No JavaScript? That's cool too! Check out the Web 1.0 version of this site.

Illustration of a purple neon themed bar scene with crypto price charts on the wallsBaller Ape Club website (attribution)
A blatant clone of the extremely popular Bored Ape Yacht Club project, called "Baller Ape Club" and on the Solana blockchain, went live after much anticipation. Shortly afterwards, its creators made off with $2 million and deleted their websites and social media. The same group had pulled off one rug pull already, stealing around $150,000, and later went on to do a third rug pull in January 2022.
Theme tags: Rug pull
Blockchain tags: Blockchain: Solana
Tech tags: NFT

Robert Leshner, the founder of Compound Labs, took an unusual approach when trying to recoup funds that were mistakenly distributed through a $160 million bug in the protocol. He tweeted, "Please return [the funds]. Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS". The threats were not received particularly well, with some questioning what assumptions Leshner was making about his typical user's tax status, and Leshner subsequently apologized for his "bone-headed" tweet.
Theme tags: Bug, Hmm
Tech tags: DeFi

A 3D-rendered bust, with a futuristic helmet and cowl, and a red and white neck covering.Sample Iconics artwork (attribution)
NFT collectors eagerly bought thousands of presales of an NFT project called "Iconics" after viewing sample artwork from a supposedly 17-year-old 3D artist. When they viewed their NFTs, instead of the 3D busts they had expected, they were brought to images of random collections of emojis. It was later discovered that the artwork had been stolen from an artist unaffiliated with the NFT project.
Theme tags: Rug pull
Blockchain tags: Blockchain: Solana
Tech tags: NFT

Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".
Theme tags: Bad idea

Vee Finance logo, an orange cube with diagonal lines on two surfaces forming a VVee Finance logo (attribution)
The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.
Theme tags: Hack or scam
Blockchain tags: Blockchain: Avalanche
Tech tags: DeFi

pNetwork logo, a circular illustration next to the text pNetworkpNetwork logo (attribution)
A hacker stole $12 million from the DeFi platform pNetwork after exploiting a bug in the codebase. The network offered a $1.5 million bounty to the attacker to return the funds.
Theme tags: Bug, Hack or scam
Blockchain tags: Blockchain: Bitcoin
Tech tags: DeFi

A retro-looking website titled "JAY PEGS AUTO MART". There are buttons for "MINT' DONA" and "BIG OCEAN", and gifs of wacky inflatable tubes at the bottom.Jay Pegs Auto Mart website (attribution)
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.
Theme tags: Bug, Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi

OpenSea logo, a blue circle with a white ship silhouetteOpenSea logo (attribution)
A Twitter sleuth discovers that OpenSea's Head of Product, Nate Chastain, had apparently been engaging in a form of insider trading by buying NFTs that he knew would later be featured on the front page of OpenSea, then selling them once their value increased from the spotlight. The Twitter user identified a chain of transactions show Chastain laundering the transactions through several anonymous accounts. OpenSea posted a statement confirming the shady trades had taken place, and that they had requested and received the employee's resignation, though they didn't specifically name Chastain as the culprit. Chastain's Twitter profile was updated shortly after, identifying him as a former OpenSea employee. OpenSea announced the next day that they had implemented policies preventing employees from trading on confidential information, which I guess they just hadn't bothered to think about previously.
Theme tags: Shady business
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

A graph of the value of Litecoin, showing a brief but large spike in its valueSpike in Litecoin value attributed to the fake press release (attribution)
A press release distributed via GlobeNewswire claimed Walmart was announcing a partnership with Litecoin to begin accepting the cryptocurrency as a payment method. The value of Litecoin spiked before tumbling after Walmart said the announcement was fake.
Theme tags: Fake news
Blockchain tags: Blockchain: Litecoin

CREAM logo: A silhouette of a pacman-shaped C over a green pastel circle, followed by the remaining letters in various other pastel colorsC.R.E.A.M. logo (attribution)
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $20 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of the year.
Theme tags: Bug, Hack or scam
Tech tags: DeFi