Bybit’s Nightmare Weekend 😵

Hi! In today’s edition:

• 🔥 Bybit in the hot seat

• 💀 OX.FUN: No fun 

• ✅ Coinbase out of court

• 💰 Arbitrum’s treasury troubles

A multi-currency wallet that’s easy, quick, and secure? …That’s RockWallet! Discover how you can take control of your assets and feel confident in the digital economy.

Sign up now to take advantage of a special $75 welcome promo for the Unchained community.

Bybit Flows Return to ‘Normal’ After Biggest-Ever Crypto Hack

Bybit said on Sunday that deposit and withdrawal activity had returned to normal following the theft of 401,347 ETH worth $1.5 billion from the exchange’s ETH cold wallet two days earlier.

Pseudonymous blockchain sleuth ZachXBT said they had proof that the North Korean state-sponsored Lazarus Group was behind the hack — the biggest-ever crypto theft — pointing out direct onchain links between the Bybit hackers’ wallets and the hackers that stole $29 million from the Phemex exchange in January. 

Bybit has seen at least $5.9 billion in outflows since the hack, according to data from DeFiLlama. 

“Within the first 10 hours of the incident, we processed over 350,000 withdrawal requests, completing 99.9% of them by 1:45 AM UTC [8:45 pm ET],” Bybit said. “In total, over 580,000 withdrawal requests have been successfully completed.”

Despite the exodus of funds and massive theft, Bybit appears to be in decent financial shape, having received $1.23 billion worth of ETH through loans, deposits, and ETH purchases following the hack as of 9:30 p.m. ET on Sunday, according to data from blockchain analytics platform Lookonchain. 

Bybit CEO Ben Zhou confirmed that the exchange had “already fully closed the ETH gap” and promised an audited proof of reserves report showing that its reserves were back to 100%. 

Blockchain security experts say the attackers pulled off the exploit by tricking signers of the upgradeable multisig cold wallet during a routine transfer to authorize a malicious ERC-20 transfer to a trojan contract. 

The issue stemmed from a manipulated front end, which was altered to deceive users — a method that has been employed to attack multiple platforms in the past year, including WazirX and Radiant Capital — according to blockchain and smart contract audit firm SlowMist.

The exploiters started laundering funds by issuing memecoins on Solana-based Pump.fun. One token traded at least $26 million in volume before it was blocked by the Pump.fun team. 

The hack has triggered specious calls by Bitcoiners and Solana supporters for an Ethereum chain rollback — a process of reversing confirmed transactions on the blockchain to restore it to a previous state. 

Ethereum core developer Tim Beiko said, however, that such a move would not be feasible due to technical limitations, ecosystem complexity, and the community's commitment to blockchain immutability.

3AC Founders’ Exchange OX.FUN Nears Insolvency

OX.FUN, a crypto exchange that was spun up by Three Arrows Capital founders Su Zhu and Kyle Davies after their previous venture, OPNX, abruptly shut down, is down to its last $1.7 million of assets.

“They will have even less once (if) they process an outstanding $1M USDC request,” Coinbase executive Conor Grogan wrote on X, sharing data from blockchain analysis platform Arkham. “This would bring their USDC total down to ~$1K.” 

The drying up of funds comes after reports that OX.FUN attempted to extort a collective of artists called jefeDAO for $1 million.

OX.FUN still claims that “a group of bad actors” attempted to profit through “illegal market manipulation.”

“Contrary to Jefe's statement that he didn't place any trades, he performed an oracle manipulation attack,” OX.FUN said.

OX.FUN’s pseudonymous head of treasury denied that the exchange was insolvent, saying only that the exchange had “temporarily paused a few whale withdrawals” due to “market volatility.”

Why the SEC’s Dismissal of the Coinbase Case Is a Total Win for Crypto

If there were any remaining doubt that the Trump White House was going to make a break from President Biden’s hostile posture towards the crypto industry, that is surely gone.

Coinbase announced on Friday that it had reached an agreement with the U.S. Securities and Exchange Commission, which had sued it in June 2023 for — among many things — operating as an unlicensed national securities exchange, for the complete dismissal of the lawsuit. 

Coinbase will not pay any monetary penalties, and it will not have to change any aspects of its business. The case will be dismissed with prejudice, meaning that it cannot be refiled at a later date.

So, what does the SEC’s rare waving of the white flag mean for similar lawsuits it has filed against Coinbase competitors such as Binance and Kraken, and against decentralized exchange Uniswap?

Arbitrum Proposal to Invest in Non-Native Projects Draws Fire

The Arbitrum DAO Growth Management Committee has proposed investing 7,500 ETH in non-native projects with the goal of generating “low-risk yield on otherwise idle ETH.” 

The proposal recommends allocating 5,000 ETH to Lido for wstETH tokens, which would then be deposited into Aave V3 on Arbitrum, and 2,500 ETH to the Fluid lending platform.

But some members of the community aren’t exactly thrilled by the idea of deploying treasury assets outside the Arbitrum ecosystem.

Critics said the proposal ignored local projects and failed to support developers building protocols on Arbitrum. 

Some governance delegates argued that Arbitrum-native projects such as GMX, Dolomite, and Camelot offered similar risk profiles to the projects that were ultimately selected.

Mantle is building the largest sustainable hub for on-chain finance. Launching three new core innovation pillars: Enhanced Index Fund, Mantle Banking and MantleX. 

• 🔄 Memecoin launchpad Pump.fun is reportedly developing its own automated market maker, a move that could disrupt Solana’s token trading landscape by allowing memecoins to bypass Raydium’s liquidity pools and fee structure.

• 🔓 Stablecoin neobank Infini was exploited for $49 million after an attacker manipulated smart contract settings using retained administrative privileges, swapping stolen USDC into ETH via Tornado Cash. The platform says affected users will be reimbursed.

• 🌍 FTX has begun repaying creditors, but jurisdictional restrictions are blocking refunds in countries such as Russia, China, and Nigeria. A survey shows that nearly 80% of creditors plan to reinvest, with Solana and memecoins among the top choices.

• 🕵️‍♂️ Bybit is offering a record-breaking bounty of 10% of the $1.5 billion stolen from it over the weekend in exchange for help recovering the funds, the biggest sum stolen in any crypto theft to date.

• 🎤 Ye (formerly Kanye West) hinted over the weekend at launching a new, Nazi-themed token called “Swasticoin” in a series of inflammatory and antisemitic crypto posts, further escalating his variously racist, homophobic, and misogynistic rhetoric while also teasing plans to build his own blockchain.

• 📜 The U.S. Securities and Exchange Commission dropped its investigation of OpenSea just weeks after the NFT marketplace confirmed its $SEA token airdrop, signaling a broader regulatory shift under the new pro-crypto administration.

1. @prasincs, research lead at Anchorage, on the problems of blind signing 

2. a16z crypto: Trusted Execution Environments (TEEs): A primer

3. CoinDesk: Ethereum 'Roll Back' Suggestion Has Sparked Criticism. Here's Why It Won't Happen

Unchained is seeking a proactive, part-time Sponsorships Manager to generate and manage sponsorships across Unchained’s platforms.