NFT artist "neitherconfirm" created a collection of 26 NFTs of stained glass-style computer-generated art. After release, they changed the art for each NFT to a picture of a rug, an apparent reference to "rug pulls". The artist wrote on Twitter, "Nobody got hurt. It is pretty easy to change the jpg, even if it does not belong to me or it is on auction. I am the artist, my decision, right? A thread from somebody making his living with art irl about the value of NFTs... All discussions about the value of NFTs are meaningless as long as the token is not inseparable from the artwork itself... What is the meaning of creating an unforgeable token on a highly secured network if somebody can alter, relink or destroy your possession? As long as the value of your artwork is reliable on a central service you do not own anything." DeFi project DODO was relieved of $3.8 million after hackers exploited a bug in their v2 Crowdpools smart contracts. The exchange later recovered $1.89 million of these funds. A contract exploit allowed a hacker to mint almost 60 million PAID tokens (priced at around $160 million based on the value before the attack) on the PAID Network. The hacker then made off with about $3 million in Ethereum from their efforts. The attack caused the PAID token to crash about 88% in value over the course of a day, from around $2.86 to $0.32. The team behind the Meerkat DeFi protocol claimed they had been victims of a hack, but subsequently disappeared from the web after the equivalent of $31 million in Binance Coin (BNB) and BUSD was pulled from the project. Two days later, a developer for the project wrote that the project had been a "test [of] user greed and subjectivity", and aimed to "[help] users realize the potential danger in smart contracts [and] the subjectivity in the audit processes of audit companies." The developer wrote that all victims would be refunded. Some believed that the bizarre "experiment" explanation was to cover that Binance had stepped in to address the scam. A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum and stablecoins in what was only the first of several major exploits of the platform in 2021.
An exploit in Yearn.Finance's yDAI vault resulted in an $11 million loss to the platform, though "only" $2.8 million of this went to the hacker.
The stablecoin Tether swears up and down that it's fully backed by actual currency, but the New York Attorney General doesn't agree. Tether paid $18.5 million in penalties, was banned from trading in New York, and agreed to submit transparency reports for two years in exchange for ending the long-running legal dispute.