The post invited people to visit a website that prompted users to connect their wallets in order to receive the airdrop. Users who did so found their NFTs transferred out of their wallet to the scammer. So far, 44 people have fallen for the scam site, transferring a total of 133 NFTs with an estimated value of around $2.4 million. The stolen NFTs included items from pricey collections including Bored Apes, Mutant Apes, Bored Ape Kennel Club, and CloneX. Several of the NFTs had previously been sold for over $100,000 each.
133 NFTs valued at $2.4 million stolen when hacked Bored Apes Instagram advertises fake land airdrop
Byrne and Collins published the paper via their co-founded company Streetlight Equity. The firm has also published ostensibly economic-focused articles that include conspiracy theories about how U.S. sanctions on Russia are all a part of a plan to "force the left's green agenda", and rail against pandemic lockdowns.
This is not the first unsolicited newspaper from the Epoch Times or its associates; the Falun Gong-associated and strongly anti-Chinese Communist Party publication previously distributed an unsolicited "special edition" which described COVID-19 as the "CCP virus". This led to pushback from Canadian postal union, who urged the Canadian government to ban its distribution as hate speech they feared would endanger Asian Canadians. Epoch Times have also spread QAnon and anti-vaccine conspiracy theories, spread false claims of fraud in the 2020 United States presidential election, and promoted far-right politicians in Europe.
Navalny has been imprisoned in Russia since returning in January 2021, shortly after recovering from poisoning: an attempt on his life reportedly ordered by Putin. While in prison, Navalny's foundation has encouraged people to donate cryptocurrency using Binance. They have raised more than 670 Bitcoin ($28 million) so far, despite the Russian government outlawing the foundation and labeling it a terrorist organization. Donors to Navalny's cause now face potentially serious danger as they've been identified to the Putin regime by Binance.
Crypto proponents have long promoted the technology's potential to fund individuals who are targeted by oppressive regimes, and to allow anonymous and untraceable donations.
The contract suffered from several flaws, however. The first allowed an exploiter to stop all refunds and withdrawals from the contract. Luckily for the team, the exploiter was well-intentioned and only intended to highlight the issue; they removed the block shortly after, leaving a message urging the team to have their contracts audited before release.
AkuDreams were not so lucky with the second issue. A bug in the code failed to account for users minting multiple NFTs in a single transaction, which made it so that the claimProjectFunds function that would allow the team to withdraw their earnings can never successfully execute. This means that the team can never withdraw the 11,539 ETH ($34 million) earned from the NFT sales—it is stuck there forever.
52 different people fell for the scam, losing a total of around $4.3 million in assets. The scammers appeared to be targeting high-value wallets, with only two accounts transferring less than $1,000. 24 individual wallets were scammed for more than $10,000 each, 7 wallets lost more than $100,000, and one user lost almost $1.4 million.
Following a thread by zachxbt outlining the team's rug pull, the project founder made the first post in the project Discord since December, announcing a theme song competition with no acknowledgement of the team's absence and lack of progress.
This event once again shows how it is people like zachxbt who are left to try to hold project creators accountable in the absence of reasonable regulation or enforcement.
More than a few people expressed shock at seeing what they believed to be a hate symbol on their Twitter feeds from a large brand. The date of release only made things worse—April 20 is celebrated among fascists because it is Hitler's birthday. Tweets from Binance's official Twitter account and the Twitter account of founder and CEO Changpeng Zhao (known as "CZ") were quickly deleted, though the emojis remained. Several hours later, Binance changed the emoji to a globe with the Binance logo.
Twitter doesn't publicly list how much it costs to obtain a branded hashtag, though most articles I could find listed the price at around $1 million. I'm not sure if this is per hashtag or per emoji—the new emoji appears on several related hashtags.
Two hours after zachxbt published his research, the team made their first post in three months, with multiple excuses for the issues zachxbt highlighted.
He said he hadn't used the wallet to mint any NFTs since October, and said he had revoked all access to minting websites since then. He wrote that he was unsure how the compromise had happened: "My best guess: an old minting site from October still had access to my wallet, even after 'revoking' happened in Phantom.... But honestly, it's just a guess."