investigation

According to Bloomberg, the Commodity Futures Trading Commission (CFTC) is conducting a broad investigation into the prediction market platform Polymarket, covering its business activities including social media operations.Previously, The Wall Street Journal reported that Polymarket hired dozens of social media creators, primarily of college age, to create fake trading videos to attract users. This investigation encompasses other aspects of the company's business. The CFTC and the Department of Justice concluded an investigation last year into whether Polymarket violated the ban on U.S. users, but some U.S. users still access its main platform by circumventing the ban through VPNs and other means.Since reaching a settlement with the CFTC in 2022, Polymarket has technically prohibited U.S. users from using its main platform, but the company is taking steps to reintroduce its main exchange to the U.S. and is cooperating with the CFTC to lift the ban. Senators Adam Schiff and John Curtis sent a letter to the CFTC last Thursday, requesting confirmation of whether an investigation into Polymarket's advertising practices is ongoing and inquiring how the agency has prevented Polymarket from attracting U.S. users since the 2022 action.

According to the Wall Street Journal, several U.S. lawmakers are calling for an investigation into the prediction market platform Polymarket, as its advertising is alleged to potentially contain misleading content.It is reported that the lawmakers believe Polymarket may not clearly disclose the nature of its products and associated risks in its marketing, which could mislead users. Some legislators have requested regulatory agencies to intervene and assess the compliance of its advertising and information disclosure standards.

According to "On-Chain Detective" ZachXBT's post on his personal channel, Polish social engineering attacker Wojtek Kulisz (online name "Merry") was recently suspected of being raided by Polish law enforcement, along with three others being taken away.Although the official press release did not disclose his name or photo, several designer clothing and jewelry items displayed on his public Instagram account "wojtekk" are highly consistent with the items seized during the police operation. The related case is led by the Polish Central Cyber Crime Fighting Department (CBZC) and has received assistance from agencies such as the FBI and HSI.

The National Association of Attorneys General, the National Association of Assistant U.S. Attorneys, the International Association of Chiefs of Police, and the National Sheriffs' Association jointly sent a letter to the Department of Justice and the White House on Tuesday, warning that Section 604 of the Digital Asset Market Structure Clarity Act contains serious enforcement loopholes that could make it difficult for law enforcement agencies to investigate and prosecute crypto-related criminal activities. The letter pointed out that Section 604 includes broad exemption clauses that may allow individuals or entities assisting in the circulation of crypto assets to evade regulatory accountability, disrupting the investigative and enforcement powers that have long been relied upon.The four organizations emphasized that their concerns are not aimed at developers who simply write or publish software code, but rather at the broad exemptions that may provide a shield for illegal activities. The core of the controversy lies in Section 604—the "Blockchain Regulatory Clarity Act" (BRCA) provision, which was originally a standalone bill but was later incorporated into the Clarity Act, aimed at providing a safe harbor for non-custodial developers, clarifying that they do not fall under money transmission entities. Law enforcement organizations believe this move will create obstacles for investigations into crypto crimes.Additionally, the letter pointed out that several other provisions of the bill would "reduce transparency, weaken accountability mechanisms, and create loopholes in the anti-money laundering framework." On the same day, nearly a hundred Catholic leaders representing parishes across the country also issued a warning, stating that the bill could weaken protections against human trafficking. In response, White House cryptocurrency advisor Patrick Harker insisted that the Clarity Act is a bill that "supports regulation and supports law enforcement," emphasizing that the U.S. must proactively set standards or risk passively accepting the rules of other countries.

Democratic senators in the United States are urging an investigation into the Trump family's alleged $500 million cryptocurrency deal with the Abu Dhabi royal family.

According to Decrypt, the Thai Special Investigations Department (DSI) has expanded its investigation into the "gray Chinese capital" network. This network is suspected of using illegal cryptocurrency mining to launder money from phone scams and online gambling, with an annual amount involved exceeding 30 billion Thai Baht (approximately 300 million USD). Currently, authorities have seized 6,390 mining machines, with illegal electricity theft losses reaching 953 million Thai Baht (approximately 29 million USD), and arrest warrants have been issued for 4 Chinese financiers and 4 Myanmar nationals.The U.S. Secret Service has seized over 17.8 million USD in cryptocurrency assets related to key suspect Wang Yicheng, who is alleged to be connected to "pig butchering" scam operations. Additionally, the investigation also involves several officials from Thai electricity agencies and law enforcement personnel, and the case has been handed over to the National Anti-Corruption Commission for handling.

The privacy public chain Namada officially announced a vulnerability incident. The team is currently investigating the related issues and has contacted relevant parties for collaborative handling. If the operator behind this attack is a white hat hacker, we hope they will proactively contact the team to further understand the vulnerability situation and promote problem resolution.On-chain data shows that some ATOM assets related to the incident are suspected to have been transferred out to a Cosmos Hub network address via IBC (Inter-Blockchain Communication protocol). Approximately 228,517 ATOM funds related to that address were subsequently cleared within a few hours through IBC transfers and multiple withdrawal operations. Currently, that address has only a small remaining balance.

According to CriptoNoticias, Chilean judicial authorities have launched an investigation into the cryptocurrency platform Plusspay, accusing it of providing a money laundering channel for the multinational criminal organization Aragua Train.The investigation shows that the platform may have exchanged local fiat currency for Tether, USD stablecoins, and other stablecoins through multiple affiliated companies, and used the Chilean banking system to transfer funds, with the scale of related suspicious fund flows exceeding 84 million dollars.

Regarding the suspected attack on the Aztec Router contract on the Ethereum chain, Aztec Labs has officially launched an investigation and clarified that Aztec Connect was deprecated three years ago. Aztec Labs does not hold any administrator keys or control over the system, and currently cannot pause or upgrade it. Therefore, the community is reminded to be vigilant against false "support" accounts and private messages.

Humanity released an independent investigation report by Quantstamp, which disclosed that in the H token security incident, the attacker used tools and methods characteristic of North Korean hackers, disguising themselves as communication from the Bithumb exchange through phishing emails, inducing project directors to click on malicious attachments, thereby deploying a remote control Trojan on their devices, ultimately gaining full desktop control and wallet private keys. Subsequently, on Ethereum and BNB Chain, they launched on-chain attacks: on the Ethereum side, by stealing keys to upgrade contracts and transferring approximately 141.18 million H tokens, and on the BSC side, by taking over the ProxyAdmin contract and minting new tokens. The stolen assets were then continuously sold on Uniswap and PancakeSwap for about 8 hours, causing significant impact on liquidity and market prices.Currently, the H token contract on the Ethereum side has been frozen, the mainnet bridge remains unaffected, but the BSC deployment has been controlled by the attacker and still has minting permissions. The team is working with exchanges and security parties to advance subsequent disposal and recovery plans, while reminding users to be wary of false "compensation/claim" links, and stated that further progress will be announced through official channels.Previously, the Humanity Protocol was attacked, resulting in the leak of a private key from a member of the Humanity Foundation, leading to over 31 million dollars in funds being stolen.

According to CCTV International News citing the Wall Street Journal on June 12 local time, multiple state attorneys general in the United States have launched a joint investigation into the OpenAI.The report states that the artificial intelligence company received a subpoena on the same day, requiring it to provide documents related to several of its business activities and their impact on users. OpenAI is currently facing multiple lawsuits concerning design issues of its chatbot ChatGPT that have led to user suicides or caused adverse effects on users.Some of the lawsuits point out that the design of ChatGPT "prioritizes user engagement over safety."

The South Korean police have listed Bithumb CEO Lee Jae-won as a suspect in a bribery case related to the employment of Kim Byung-kee's son, a member of the National Assembly of South Korea, at Bithumb. The Seoul Metropolitan Police Agency's Public Crime Investigation Unit is investigating Lee Jae-won and Bithumb, with the allegations involving Bithumb hiring Kim Byung-kee's son.The police reportedly obtained a statement from Kim's former assistant, stating that Kim requested Lee Jae-won to hire his second son in November 2024. Kim's son subsequently joined Bithumb two months later and worked at the trading platform for six months. Kim also requested Bithumb to hire one of his assistants, who then joined Bithumb in September last year and has been working there since.The South Korean police believe that Kim, as a member of the National Assembly's Financial Affairs Committee, engaged in legislative activities against Bithumb's competitor Upbit and raised concerns about Upbit's market monopoly. This development comes after months of investigation into the relationship between Kim and Bithumb, which included two searches and seizures.

According to The Block, the Public Crime Investigation Division of the Seoul Metropolitan Police Agency in South Korea has identified Bithumb CEO Lee Jae-won as a suspect in a bribery case, which is related to independent lawmaker Kim Byung-kee.Police received testimony from a former assistant stating that Kim requested Lee to arrange for his second son to work at Bithumb in November 2024, and his son started working there two months later, remaining for about six months; Kim had also previously asked Bithumb to hire one of his assistants, who has been employed by the company since September 2025. The police are investigating whether the aforementioned employment is linked to Kim's legislative actions against Upbit's operator Dunamu during his time on the National Assembly's Financial Committee, including allegations of Upbit monopolizing the market.

On-chain detective ZachXBT posted on platform X, stating that the demands from the crypto community for its investigative work are often difficult to meet.ZachXBT mentioned that when it publishes token manipulation investigations before insiders exit, it gets accused of shorting related projects, such as RAVE, M, and LAB; whereas when it releases investigation results after events occur, it is criticized for failing to issue warnings in advance.He stated that continuously facing such doubts has gradually diminished his motivation to regularly publish investigation reports, as he prefers to continue conducting investigations privately rather than endure public pressure. ZachXBT also criticized some community members for overly relying on its investigative results instead of conducting their own research.

Haedal posted on platform X that the team recently monitored an abnormal decrease in liquidity in some of Haedal's Vault pools. As a precaution, related contracts have been suspended, and an investigation is underway to determine the root cause to prevent further impact.The affected range is limited to a few Vault pools, and other products are safe and unaffected. All related direct losses will be fully borne by Haedal. The team will provide a more detailed investigation update after the analysis is completed.

edgeX announced, "We have observed sudden and unusual price fluctuations of the EDGE token and are currently actively investigating the reasons. The team is urgently understanding the specific situation and will publish updates as soon as relevant information is confirmed. The official reminder to users is to rely only on information released through edgeX's official channels and to treat unverified market speculation with caution."Previously, the edgeX platform token EDGE experienced a "flash crash," dropping over 77% to $0.315, and the 24-hour decline has now narrowed to 41.13%.

Regarding the attack on the Kelp rsETH LayerZero V2 bridge that occurred on April 18, Aave released a post-incident investigation on the X platform, emphasizing that the exposure was primarily due to third-party bridge infrastructure rather than the protocol itself. The attacker executed an RPC poisoning attack targeting a single validator of LayerZero, forging a cross-chain message. This led to the release of 116,500 rsETH on the Ethereum side without actual destruction on Unichain. The attacker subsequently deposited the stolen rsETH into Aave V3 (Ethereum Core and Arbitrum), borrowing approximately 82,650 WETH and 821 wstETH.The Aave Protocol Guardian and Risk Steward immediately implemented protective measures for the rsETH and WETH reserves. Currently, the WETH and rsETH markets in the affected V3 deployments are operating normally. The rsETH held by the attacker on Arbitrum has been destroyed, the LayerZero OFT adapter has been fully recharged in five batches, rsETH support has been fully restored, and Kelp has reopened the withdrawal, bridging, and claims functions for rsETH. The WETH LTV in the affected markets has been reset to pre-attack values, and Aave V3 is fully operational across all markets except for rsETH.The Arbitrum DAO has voted to authorize the transfer of frozen ETH to Aave LLC, and it is currently awaiting on-chain execution. The court is still reviewing the substantive content of the injunction, and Aave LLC will continue to comply with the injunction during the court's deliberation. Ongoing projects include: the Aave risk framework from Llama Risk, the bridging assessment framework, the release of evaluation reports for currently live assets, on-chain execution of Arbitrum DAO votes, and the court's review of the injunction.

The French newspaper "Le Monde" revealed that there has been new progress in the investigation of a cryptocurrency-related kidnapping case that occurred in 2023. French law enforcement discovered a transnational money laundering network involving multiple countries and cryptocurrency wallets while tracing the flow of a €1.7 million cryptocurrency ransom. The victim was the father of the well-known crypto influencer "TeufeurS." The kidnappers threatened the victim's family via text messages and demanded ransom payment in cryptocurrency. Ultimately, TeufeurS transferred a total of €1.7 million to the kidnappers' designated wallet in two installments, after which his father was released.The investigation showed that part of the ransom flowed into wallet accounts controlled by foreign nationals after multiple transfers. One transfer of $131,000 was successfully traced by the French gendarmerie, with leads ultimately pointing to a cryptocurrency wallet controlled by Venezuelan nationals. The case further revealed the complex chain of money laundering utilized by criminal organizations through cross-border cryptocurrency transfers, anonymous wallets, and overseas platforms. The report stated that this case is considered one of the significant examples of kidnapping and extortion cases in the European cryptocurrency industry and may serve as an early template for multiple kidnapping cases targeting cryptocurrency practitioners in France and Europe in 2025.

The Spanish Directorate General for the Regulation of Gambling (DGOJ) has requested internet service providers to temporarily block the prediction market platforms Polymarket and Kalshi.The regulatory agency believes that both platforms are offering prediction trading products based on the outcomes of future events to local users without obtaining a gambling license in Spain, which may violate local gambling laws. The Spanish authorities stated that unlicensed platforms lack necessary consumer protection measures such as identity verification, protection for minors, and self-restriction mechanisms.Reports indicate that the relevant investigation is expected to last 3 to 4 months. During the investigation, Spanish users will receive risk warnings when accessing the relevant websites. The regulatory agency may subsequently impose fines, permanent restrictions, or require applications for local licenses.