Crypto has had a miserable month and it’s only the third day of August
It’s been a rough month for the crypto sector, and it’s only the third day of August.
From cross-chain bridge hacks draining hundreds of millions of dollars in customer funds to the Securities and Exchange Commission coming after cryptoponzi schemes, this corner of the market can’t catch a break.
The development adds to an already torrid year for the crypto market, which has seen massive declines as fears of monetary tightening and a lack of liquidity set in.
The deluge of news is hard for even insiders to keep track of, so here’s a rundown of what you’ve missed since Monday.
Monday
US Securities and Exchange Commission headquarters in Washington on February 23, 2022.
Al Drago/Bloomberg via Getty Images
The scheme, called Forsage, claimed to be a decentralized smart contract platform, allowing millions of retail investors to transact via smart contracts that operated on the ethereum, tron and binance blockchains. The SEC alleges that for more than two years the setup operated as a standard pyramid scheme, where investors made profits by recruiting others into the operation.
In the SEC’s formal complaint, Wall Street’s top watchdog calls Forsage a “textbook pyramid and Ponzi scheme,” in which Forsage aggressively promoted its smart contracts through online campaigns and new investment platforms, all while selling “no actual consumer product.” The complaint adds that “the primary way for investors to make money from Forsage was to recruit others into the scheme.”
The SEC said Forsage operated a typical Ponzi structure, in which it allegedly used assets from new investors to make earlier payments.
“As the complaint alleges, Forsage is a fraudulent pyramid scheme launched on a massive scale and aggressively marketed to investors,” wrote Carolyn Welshhans, acting head of the SEC’s Crypto Assets and Cyber Unit.
“Fraudsters cannot circumvent the federal securities laws by focusing their schemes on smart contracts and blockchains.”
Forsage, through its support platform, declined to offer a method to contact the company and did not provide comment.
Four of the eleven people charged by the SEC are the founders of Forsage. Their current whereabouts are unknown, but they were last known to live in Russia, the Republic of Georgia and Indonesia.
The SEC has also charged three US-based promoters who endorsed Forsage on their social media platforms. They were not named in the commission’s statement.
Forsage was launched in January 2020. Regulators around the world have tried a couple of times to shut it down. Cease-and-desist lawsuits were first filed against Forsage in September 2020 by the Securities and Exchange Commission of the Philippines. In March 2021, the Montana Securities and Insurance Commissioner tried the same thing. Despite this, the defendants allegedly continued to promote the scheme while denying the allegations in several YouTube videos and in other ways.
Two of the defendants, both of whom neither admitted nor denied the charges, agreed to settle the charges, subject to court approval.
Tuesday
So-called blockchain bridges have become a prime target for hackers looking to exploit vulnerabilities in the world of decentralized finance.
Jakub Porzycki | NurPhoto | Getty Images
The nature of the bug meant that users did not need any programming skills to exploit it. Others caught on and deployed armies of bots to carry out copycat attacks.
“Without prior programming experience, any user can simply copy the original attacker’s transaction call data and replace the address with theirs to exploit the protocol,” said Victor Young, founder and chief architect of crypto startup Analog.
“Unlike previous attacks, the Nomad hack became a free-for-all where multiple users began draining the network by simply replaying the original attackers’ transaction call data.”
Blockchain bridges are a popular way to move tokens away from networks like Ethereum, which have gained a reputation for slow transaction times and high fees, to cheaper, more efficient blockchains. But sloppy programming choices have made them a prime target for hackers trying to swindle investors out of millions. More than $1 billion in crypto has been lost to bridge exploits so far in 2022, according to blockchain analytics firm Elliptic.
“I can only hope that developers and projects will learn that they are running a critical piece of software,” Adrian Hetman, technical director at Web3 security firm Immunefi, told CNBC.
“They have to keep safety first and be safety first in every business decision because they’re dealing with people’s money, a lot of that money is locked up in these contracts.”
Nomad said it is working with crypto-security firm TRM Labs and law enforcement to track the movement of funds, identify the perpetrators of the attack and return stolen tokens to users.
“Nomad is committed to keeping its community updated as it learns more in the coming hours and days and appreciates all those who acted quickly to protect funds,” the company said in the statement.
Michael Saylor, chairman and CEO of MicroStrategy, first got into bitcoin in 2020, when he decided to start adding the cryptocurrency to MicroStrategy’s balance sheet as part of an unorthodox financial management strategy.
Eva Marie Uzcategui | Bloomberg | Getty Images
Later on Tuesday, MicroStrategy announced that CEO Michael Saylor is leaving the role to become executive chairman of the company. The company’s president, Phong Le, will take the reins from Saylor.
Saylor has been CEO since launching the company in 1989. MicroStrategy went public in 1998.
MicroStrategy’s stock is down over 48% this year. Bitcoin is down over 51% in the same time period.
“I believe that sharing the roles of Chairman and CEO will enable us to better pursue our two corporate strategies of acquiring and holding bitcoin and expanding our enterprise analytics software business. As Executive Chairman, I will be able to focus more on our bitcoin acquisition strategy and related bitcoin advocacy initiatives, while Phong will be empowered as CEO to manage overall corporate operations,” Saylor said in the release.
The announcement comes as the company announces second-quarter earnings, where total revenue fell 2.6% compared to a year ago. The company also reported a $918 million write-down on the value of its digital assets, presumably primarily bitcoin.
MicroStrategy may technically be about enterprise software and cloud-based services, but Saylor has said the publicly traded company operates as the first and only bitcoin spot exchange-traded fund in the United States
“We’re kind of like your non-existent spot ETF,” Saylor told CNBC on the sidelines of the Bitcoin 2022 conference in Miami in April.
Late Tuesday, early Wednesday
The Solana logo displayed on a phone screen and representation of cryptocurrencies are seen in this illustration photo taken in Krakow, Poland on August 21, 2021.
Jakub Porzycki | NurPhoto | Getty Images
And then on Tuesday night, unknown attackers came after hot wallets connected to Solana’s blockchain.
Nearly 8,000 digital wallets have been tapped for just over $5.2 million in digital coins, including solana’s sol token and USD Coin (USDC), according to blockchain analytics firm Elliptic. Twitter account Solana Status confirmed the attack, noting that as of Wednesday morning, approximately 7,767 wallets were affected by the exploit. Elliptic’s estimate is slightly higher with 7,936 wallets.
Solana’s sol token, one of the biggest cryptocurrencies after bitcoin and ether, fell about 8% in the first two hours after the hack was first discovered, according to data from CoinMarketCap. It is currently down approx. 1%, while the trading volume is up approx. 105% in the last 24 hours.
As of Tuesday evening, several users began reporting that assets held in “hot” wallets — that is, Internet-connected addresses, including Phantom, Slope and Trust Wallet — had been drained of funds.
Phantom continued Twitter that they are investigating the “reported vulnerability in the solana ecosystem” and do not believe it is a phantom-specific issue. Blockchain audit firm OtterSec tweeted it the hack has affected several wallets “on a wide variety of platforms.”
Elliptical chief researcher Tom Robinson told CNBC that the root cause of the breach remains unclear, but “it appears to be due to a bug in certain wallet software, rather than the solana blockchain itself.” OtterSec added that the transactions were signed by the actual owners, “suggesting some sort of private key compromise.” A private key is a secure code that gives its owner access to their crypto holdings.
The identity of the attacker remains unknown, as does the reason for the exploit. The breach is ongoing.
“Engineers from multiple ecosystems, with help from multiple security firms, are investigating drained wallets on Solana,” according to Solana Statusa Twitter account that shares updates for the entire solana network.
The Solana network strongly encourages users to use hardware wallets, as there is no evidence that they have been affected.
“Do not reuse the seed phrase on a hardware wallet – create a new seed phrase. Wallets that have been drained should be treated as compromised and abandoned.” reading a tweet. Seed phrases are a collection of random words generated by a crypto wallet when it is first set up, and it provides access to the wallet.
A private key is unique and links a user to their blockchain address. A seed phrase is a fingerprint of all of a user’s blockchain resources that is used as a backup if a crypto wallet is lost.
The Solana network was seen as one of the most promising newcomers to the crypto market, with backers such as Chamath Palihapitiya and Andreessen Horowitz touting it as a challenger to ethereum with faster transaction processing times and improved security. But it has faced a number of problems recently, including downtime during periods of activity and a perception of being more centralized than ethereum.
