Chainalysis released its midyear report, sharing data its gathered on illicit activity through July 2022 and comparing it to this time last year. Fewer people than ever appear to be falling prey to crypto scams, but stolen funds and hacks are significantly outpacing last year’s numbers.
Crypto analytics firm Chainalysis released its midyear report yesterday, showing an overall decline in illicit activity despite some outliers. Price downturns appear to have had an effect, with both illicit and legitimate volumes trending lower compared with this time last year. Still, Chainalysis noted that illicit activity appears to be more resilient, since volumes are down only 15% from last year compared to 36% for legitimate activity.
Scam revenue for this year is 65% lower compared with July of 2021, clocking in at $1.6 billion. Chainalysis proposes that this is linked to price declines, since scam revenue has fallen relatively in line with the price of bitcoin since the start of this year. The number of transfers to scams at this point in the year is also the lowest seen in four years. Still, the report noted that scam revenue is also driven by high-profile schemes, which 2022 has yet to see.
"Those numbers suggest that fewer people than ever are falling for cryptocurrency scams," the firm said in its report. "One reason for this could be that with asset prices falling, cryptocurrency scams — which typically present themselves as passive crypto investing opportunities with enormous promised returns — are less enticing to potential victims."
Additionally, a price downturn means less hype, which tends to be a factor in drawing in inexperienced users, according to Chainalysis.
Hacks and the amount of stolen funds are up compared to last year. According to Chainalysis, $1.9 billion worth of crypto has been stolen as of July, compared with $1.2 billion in July of 2021. Indeed, this year has already seen a number of high-profile hacks.
Polkadot-based decentralized finance (DeFi) platform Acala’s native stablecoin, aUSD, depegged on Sunday, plummeting 99% after hackers exploited a bug in a newly deployed liquidity pool to mint 1.28 billion tokens.
Acala developers said the bug was caused by a misconfiguration of the iBTC/aUSD liquidity pool shortly after it went live on Sunday. A liquidity pool is a digital pile of cryptocurrency locked in a smart contract, which results in creating liquidity for faster transactions on decentralized exchanges (DEX) and DeFi protocols.
After noticing the exploit, the Acala team disabled the transfer functionality of the “erroneously minted aUSD” remaining on the Acala parachain. Parachains refer to custom, project-specific blockchains that are integrated within the Polkadot and Kusama networks and can be customized for any number of use cases.
A wallet believed to belong to the attacker still contains approximately 1.27 billion aUSD. Acala has asked white-hat hackers to return the stolen funds to Polkadot or Moonbeam addresses. On-chain sleuths have pointed out that the attacker who minted 1.28 billion aUSD was not the only person to take advantage of the bug – several other users allegedly stole thousands of dollars worth of DOT from the liquidity pool.
A crypto liquidity marketplace is dealing with the aftermath of an alleged inside job involving stolen funds by one of its own.
Velodrome Finance, a market maker in the Optimism ecosystem, has been trying to pin down what transpired since the firm discovered a sizable chunk of its funds missing about two weeks ago. On Aug. 4, a team-owned wallet used for operational expenses — including salaries — was suddenly compromised to the tune of some $350,000.
The funds have since been recovered.
Velodrome said in a Friday update that the attacker managed to drain the funds before the team could transfer the remaining assets to a treasury multi-signature wallet. While the funds have now been recovered, the team’s identification of the attacker was disturbing.
Representatives for the marketplace identified the culprit as an employee who goes by “Gabagool.” The identity of the staffer, as well as his or her role, was not disclosed.
The crypto community didn’t take kindly to the disclosure, with one Twitter user pointing to a Vice interview with Gabagool warning against crypto scams.
“And he ends up being a scammer himself,” the user wrote.
Gabagool admitted to transferring the $350,000 from Velodrome’s funds, saying he swapped it all for ether and then sent it to Tornado Cash — a platform used to obscure origins of funds. The US Treasury recently sanctioned Tornado Cash in an unexpected move that alleged money laundering.
One of the former employee’s tweets showed Gabagool saying he was mentally affected by losing a significant amount of money during the recent cryptocurrency market downturn.
“I did this in a pathetic attempt to solve my own problem, to get out of a trap of my own making,” he said, adding that his idea to return the funds was “delusional.” He claimed he returned most of the funds after being overcome by guilt.
“I own the bad decisions I made and take responsibility for my actions,” he wrote.
Velodrome said it has cut off ties with Gabagool and is working with attorneys on next steps. It’s not clear whether he could face criminal charges, in addition to likely civil litigation.
Celer Network shuts down bridge over potential DNS hijacking. The platform asked users to revoke token approvals for smart contracts on several blockchains, including Ethereum and BSC.
Interoperability protocol Celer Network has asked its users to revoke the approval for several contracts after shutting down its cBridge over a suspected Domain Name System (DNS) hijacking.
According to the project’s initial analysis, there was suspicious DNS activity around 7:00 pm UTC on Wednesday. However, at the time of writing, the platform is still investigating and trying to learn more about the issue.
Meanwhile, as the platform continues to pinpoint the problem, the team has shut down the cBridge as an initial way to avoid further mishaps and protect users. The platform also advised its users to revoke token approvals for smart contracts on Ethereum, Polygon, Avalanche, BNB Smart Chain, Arbitrum, Astar and Aurora.