Crypto has had a miserable month and it’s only the third day of August
It’s been a rough month for the crypto sector, and it’s only the third day of August.
From cross-chain bridge hacks draining hundreds of millions of dollars in customer funds to the Securities and Exchange Commission coming after crypto Ponzi schemes, this corner of the market can’t catch a break.
The development adds to an already torrid year for the crypto market, which has seen massive declines as fears of monetary tightening and a lack of liquidity set in.
The deluge of news is hard for even insiders to keep track of, so here’s a rundown of what you’ve missed since Monday.
Monday
US Securities and Exchange Commission headquarters in Washington on February 23, 2022.
Al Drago/Bloomberg via Getty Images
The scheme, called Forsage, claimed to be a decentralized smart contract platform, allowing millions of retail investors to enter into transactions via smart contracts that operated on ethereumthrone and binance blockchains. The SEC alleges that for more than two years, the setup operated as a standard pyramid scheme, in which investors made profits by recruiting others into the operation.
In the SEC’s formal complaint, Wall Street’s top watchdog calls Forsage a “textbook pyramid and Ponzi scheme,” in which Forsage aggressively promoted its smart contracts through online campaigns and new investment platforms, all while selling “no actual consumer product.” The complaint adds that “the primary way for investors to make money from Forsage was to recruit others into the scheme.”
The SEC said Forsage operated a typical Ponzi structure, in which it allegedly used assets from new investors to make earlier payments.
“As the complaint alleges, Forsage is a fraudulent pyramid scheme launched on a massive scale and aggressively marketed to investors,” Carolyn Welshhans, acting head of the SEC’s Crypto Assets and Cyber Unit, wrote in a press release.
“Fraudsters cannot circumvent the federal securities laws by focusing their schemes on smart contracts and blockchains.”
Forsage, through its support platform, declined to provide a method to contact the company and offered no comment.
Four of the 11 people charged by the SEC are the founders of Forsage. Their current whereabouts are unknown, but they were last known to live in Russia, the Republic of Georgia and Indonesia.
Three of the 11 individuals are US-based individuals charged as promoters who endorsed Forsage on their social media platforms: Samuel D. Ellis of Louisville, Kentucky, Mark F. Hamlin, Henrico, Virginia, and Sarah L. Theissen of Hartford, Wisconsin. Ellis and Theissen, who neither admitted nor denied the allegations, agreed to settle the charges, subject to court approval.
Forsage was launched in January 2020. Regulators around the world have tried a couple of times to shut it down. Cease-and-desist lawsuits were first filed against Forsage in September 2020 by the Securities and Exchange Commission of the Philippines. In March 2021, Montana’s Securities and Insurance Commissioner tried the same thing. Despite this, the defendants allegedly continued to promote the scheme while denying the allegations in several YouTube videos and in other ways.
Tuesday
Ethereum coin
Jakub Porzycki | NurPhoto | Getty Images
The nature of the bug meant that users did not need any programming skills to exploit it. Others caught on and deployed armies of bots to carry out copycat attacks.
“Without prior programming experience, any user can simply copy the original attacker’s transaction call data and replace the address with theirs to exploit the protocol,” said Victor Young, founder and chief architect of crypto startup Analog.
“Unlike previous attacks, the Nomad hack became a free-for-all where multiple users began draining the network by simply replaying the original attackers’ transaction call data.”
Blockchain bridges are a popular way to move tokens from networks like ethereum, which have gained a reputation for slow transaction times and high fees, to cheaper, more efficient blockchains. But sloppy programming choices have made them a prime target for hackers trying to swindle investors out of millions. More than $1 billion in crypto has been lost to bridge exploits so far in 2022, according to blockchain analytics firm Elliptic.
“I can only hope that developers and projects will learn that they are running a critical piece of software,” Adrian Hetman, technical director at Web3 security firm Immunefi, told CNBC.
“They have to keep safety first, be safety first in every business decision because they’re dealing with people’s money; a lot of that money is locked up in these contracts.”
Nomad said it is working with crypto-security firm TRM Labs and law enforcement to track the movement of funds, identify the perpetrators of the attack and return stolen tokens to users.
“Nomad is committed to keeping its community updated as it learns more in the coming hours and days and appreciates all those who acted quickly to protect funds,” the company said in the statement.
Michael Saylor, chairman and CEO of MicroStrategy, first got into bitcoin in 2020, when he decided to start adding the cryptocurrency to MicroStrategy’s balance sheet as part of an unorthodox financial management strategy.
Eva Marie Uzcategui | Bloomberg | Getty Images
Later Tuesday, Micro strategy announced CEO Michael Saylor is leaving his role to become executive chairman of the company. The company’s president, Phong Le, will take the reins from Saylor.
Saylor has been CEO since launching the company in 1989. MicroStrategy went public in 1998.
MicroStrategy’s stock is down over 48% this year. Bitcoin is down over 51% in the same time period.
“I believe that sharing the roles of chairman and CEO will enable us to better pursue our two corporate strategies of acquiring and holding bitcoin and growing our analytics software business,” Saylor said in a press release. “As executive chairman, I will be able to focus more on our bitcoin acquisition strategy and related bitcoin advocacy initiatives, while Phong will be empowered as CEO to manage overall corporate operations.”
The news came as the company announced its second-quarter earnings, where total revenue fell 2.6% compared to a year ago. The company also reported a $918 million write-down on the value of its digital assets, presumably primarily bitcoin.
MicroStrategy may technically be about enterprise software and cloud-based services, but Saylor has said the publicly traded company serves as the first and only bitcoin spot exchange-traded fund in the USA
“We’re kind of like your non-existent spot ETF,” Saylor told CNBC on the sidelines of the Bitcoin 2022 conference in Miami in April.
Late Tuesday, early Wednesday
The Solana logo displayed on a phone screen and representation of cryptocurrencies are seen in this illustration photo taken in Krakow, Poland on August 21, 2021.
Jakub Porzycki | NurPhoto | Getty Images
And then on Tuesday night, unknown attackers came after hot wallets connected to the solana blockchain.
Close to 8,000 digital wallets have been tapped for just over 5.2 million dollars in digital coins, i.a. solana‘s sol token and USD coin, according to blockchain analytics firm Elliptic. Twitter account Solana Status confirmed the attack, noting that as of Wednesday morning approximately 7,767 wallets were affected by the exploit. Elliptic’s estimate is slightly higher with 7,936 wallets.
SolanaThe Sol token, one of the biggest cryptocurrencies after bitcoin and ether, fell about 8% in the first two hours after the hack was first discovered, according to data from CoinMarketCap. It is currently down approx. 1%, while the trading volume is up approx. 105% in the last 24 hours.
As of Tuesday evening, several users began reporting that assets held in “hot” wallets — that is, Internet-connected addresses, including Phantom, Slope and Trust Wallet — had been drained of funds.
Phantom continued Twitter that they are investigating the “reported vulnerability in the solana ecosystem” and do not believe it is a phantom-specific issue. Blockchain audit firm OtterSec tweeted it the hack has affected several wallets “on a wide variety of platforms.”
Elliptical chief researcher Tom Robinson told CNBC that the root cause of the breach remains unclear, but “it appears to be due to a bug in certain wallet software, rather than the solana blockchain itself.” OtterSec added that the transactions were signed by the actual owners, “suggesting some sort of private key compromise.” A private key is a secure code that gives its owner access to their crypto holdings.
The identity of the attacker remains unknown, as does the reason for the exploit. The breach is ongoing.
“Engineers from multiple ecosystems, with help from multiple security firms, are investigating drained wallets on Solana,” according to Solana Statusa Twitter account that shares updates for the entire solana network.
The Solana network strongly encourages users to use hardware wallets, as there is no evidence that they have been affected.
“Do not reuse the seed phrase on a hardware wallet – create a new seed phrase. Wallets that have been drained should be treated as compromised and abandoned.” reading a tweet. Seed phrases are a collection of random words generated by a crypto wallet when it is first set up, and it provides access to the wallet.
A private key is unique and links a user to their blockchain address. A seed phrase is a fingerprint of all of a user’s blockchain resources that is used as a backup if a crypto wallet is lost.
The Solana network was seen as one of the most promising newcomers to the crypto market, with backers such as Chamath Palihapitiya and Andreessen Horowitz touting it as a challenger to ethereum with faster transaction processing times and improved security. But it has been faced with a wave of problems recently, including downtime during periods of activity and a perception of being more centralized than ethereum.
Correction: This story has been updated to name the three defendants in the SEC charges as US-based promoters who supported Forsage on their social media platforms. An earlier version incorrectly said those defendants were not named in the SEC’s press release announcing the charges.