Ethereum Insider Steven Nerayoff has threatened to release more evidence on the alleged irregularities involving the network. His comment suggests that this evidence could have far-reaching consequences as it will expose “criminals on a magnitude that is unprecedented.”

Nerayoff Promises To Expose Criminals Posed As Altruists

Nerayoff stated in an X (formerly Twitter) post that he was soon going to unveil “data” that unmasks certain criminals that are currently posing as “altruists.” He noted that he had made good on his earlier promise of the recording. As such, the crypto community can also be certain that he will make good on this one, too. 

It is uncertain who these “altruists” might be. However, Nerayoff could be alluding to Ethereum founders Vitalik Buterin and Joe Lubin, as he had earlier remarked that the duo were “carefully crafted” as “crypto saviors.” Meanwhile, Nerayoff, who was an active participant during Ethereum’s ICO, made further claims against the ETH ecosystem. 

A “few players” are allegedly said to control the vast majority of Ether. The Ethereum insider alleged that these same persons have significant control of other cryptocurrencies, including the “majority of rug pulls, fraudulent ICOs and exploits.” Nerayoff also hinted that everything might not be as it seems as he says that “the whole game is rigged and controlled by these few.”

A former Ethereum core developer, Lane Rettig, had previously backed some of Nerayoff’s claims as he said that 70% of pre-mined ETH was immediately distributed. Then, Rettig seemed to be suggesting that a majority of the distributed ETH went to Etthereum’s founders or those closely associated with them. 

Meanwhile, Nerayoff highlighted the fact that none of Ethereum’s founders or close associates have come out to refute his allegations. He suggested that they have chosen to remain silent because everything he has said so far is true. 

ETH price falls to $2,200 | Source: ETHUSD on Tradingview.com

Nerayoff Comes For Ethereum Founder Vitalik Buterin

The Ethereum insider wasn’t done as he took a swipe at co-founder Vitalik Buterin. He labeled him as a “false altruist” and accused him of putting up a facade. Nerayoff also said that Buterin makes a lot of calculated financial decisions for someone who says he doesn’t care about the money. 

His comments about Buterin also suggest that the Ethereum co-founder might be one of the criminals that he was referring to in his earlier remarks. Nerayoff even went as far as alleging that Vitalik controls the market. 

One of Nerayoff’s boldest claims to date came in a subsequent post where he accused Vitalik of blowing “half the Ethereum ICO proceeds betting it all on the price of BTC.” The Ethereum co-founder went on to beg the Chinese government after this was done, Nerayoff claimed. 

Featured image from Blockmanity, chart from Tradingview.com

As per the CNBC report, criminals used the cross-chain bridge RenBridge to launder more than $540 million since 2020, in crimes related to crypto cash, reported blockchain analytics firm Elliptic.

This includes a staggering $153 million in ransomware payments. It means that hackers have been leveraging RenBridge as they break into corporate networks and force companies to pay in crypto in order to get back their data. As per Elliptic, the cross-bridge platform RenBridge has been an important facilitator to ransomware platforms linked to Russia.

Elliptic’s vice president of policy and regulatory affairs David Carlisle refers to these cross-chain bridges as a blessing as well as a curse. He states that on one hand, these bridges expand the market by offering another platform to transact. He adds that cross-chain bridges are vital to the development of overall DeFi space.

The flipside is, “they’re effectively ungoverned, and so very vulnerable to hacks, or to being used in crimes like money laundering,” said Carlislie.

Regulation of Crypto Bridges

Carlislie believes that regulators will start cracking down on crypto bridges over the next 12 months. The latest news comes a day after the U.S. Treasury sanctioned the use of crypto mixer Tornado Cash. Reportedly, Tornado Cash laundered more than $7 billion since 2019.

Carlislie adds: “One major question is whether bridges will become subject to regulation since they act a lot like crypto exchanges, which are already regulated”.

The Elliptic report notes that RenBridge has become a popular destination for crypto criminals to launder crypto assets via acts of fraud, theft, ransomware, and other criminal activities. It also adds that crypto assets laundered via RenBridge were likely stolen by North Korea.

Elliptic notes that more than $267 million was stolen from exchanges and DeFi services through RenBridge over the last two years.

“Cross-chain bridges are a loophole in the regulatory regime that has been painstakingly established by governments around the world, to combat crypto laundering. Ransomware gangs, fraudsters and even North Korean hackers are shifting from regulated crypto exchanges to a decentralized, unregulated alternative,” said Tom Robinson, Elliptic’s chief scientist.

Last week, crypto-bridge Noman lost more than $200 million in a major exploit. Soon after, thieves started using RenBridge to launder money.

Around $70,000 was stolen using Beeple’s hacked Twitter account with a phishing link posted on his Twitter.

Famous digital NFT artist Mike Winkelmann’s (Beeple) Twitter account was hacked, and it has been sharing a phishing link that can hack and steal crypto from another person’s crypto wallet once clicked.

Beeple has been a target of hackers and NFT phishing scams with his large following and popularity online.

Phishing is the deceptive activity of sending emails pretending to be from trustworthy companies in order to encourage individuals to divulge personal information, such as passwords and credit card details.

Suggested Reading | Crypto Disaster: Ethereum Co-Founder Vitalik Buterin Claims He’s Not A Billionaire Anymore

ugh we’ll that was fun way to wake up.

Twitter was hacked but we have control now. Huge thanks to @garyvee ‘a team for quick help!!!!

— beeple (@beeple) May 22, 2022

Phishing Links To A Fake Louis Vuitton Site

The link posted on Beeple’s hacked Twitter account directs users to a shady website and steals their funds. The link goes to a fake website that showcases collaboration with Louis Vuitton, an elite fashion brand.

The tweet was staged, making people believe it’s Beeple: “Been working on this with LV for a long time behind the scenes. 1000 unique pieces… official raffle below”. The phishing link is also inserted into the tweet but is now deleted.

Many famous NFT personalities have posted tweets warning people of the phishing scam following the hacking incident.

Beeple’s compromised account was posting like it was a legitimate Louis Vuitton collaboration. Zeneca, an NFT influencer, has also tweeted a warning to the NFT space. Other people have joined forces to warn other NFT enthusiasts to be vigilant.

Phishing is the act of sending fake emails from trustworthy firms to steal personal information like passwords and credit card numbers (Tripwire).

Taking The Bait

Once users are led to the fake website and link their wallets to it, the action triggers a mint and then proceeds to send 1 ETH. However, the phishing website isn’t designed to dry your wallets, which is a common trend with other NFT phishing scams.

Sadly, many NFT collectors and fans of Beeple had no clue that the digital artist’s Twitter account was breached, and they were lured to the trap and ended up losing their funds. According to reports, the victims lost 35 ETH or roughly $70,000.

The malicious phishing link is still on Beeple’s Twitter bio. Zeneca further emphasized to not click on malicious links and not link your wallet to unknown or unverified websites.

ETH total market cap at $249 billion on the daily chart | Source: TradingView.com

Beeple’s tweet regarding a raffle connected to collaboration with Louis Vuitton sounded legitimate or authentic because they had a collaboration way back in 2019. Unfortunately, for some followers of Beeple, it pays to always verify a hundred times before connecting your wallet, even to seemingly legit sites.

Beeple Regains Control Of Twitter Account

Beeple is now able to regain control of his account and posted a warning on Twitter: “Stay safe out there; anything too good to be true IS A F*CKING SCAM.”

Beeple’s “Everydays – The First 5000 Days” NFT was sold for $69 million. The most that he had ever sold before was $100 for a piece – and the rest was history.

Beeple also has more than 2.5 million followers all over social media, making him a target for hackers eyeing crypto wallet funds. 

Suggested Reading | Cryptocurrency Is ‘Worthless,’ European Central Bank President Says

Featured image from Cryptonary, chart from TradingView.com

At the last peak, there were $256B invested in DeFi. The industry’s rapid growth brought attention, and among those eyeballs, there were bad actors. In fact, “the value stolen from these protocols catapulted 1,330%” last year. That’s according to surveillance firm Chainalysis’ “The 2022 Crypto Crime Report,” which also informs us that:

“In 2020 and 2021, lending platforms such as yield farming protocols endured the largest losses, with $923 million in total stolen funds and 64 theft incidents. Infrastructure services like cross-chain protocols and oracles-as-a-service came in close second, with DEXes and DAOs reckoning with significant thefts as well.”

So, the whole DeFi set is in trouble. Do smart contracts introduce lethal vulnerabilities or will programmers learn how to tame the beast? Last year, the amount stolen on crypto hacks augmented 6x from 2020. It reached the impressive $3.2B mark, and $2.3B “of those funds were stolen from DeFi platforms in particular.” 

Related Reading | Chainalysis New Service: Snitching For The Lightning Network. Can They Deliver?

That’s a massive change from previous trends.“In every year prior to 2021, centralized exchanges lost the most cryptocurrency to theft by a large margin.” Not only that, “centralized exchanges, once a top destination for stolen funds, fell out of favor in 2021, receiving less than 15% of the funds.” So, DeFi stole the show and centralized exchanges weren’t even on criminal’s radars last year.

Total Value Stolen And Total Number Of Thefts | Source: Chainalysis

Why Did This Happen To DeFi?

Money and success bring attention and attention brings criminals. Besides that, surveillance company Chainalysis identifies other factors. One is DeFi’s reliance on open-source software. While it’s useful that users can audit the code, it “also stands to benefit cybercriminals, who can analyze the scripts for vulnerabilities and plan exploits in advance.”

Price oracles are another vulnerability. “Secure but slow oracles are vulnerable to arbitrage; fast but insecure oracles are vulnerable to price manipulation. The latter type often leads to flash loan attacks, which extracted a massive $364 million from DeFi platforms in 2021.” In fact, code exploits and flash loan attacks were the protagonists last year: 

“In 2021, code exploits and flash loan attacks—a type of exploit involving price manipulation—accounted for a near-majority of total value stolen across all services at 49.8%. And when examining only hacks on DeFi platforms, that figure increases to 69.3%.”

A possible solution against common crypto hacks is code audits for smart contracts. However, “audits aren’t infallible. Nearly 30% of code exploits occurred on platforms audited within the last year, as well as a surprising 73% of flash loan attacks.“

ETH price chart for 02/22/2022 on Gemini | Source: ETH/USD on TradingView.com

Top 10: The Largest Crypto Hacks Of 2021

These ten crimes “accounted for a majority of the funds stolen at $1.81 billion.” According to Chainalysis’ data, the top ten is:

1. Code exploit at Poly Network, $613M
2. Security Breach at BitMart, $200M
3. Security Breach at BadgerDAO, $150M
4. Embezzlement at Undisclosed, $145M
5. Code Exploit at Venus, $145M
6. Leaked Private Keys at BXH, $139M
7. Flash Loan at Cream Finance, $130M
8. Security Breach at Vulcan Forged, $103M
9. Code exploit at Undisclosed, $91M
10. Security Breach at Undisclosed, $91M

Conclusions And Solutions

The report finishes the section with possible solutions that it already admitted are not enough, like “code audits, decentralized oracle providers, and an altogether more rigorous approach to platform security.” And then, it gives an additional tip, “even when these functions do fail and cryptocurrencies are stolen, blockchain analysis can help.”

Related Reading | Criminal Crypto Wallet Balances Tripled In 2021, Says Chainalysis

There’s a question that Chainalysis and everyone working in DeFi is afraid to ask, though. What if the vulnerabilities are inherent to the system and smart contracts in general? What if the honeypot DeFi creates is just too tempting? What if the whole thing is just too risky?

Featured Image by TheDigitalArtist on Pixabay | Charts by Chainalysis and TradingView