The United States Securities and Exchange Commission (SEC) is suing Hex founder Richard Heart on allegations of unregistered crypto security sales. Meanwhile, several stable pools on Curve Finance were exploited on July 30 due to a reentrancy vulnerability in certain versions of the Vyper programming language. Losses topped $52 million, leading to a plummeting of Curve’s native CRV token. Amid the chaos, an ethical hacker managed to retrieve $5.4 million worth of Ether (ETH) from an exploiter and returned it to the decentralized finance (DeFi) protocol.
Hex founder faces SEC complaint over unregistered securities offering
Controversial crypto entrepreneur and investor Richard Heart faces a lawsuit from federal regulators over an alleged unregistered securities offering.
In a July 31 filing, the United States Securities and Exchange Commission (SEC) claimed that Heart had raised more than $1 billion through the unlawful sale of Hex, PulseChain (PLS) and PulseX (PSLX). According to the complaint, Heart made claims of “grandiose wealth for investors” in marketing the tokens. The Hex founder faces charges related to federal securities violations and defrauding retail investors.
Today we charged Richard Heart (aka Richard Schueler) and three unincorporated entities that he controls, Hex, PulseChain, and PulseX, with conducting unregistered offerings of crypto asset securities that raised more than $1 billion in crypto assets from investors.
— U.S. Securities and Exchange Commission (@SECGov) July 31, 2023
Like other crypto assets, Hex surged in popularity in 2021, reaching an all-time high around $0.48. The token is currently trading at around $0.00616, having declined over 28% on the day.
It has been speculated that Heart was aware that a federal complaint was incoming. Heart appears to have removed certain references from Hex and PulseChain in his social media profiles in the months leading up to the SEC complaint.
Ethical hacker retrieves $5.4M for Curve Finance amid exploit
An ethical hacker managed to retrieve $5.4 million worth of Ether from an exploiter and return it to DeFi protocol Curve Finance amid a recent hack.
#PeckShieldAlert c0ffeebabe.eth has returned 2,879 $ETH (~$5.4m) to #Curve deployer https://t.co/33BJLaq12A pic.twitter.com/2Jq0JOsrhV
— PeckShieldAlert (@PeckShieldAlert) July 31, 2023
A maximal extractable value bot operator with the username “c0ffeebabe.eth” used a front-running bot against a malicious hacker to secure almost 3,000 ETH. The funds were then returned to the Curve deployer address, which looks to be its rightful custodian.
Curve Finance pools exploited due to reentrancy vulnerability
Several stable pools on Curve Finance using Vyper were exploited on July 30, with losses reaching over $52 million.
The cause has been pinned on a malfunctioning reentrancy lock, affecting pools using Vyper 0.2.15, 0.2.16 and 0.3.0. At least four liquidity pools on the Curve Finance protocol have been impacted.
“The short answer is that everything that could be drained was drained. The targeted pools are aETH/ETH, msETH/ETH, pETH/ETH and CRV/ETH. All remaining pools are safe and unaffected by the bug,” Curve Finance said on Discord.
Update #PeckShieldAlert There are ~$52M exploited so far from @AlchemixFi, @JPEGd_69, @MetronomeDAO,@DebridgeFinance, @Ellipsisfi and #Curve CRV-ETH https://t.co/o1j83HgCB3 pic.twitter.com/OoI6KyL05e
— PeckShieldAlert (@PeckShieldAlert) July 30, 2023
Vyper is a contract programming language designed for the Ethereum Virtual Machine (EVM). It is considered one of the most widely used Web3 programming languages, which means the bug in three of its versions could have an impact on several other protocols.
The attack has affected a number of DeFi projects, with Alchemix’s alETH/ETH pool reporting outflows of $13.6 million, PEGd’s pETH/ETH pool drained of $11.4 million, Metronome’s sETH/ETH pool hacked for $1.6 million and over 32 million CRV tokens worth over $22 million drained over the past few hours.
The BNB Smart Chain (BSC) has reportedly suffered copycat attacks, with around $73,000 worth of cryptocurrencies on BSC across three exploits also stolen.
This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Comments are closed.