CRYPTO ROAST

🎸 WhiteRock: when “water doesn’t tell coffee it’s not a partnership 🟠WhiteRock claims to be a DeFi infrastructure project boasting integrations with giants like BlackRock, Visa, Mastercard, and Nasdaq. But here’s the twist — not one of those companies has confirmed anything. No press releases, no official statements, nothing. 🟠A Reddit user politely asked, “Where’s the proof?” and got instantly banned from Telegram. On Discord? He was met with metaphors like “does water tell coffee it’s not a partnership?” and accused of being “unstable” for simply asking for verification. 🟠Instead of facts, WhiteRock throws around buzzwords like “built with” or “integrated with.” But they never explain what those phrases actually mean. Is it an API call? A newsletter mention? Who knows — just don’t ask, or you’ll get kicked. 🟠Community posts raising doubts are deleted. Users who want more than just hype are labeled as toxic. It’s a curated echo chamber, not an open discussion. 🟠This isn’t Web3 transparency. It’s narrative control with a side of gaslighting. 👀 We’re not calling WhiteRock a scam — yet. But let’s be real: every crypto rug in history has followed the same checklist — fake partnerships, vague language, aggressive mods, and a polished facade hiding a black hole of details. In crypto, “trust but verify” is dead. Now it’s just verify. Or get wrecked. ➡️CRYPTO ROAST

☠️ Crocodilus goes global — new malware campaign targets crypto wallets and banks 🟠The Android banking trojan Crocodilus is no longer just a regional threat. First spotted in Turkey, it’s now launching full-blown campaigns across Europe, South America, the U.S., India, and more — with crypto wallets sitting squarely in its crosshairs. 🟠In Poland, it spread through Facebook ads disguised as loyalty apps targeting users over 35. One click, and boom — you’re redirected to a fake site that drops malware designed to bypass Android 13+ protections, then silently hijacks your banking or wallet app with overlaid login screens. 🟠The new version of Crocodilus isn’t just sneakier — it’s smarter: – Automatically scrapes seed phrases and private keys from wallets – Modifies contact lists to inject fake “bank support” numbers – Uses deep obfuscation, XOR encryption, and messy logic to resist reverse engineering 🟠ThreatFabric analysts also observed smaller campaigns hitting mining apps and digital neobanks across Europe. Meanwhile, AMLBot reports this is now a Malware-as-a-Service operation — full kits for rent at just $100–$300. Pay, deploy, and start draining wallets. 🐊 This isn’t just a virus — it’s a business. Slick UX, modular features, global targets. And if your wallet lives on your phone? There might already be a dashboard somewhere with your crypto in queue. ➡️CRYPTO ROAST

🔤 UPD: 25 charged in Paris crypto kidnapping ring — but the masterminds remain free 🟠French authorities have now charged 25 individuals — including six minors — in connection with the attempted kidnapping of Paymium CEO Pierre Noizat’s family. The group, aged 16 to 23, is believed to be tied to multiple failed plots against crypto figures and their relatives. But here’s the catch: the real organizers are still at large. 🟠The May 13 incident, where Noizat’s daughter disarmed an attacker and fended off the group in broad daylight, wasn’t a one-off. It was part of a coordinated campaign. Police say another attack was planned just days earlier, and a separate attempt was foiled near Nantes soon after. 🟠The wave of crypto-related kidnappings across France has triggered a national response. Security audits, police consultations, and even kidnap-and-ransom insurance policies are now on the table for high-profile crypto holders. 🫰 This is no longer street-level chaos — it’s evolving into organized crime. Crypto isn’t just a digital asset class anymore. It’s a physical threat vector. If you’ve got a portfolio worth stealing, act like it. Because someone, somewhere, is watching — and they don’t care about seed phrases. ➡️CRYPTO ROAST

🔤 The U.S. is done playing — sanctions slapped on Filipino firm helping crypto scammers 🟠Meet Funnull Technology. On paper, just another tech company from the Philippines. In reality? Basically the Amazon Web Services of crypto scams. Selling bulk IP addresses, modifying legit codebases, and redirecting unsuspecting users from normal websites to shady phishing and gambling pages. 🟠In 2024, they bought a public developer code repository — something thousands of sites rely on — and quietly injected it with code that redirected traffic to scam pages. Imagine you’re just building a blog, and suddenly your site is a launchpad for a crypto drain. 🟠According to OFAC (the U.S. Treasury’s sanctions unit), Funnull’s services were involved in scams that stole over $200 million from victims who thought they were logging into real investment platforms. Turns out it was all just pig butchering, but dressed up with slick UX and stolen code. 🟠The company’s admin, Chinese national Liu Lizhi, is now officially sanctioned. His wallets are frozen, his assets are blocked, and anyone in the U.S. is banned from doing business with him. Yes, even sending him USDT is now a federal offense. 🟠Blockchain analysts at Chainalysis dug deeper and found Funnull is part of a sprawling web of over 200,000 fake websites and scam apps — a whole “cloud service” ecosystem, but for cybercriminals. Think AWS, but for rug pulls. 🔥 Crypto scams used to be clumsy. Now they’re enterprise-level. And if you’re building infrastructure for scammers, don’t be shocked when the feds treat you like one. Even your GitHub repo might be wearing a mask. Stay paranoid, friends. ➡️CRYPTO ROAST

☠️ Cork Protocol uncorked — $12M gone like it’s happy hour 🟠Another day, another DeFi rug with a fancy UI. Cork Protocol just got popped for $12 million after someone figured out their contracts were about as secure as a wet paper bag. 3,761 wstETH drained and swapped to ETH faster than their devs could say “we’re investigating.” 🟠The official response? Pause contracts. Post on X. Pray. Classic 2025 playbook. Co-founder Phil Fogel says they’re “reviewing a potential vulnerability.” Spoiler alert: the vulnerability is writing unaudited code and calling it innovation. 🟠At this point, it’s not even surprising. Every protocol wants to be the next DeFi unicorn, but they forget the horn needs armor. And audits? Nah, too expensive — better to YOLO launch and hope no one notices the gaping exploit window. 🟠This isn’t a black swan. It’s a recycled pigeon with a knife. DeFi’s greatest feature — composability — has turned into its favorite attack vector. And the scoreboard? Hackers: 1, Protocol: paused. 😵‍💫 If your DeFi project can’t survive a bored hacker with Etherscan, maybe it shouldn’t survive at all. Web3 devs, stop acting surprised when code you wrote in a weekend gets turned into someone’s beach house. And for users? If the contract wasn’t audited, consider your deposit a donation. ➡️CRYPTO ROAST

🆕 UPD: Third arrest made in NYC crypto torture case 🟠William Duplessy, 33, has turned himself in — becoming the third person arrested in the brutal Soho kidnapping of Italian tourist Michael Theofrasto. Alongside John Woeltz, he allegedly helped run a weeks-long campaign of beatings, electroshock, and psychological torture, all to extract wallet access. 🟠NYPD confirmed the suspects were tied to a crypto hedge fund. That’s not a coincidence — that’s convergence. Finance meets force. OPSEC failures meet opportunistic brutality. 🟠This wasn’t a rogue incident. This was a syndicate in motion. Negotiated surrenders. $30K/month safehouses. Multistage blackmail operations. And a message: cold wallets don’t stop warm bodies. 💭 This update doesn’t end the story — it deepens the warning. The $5 wrench isn’t a joke anymore. It’s becoming an ecosystem. And if you’re sitting on-chain with visibility and no physical security, you are not “early” — you’re exposed. ➡️CRYPTO ROAST

🤘 Instagram hacked. Passport exposed. Solana co-founder targeted. 🟠On May 27, the official Instagram account of Migos was hijacked — not for memes, but for extortion. Hackers posted at least seven photos allegedly showing Solana co-founder Raj Gokal holding up his passport and driver’s license, fully visible and uncensored. The captions? “It was just 40 BTC… you should’ve paid.” 🟠Other images appeared to show Gokal’s wife holding her ID, along with screenshots exposing phone numbers, emails, and other sensitive data. It was the kind of visual KYC usually required by exchanges — now turned into ammo for public threats. The origin of the images is unclear. Real leak? AI deepfake? Either way, it’s warfare by exposure. 🟠Just days earlier, Gokal warned on X that someone was trying to seize his email and social accounts. Now it’s clear: this is a calculated pressure campaign. A very public, very personal extortion attempt, weaponizing social media as a threat vector. 🟠We’ve seen this before. Earlier this year, podcaster Scott Melker revealed that deepfake IDs were used to steal $4M from a victim. As KYC data leaks grow and AI tools improve, more of us become vulnerable to this next-gen blackmail. 🫥 Solana is fast — but threats move faster. You want privacy? Then stop blindly uploading your face and passport to every platform promising yield. Today it’s just “compliance.” Tomorrow it’s your selfie — and a ransom note — broadcast to millions. Web3 is public. You shouldn’t be. Protect yourself. ➡️CRYPTO ROAST

💵 $2.6M lost to double address poisoning. One victim. Two scams. Three hours. 🟠It started like any other day. One crypto investor made two USDT transactions — $843K, then $1.75M just three hours later. Both went straight into the hands of scammers. Not because he was careless, but because he trusted his transaction history. 🟠The method? Zero-value transfers — a more advanced form of address poisoning. Attackers send fake $0 token transfers from wallet addresses designed to look familiar. Victims see the address in their wallet history and assume it’s safe. When real money is sent next time, it’s already game over. 🟠This isn’t niche. This is systematic. Between mid-2022 and mid-2024, there were over 270 million poisoning attempts on Ethereum and BNB Chain alone. Over 6,000 succeeded. Total losses? More than $83 million — no hacks, no malware, just pure psychological manipulation. 🟠In this case, the same wallet got hit twice in three hours. This wasn’t bad luck. It was a targeted drain — using zero-value bait, social engineering, and reliance on human pattern-recognition to steal millions in plain sight. 🧪 The blockchain never lies — but your wallet UI might. Never trust history. Don’t rely on partial address matches. Triple-check before every transfer. Because today it’s just a test transaction. Tomorrow, it’s your portfolio on the line. ➡️CRYPTO ROAST

🤘 $5 wrench attacks are scaling — and no one’s ready 🟠Manhattan, SoHo, $30K/month townhouse turned into a crypto dungeon. A 28-year-old Italian man held for weeks by investor John Woeltz. Beaten, electroshocked, pistol-whipped, dangled from balconies — all to force access to his Bitcoin wallet. When he refused? They sawed his leg and made him smoke crack. This isn’t crime of passion. It’s calculated extraction. 🟠And it’s not an isolated case. In just the past few months we’ve seen a surge of real-world crypto kidnappings: In Paris, a founder’s father was held for ransom. In London, a tourist was drugged and robbed of $123K. In France, a Ledger co-founder was kidnapped and rescued by police. These aren’t one-offs — they’re part of a growing pattern. 🟠Private security firms like Infinite Risks International report a surge in crypto-related protection contracts. High-net-worth holders are hiring bodyguards. French authorities are briefing founders and fast-tracking police support. Because the next victim could be anyone with a wallet worth opening. 💬💬 This isn’t about cold storage anymore. This is physical. This is personal. This is targeted. Your multisig won’t save you when you’re duct-taped to a chair. Your real OPSEC starts with invisibility. Because no one kidnaps the broke. And if you’re flashing wealth on-chain or off — you might already be on someone’s list. ➡️CRYPTO ROAST

🛠️ $223M “bug” on Sui? This wasn’t a glitch — it was a high-speed extraction 🟠On May 22, Sui-based DEX Cetus processed nearly $2.9B in volume — up from $320M the day before. Not because of growth, but because of collapse. Over $200 million drained from pools in hours. The team called it “a bug.” On-chain analysts called it what it is: a full-scale exploit. 🟠Hacken confirmed at least $63M was bridged to Ethereum, including 20,000 ETH in a single transaction. AMLBot tracked $212M moving cross-chain at $1M per minute. That’s not a bug — that’s a strategy. Onchain Lens added that the attacker had full control over all SUI-denominated pools and already started shifting USDC. 🟠Cetus admitted the breach. $223M stolen. $162M frozen. Smart contracts paused. The Sui Foundation and validators stepped in to isolate malicious addresses. But the damage had already been done. 🟠Tokens like LBTC and AXOL lost up to 99% of their value on Cetus. Sui money market Scallop halted all borrowing. This wasn’t a technical hiccup — this was a reminder. Your funds can disappear faster than you can hit “refresh.” 💭 It’s not “just a bug” when $200M vanishes. It’s a wake-up call. If you’re farming on autopilot, you’re not yield farming — you’re bait. ➡️CRYPTO ROAST

😈 UPD: $250M LIBRA Rug Blows Back on Argentina’s Milei 🟠First he shilled it. Then it rugged. Now he’s pulling the plug on the investigation. Argentina’s President Javier Milei just dissolved the unit probing the $250M LIBRA collapse — the same memecoin he hyped on X that later nuked investors and vanished in classic rug fashion. 🟠Decree 332/2025 claims “objectives were fulfilled.” But no report was published, no one held accountable, and investors still licking wounds. Meanwhile, the dev Hayden Davis is rumored to have cashed out $99M and disappeared. 🟠LIBRA pumped to a $4.5B cap after Milei’s post. Then insiders dumped. Global holders were left holding the bags. Legal heat is now on in Argentina and the U.S., with class-action suits citing Milei’s “deceptive promotion.” 🟠Critics say the now-disbanded task force was toothless from day one — run by allies, reporting to the executive, and likely designed for damage control. With Argentine prosecutors and parliament now stepping in, the real investigation might finally begin. 🔍 Pro tip: If a sitting president turns influencer for a memecoin, maybe don’t ape in like it’s a policy move. This isn’t financial advice — it’s a political circus on the blockchain.

🛞 American Tourist Drugged and Robbed of $123K in London “Wrench Attack” 🟠A two-day layover turned into a crypto nightmare for Jacob Irwin-Cline, a tourist from Portland, Oregon. After a night out in London’s Soho district, he got into what he thought was his Uber. The driver knew his name. The car was not the one on the app. But it was late, and the guy “seemed chill.” 🟠What followed was a textbook setup. The fake driver offered him a cigarette — laced with scopolamine, a sedative that erases memory while keeping you “cooperative.” Under the influence, Irwin-Cline gave up his phone passcode and unknowingly opened access to his Revolut wallet. The damage? $123,000 in crypto gone: $72K in XRP, $50K in Bitcoin, and smaller altcoin holdings wiped. 🟠The next thing he remembers: waking up in an unfamiliar part of London, wallet drained, no one in sight. 🟠Police confirmed the attackers forcibly logged into his Revolut account and transferred the funds. The case is being investigated, but so far — no arrests. 🟠This is just the latest in a rising wave of physical crypto heists across Europe — from Paris kidnappings to Thai hotel room ambushes. The term “$5 wrench attack” is no longer a meme — it’s a real-world threat. And your Ledger won’t save you when you’re drugged in the backseat of a fake Uber. 🏦 Traveling with serious bags? Act like it. Don’t flex. Don’t get comfortable. And for the love of Satoshi — never share your phone unlock code. ➡️CRYPTO ROAST

💵 Australian Police Seize Bitcoin, Mansion, and Benz Linked to 2013 Exchange Hack 🟠The Australian Federal Police just froze a $2.88M waterfront mansion, a Mercedes, and 25 BTC tied to a 2013 crypto exchange exploit. The alleged owner? A hacker already convicted for selling gamer data from League of Legends. 🟠While no charges have been filed over the stolen 950 BTC, the AFP used special powers to seize the assets — claiming they couldn’t be linked to any legit income. Investigators say the crypto was moved through suspicious transactions and likely stems from a French exchange breach. 🟠The confiscated property belonged to Shane Stephen Duffy, previously convicted for selling hacked data. He also once hijacked the X account of Riot Games’ president to promote his black-market biz. 🟠The AFP stressed that proceeds from seizures like this go into a national fund for crime prevention — and with over $1.2B in total confiscations since 2019, it’s clear: in Australia, dirty crypto buys you a house… until it doesn’t. 🦘 Bitcoin might not be anonymous, but Australian law sure is aggressive. Keep your bags clean — or they might just get seized with the Benz. ➡️CRYPTO ROAST

🔤 Blum Co-Founder Arrested — $15M Fraud Allegations, Airdrop Now in Question 🟠Vladimir Smerkis, ex-Binance Russia lead and co-founder of the Telegram-native crypto project Blum, has been arrested in Moscow. Russian media report he’s under investigation for “large-scale fraud” tied not to Blum, but to his earlier ventures — Tokenbox and The Token Fund, which allegedly left investors $15M in the red. 🟠The Zamoskvoretsky court approved his detention under Article 159 — a serious fraud statute that carries up to 12 years in prison. As of now, formal charges haven’t been confirmed. 🟠Blum was quick to distance itself, announcing on X that Smerkis has resigned and has zero involvement in current operations. The team insists it’s “business as usual.” 🟠But the community isn’t buying it. Just weeks ago, Blum hyped its Drop Game and teased a BLUM token listing in Q3 — with users grinding hard to earn “Blum Points” for the airdrop. Now? Radio silence. 🟠Influencers are calling it out: “No airdrop. No updates. Just silence.” The sentiment is shifting fast — and users are wondering if they’ve been farming pixels for nothing. 🫡 Pro tip: When your roadmap is gamified tapping and your exec ends up in jail — the market’s trust won’t tap back. Telegram-based or not, projects need credibility. And Blum’s is losing it flake by flake. ➡️CRYPTO ROAST

➕ UPD: Ex-Artist Loses $2M in Fake Coinbase Scam Tied to Ongoing Breach 🟠A new victim has surfaced in the Coinbase data breach fallout. 67-year-old retired artist Ed Suman — known for helping craft Jeff Koons’ iconic Balloon Dog sculptures — lost his entire crypto savings after being duped by a fake Coinbase support agent. 🟠Suman stored 17.5 BTC and 225 ETH (~$2M) on a Trezor hardware wallet. But in March, he received a text claiming his Coinbase account was under threat. A scammer posing as “Brett Miller from Coinbase Security” called him, claimed the wallet was compromised, and walked him through a bogus “security protocol” — one that led him to enter his seed phrase into a phishing site mimicking Coinbase. 🟠Nine days later, another follow-up call sealed the theft. All his funds were gone. 🟠This incident lands right in the middle of Coinbase’s ongoing internal breach. Just this week, the company admitted support agents were bribed in India, leaking customer info like names, balances, and transaction histories. Up to 1% of active users may have been affected. Estimated damage: $180M to $400M. ⚠️ One retired sculptor, one fake agent, and a $2M disaster. The breach isn’t just numbers on a balance sheet anymore — it’s real people, real lives, and irreversible losses. Think hardware wallets make you immune? Think again. The weakest link isn’t the device — it’s human trust. ➡️CRYPTO ROAST

💵 $400M Breach at Coinbase: Insider Bribes, Stolen Data, and a Refused Ransom 🟠Welcome to the dark side of Web3 customer support. Hackers bribed Indian-based Coinbase contractors and got access to sensitive user data—names, emails, phone numbers, masked bank info, and even ID photos. The prize? A fat ransom demand of $20M. 🟠Coinbase didn’t flinch. Instead of paying, they fired the compromised agents, reported the attack to law enforcement, and offered a reverse bounty: $20M for info leading to the hackers’ arrest. 🟠The damage? Less than 1% of users compromised—but the fallout is real. Coinbase expects to shell out $180M to $400M in reimbursements, fraud protection, and legal cleanup. And yes, its stock dipped hard right before they’re due to enter the S&P 500. 🟠The kicker? Victims got calls pretending to be from Coinbase. Scammers had their data and told them to "verify" info or move funds to a fake "self-custody wallet." One hacker bragged: “We made $7M today.” 🟠Meanwhile, regulators are circling. The SEC is probing Coinbase (again), this time over allegedly inflated user stats from their IPO era. 💭 Lesson? OPSEC isn’t just on-chain. Vet your support vendors like your validators. And never trust a DM asking for your seed. Coinbase survived this round. But the bigger question: who’s next? ➡️CRYPTO ROAST

🅰️ UPD: Paris Crypto Attacks — Chainalysis says criminals still think Bitcoin is untraceable 🟠Paris is becoming a crypto warzone this May. First, a €7.8M ransom kidnapping. Then, Paymium CEO’s daughter and grandson fought off armed attackers in broad daylight. And now, Chainalysis CEO Jonathan Levin drops the truth: these gangs are stuck in 2017. 🟠Speaking at Consensus 2025, Levin said it bluntly: crypto ain’t anonymous anymore. But old-school criminals still think they can launder BTC like cash. Reality? Those onchain breadcrumbs are leading cops straight to their doors — and yes, sometimes even with asset recovery. 🟠Funny? Maybe. Sad? Definitely. Levin warns this “Bitcoin = cash” delusion is why gangs are grabbing guns and going full wrench attack on crypto whales — blind to the fact that blockchain forensics is two steps ahead. 🟠Worse? It’s a global trend now. Levin confirmed it’s not just France. Vegas, Spain, across Europe — same playbook. And while law enforcement is getting sharper, crypto influencers keep flexing Lambos and NFTs like it’s bull run season. 🤑 Bottom line? Blockchain will expose them. But a gun in your face still moves faster. Stop living in 2017. Upgrade your OPSEC. Stop flexing your bags. And accept that in 2025, paranoia is your best wallet. ➡️CRYPTO ROAST

🔤 Crypto CEO’s Family Fights Off Armed Kidnappers in Paris 🟠The offline violence against crypto elites is escalating. On May 13, Paymium CEO Pierre Noizat’s daughter and grandson were attacked in broad daylight in Paris. Three masked men tried to kidnap them — but the daughter didn’t go down easy. She fought back, disarmed one of the attackers, and threw the gun away while passersby jumped in to help. 🟠The attackers fled, leaving behind a van and chaos. All victims were hospitalized, and the case is now under the scrutiny of France’s anti-banditry police unit. 🟠This isn’t an isolated incident. Just this month in Paris, another crypto entrepreneur’s father was freed from kidnappers who demanded €7M ransom. In Las Vegas, teens held a crypto investor at gunpoint for $4M in crypto and NFTs. The message? Offline crypto crimes are no longer rare — they’re becoming the new norm. 🟠Crypto veterans like Jameson Lopp have long warned about the rise of so-called “wrench attacks.” The scariest part? They’re often underreported. Victims stay silent out of fear or humiliation. 🚨 In this game, OPSEC isn’t optional. Stop flaunting wealth online, rethink your public routines, and remember: in crypto, your physical security is now as important as your private keys. ➡️CRYPTO ROAST

☠️ UPD: Curve’s Nightmare Continues — From X Hack to DNS Hijack 🟠Remember Curve’s X account hack earlier this month, where scammers pushed a fake CRV airdrop? You’d think that was enough chaos for May. Well, think again. Curve just confirmed their DNS was hijacked — again. 🟠Now, when users visit curve.fi, they’re landing on a phishing clone rigged with a wallet drainer. Connect your wallet or sign anything? Say goodbye to your funds. 🟠Blockaid confirmed it’s a classic front-end hijack. The smart contracts are fine. But the interface? Fully hijacked and weaponized against unsuspecting users. 🟠This makes the second attack on Curve this month alone. First X, now DNS. Curve says the DNS still points to a malicious IP, and they’re trying to resolve it with the registrar. They also claim their passwords and 2FA were intact, but let’s face it — their front end is still compromised. 🟠And here’s the kicker — Curve already went through a similar attack back in 2022. Guess those lessons didn’t stick. ⚡ TL;DR for all DeFi users: If you visit Curve and see a green connect button? That’s your red flag now. Don’t trust old front ends. Always double-check, think twice, and confirm you’re not signing your bags away. ➡️CRYPTO ROAST

🎸 Ledger Discord hacked: Phishing bot tried to steal seed phrases 🟠Even cold wallet holders aren’t safe from old-school social engineering. Over the weekend, Ledger’s Discord got compromised — all thanks to a hacked moderator account. The attacker deployed a bot that spammed users with fake alerts about a critical Ledger vulnerability and phishing links, urging them to “verify” their seed phrase. 🟠Making things worse, the hijacked mod account started banning and muting members who tried to warn the community. Classic Discord chaos. According to Ledger, the situation was swiftly contained — the bot was removed, access revoked, scam links taken down. But whether damage was already done? Still unclear. 🟠And it’s not the first phishing drama around Ledger. Just last month, scammers were sending physical letters to Ledger owners, complete with company branding and fake QR codes asking for seed phrases. All leftovers from the infamous 2020 Ledger data leak. 💀 Reality check? Your cold wallet won’t save you if you sign, click, or enter your seed into the wrong place. Always triple-check links. And remember: Ledger will NEVER ask for your seed phrase. Not on Discord, not by mail, not anywhere. ➡️CRYPTO ROAST