in Honduras. It seeks to attract various startups, many of whom are attracted by the hope of more lax regulations on things like human clinical trials. If you’re more of a podcast person, one of the authors of this piece was a guest on TRASHFUTURE to discuss the topic (two parts).
The New York Times gets the inside scoop from some Meta (Facebook) employees about how Zuck’s metaverse plans are being received within the company. It doesn’t sound like everyone’s thrilled over there. This pairs nicely with this week’s hilarious “legs!” announcement, and then the near-immediate chaser that the legs were fake.
I’d like to extend a shoutout and a huge thank you to the generous Patrons who subscribed at the “accomplice” tier or above, including Peter Huene and Thor Wilbanks.1 You’re wonderful, and I’m so grateful for your support.
That’s all for now folks. Until next time,
This newsletter originally made references to Patreon, because I started Whitespace as a Patreon before moving to Substack in October/November.