Hacker steals $16 million from Indexed Finance
A hacker drained $16 million from Indexed Finance, a defi protocol built on the Ethereum blockchain. The stolen funds represented nearly half of the total value locked on the platform. The hacker was later revealed to allegedly be an 18-year-old Canadian named Andy Medjedovic, who continued to refuse to return the funds even when his identity was revealed. The hacker argues that he simply took advantage of an arbitrage opportunity, and swore to "fight to the death" in court over his right to keep the money. However, the hacker never showed up to a December court appearance, and a warrant was issued for his arrest.
Four NFT projects on the Solana blockchain rug-pull in one day
Developers behind Solana Towers, an NFT project allowing investors to buy rooms in a metaverse virtual condo as NFTs, disappeared with around $280,000 a day after the project's launch. It was only one of the projects to do so that day, joining the developers behind three other Solana NFT projects: "Interstellar Bots", "Cheesy Dizzy", and "Technidroids".
The creator of the "Evolved Apes" NFT project makes off with $2.7 million a week after launch
A week after the launch of the "Evolved Apes" NFT project, which consisted of 10,000 NFTs and a promised fighting game, the anonymous developer behind the project disappeared after pulling the equivalent of $2.7 million out of the project's funds.
Baller Ape Club NFT developers rug pull for $2.6 million
A blatant clone of the extremely popular Bored Ape Yacht Club project, called "Baller Ape Club" and on the Solana blockchain, went live after much anticipation. Shortly afterwards, its creators made off with $2.6 million and deleted their websites and social media. The same group had pulled off one rug pull already, stealing around $150,000, and later went on to do a third rug pull in January 2022.
Founder of DeFi platform Compound threatens users who received mistaken payments with the IRS
Robert Leshner, the founder of Compound Labs, took an unusual approach when trying to recoup funds that were mistakenly distributed through a $160 million bug in the protocol. He tweeted, "Please return [the funds]. Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS". The threats were not received particularly well, with some questioning what assumptions Leshner was making about his typical user's tax status, and Leshner subsequently apologized for his "bone-headed" tweet.
An NFT project developer steals $138,000, sending images of random emojis to buyers
NFT collectors eagerly bought thousands of presales of an NFT project called "Iconics" after viewing sample artwork from a supposedly 17-year-old 3D artist. When they viewed their NFTs, instead of the 3D busts they had expected, they were brought to images of random collections of emojis. It was later discovered that the artwork had been stolen from an artist unaffiliated with the NFT project.
German government's blockchain-based ID wallet removed from app stores shortly after launch due to major issues
Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".
- "ID Wallet: The German government had long known about IT security vulnerabilities", Market Research Telecast
- "Konzeptionell kaputt und ein riesiger Rückschritt", Netzpolitik.org
Vee Finance platform emptied of $35 million a week after its launch
The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.
pNetwork loses $12 million to a bug
Supply chain attack drains $3 million from SushiSwap
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.