No JavaScript? That's cool too! Check out the Web 1.0 version of this site.

A 3D black asterisk over a bright green backgroundVisor Finance logo (attribution)
A reentrancy exploit in the Ethereum-based Visor Finance DeFi protocol allowed hackers to pull 8.8 million VISR tokens out of the network, equivalent to about $8.2 million. The VISR token went from trading at around $0.93 to around $0.04, losing more than 95% of its value. The Visor team subsequently announced that they will perform a token migration to compensate affected users. Visor has suffered other hacks since its launch earlier this year, despite having undergone several audits.
Theme tags: Bug, Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DeFi, cryptocurrency

Another Discord scam netted its perpetrators around 800 SOL, or about $150,000, from 373 individuals. The scammer posted a fake minting link in the official Discord of Fractal, the upcoming NFT and blockchain gaming marketplace co-founded by Twitch co-founder Justin Kan. Fractal said it would be compensating all who fell for the scam. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, and also targeted users of the Monkey Kingdom NFT collection Discord that same day.
Theme tags: Hack or scam
Blockchain tags: Blockchain: Solana
Tech tags: NFT

A pixel-art monkey on a light yellow background. It is wearing a red turtleneck sweater and Santa hatOne of the Monkey Kingdom NFTs (attribution)
An NFT trader hoping to get in on the "Monkey Kingdom" NFT collection was duped by a scam link in the project's official Discord channel, and sent 650 SOL (about $116,000) to a scammer. "It is important money to my family: my wife, my son", they wrote on Twitter. Another person replied to his tweet to say they too had been duped by the Discord scammer, to the tune of about 19.5 SOL (about $3,500). In total, the phishing link netted the attacker about $1.3 million. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, and also targeted users of the Fractal project's Discord that same day.
Theme tags: Bummer, Hack or scam
Blockchain tags: Blockchain: Solana
Tech tags: NFT

An angular B, in white, purple, and cyan on a black backgroundBent Finance logo (attribution)
Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance deployer. Because of this, some speculated that it may have been a rug pull. Bent said in a statement, "There are multiple members on this team and we will make this right. We recommend you withdraw all funds until it is clear." The platform hasn't revealed how much money was lost, though a crypto fraud investigator wrote that 440 ETH (equivalent to about $1.8 million) appeared to have been funneled out of the platform. The attack was discovered on December 20, but appeared to have been ongoing since at least December 12, and possibly longer.
Theme tags: Hack or scam, Rug pull
Tech tags: DeFi

Tweet by @designnvt: "@chivowallet Van hacer algo o no ya es demasiado que clase de suporte tienen, son $16000 que ha sacado su sistema sin autorización, ya es demasiado tendré que llamar a una radio o televisión para que lo publiquen si no dan una respuesta." There is a screenshot of about a dozen transactions, each around $800One of the tweets reporting apparent theft (attribution)
A Twitter thread showed dozens of people reporting amounts from hundreds to tens of thousands of dollars disappearing from their Chivo Wallets, the bitcoin wallet backed by El Salvadoran President Nayib Bukele. El Salvador adopted Bitcoin as legal tender in September of this year, where it is used alongside the U.S. dollar.
Theme tags: Shady business
Blockchain tags: Blockchain: Bitcoin
Tech tags: DeFi

An illustration of a grim reaper on a purple gradient backgroundGrim Finance logo (attribution)
Grim Finance, the "compounding yield optimizer" DeFi platform, was hacked. According to them, attackers exploited a bug in the platform to perform a reentrancy attack that netted them $30 million. Grim, indeed. A cryptocurrency watchdog group, RugDoc, opined that the exploit was possible because of very basic mistakes in implementation, and wrote, "Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand. If you haven't acquired this yet, don't build multi-million dollar projects. Don't get audits from companies which everyone knows are useless." This was apparently a dig at Solidity Finance, who had performed an audit several months prior to the hack and found that "ReentrancyGuard is used in relevant locations to preent[sic] reentrancy attacks."
Theme tags: Bug, Hack or scam
Tech tags: DeFi

Adidas NFT, a monkey wearing a tracksuitAdidas NFT (attribution)
Anticipating that buyers would try to hoard items from a big-name NFT drop, Adidas decided to try to limit their NFT drop to two per buyer. They apparently didn't realize that there is no guarantee that one address = one individual, and a crafty blockchain engineer, Montana Wong, created a smart contract that generated additional smart contracts, each with their own address. These contracts snapped up NFTs, then transferred them to the engineer's primary wallet and self-destructed. Wong was able to snag 330 NFTs.
Theme tags: Hmm
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT, metaverse

Screenshot of DeviantArt Protect, software which detects similar artwork being used off-site. In the screenshot, artwork depicting a minotaur has been directly copied with no apparent modifications and posted on an NFT marketplace.DeviantArt Protect software detecting stolen artwork (attribution)
Comics artist Liam Sharp wrote on Twitter that he would likely need to close his DeviantArt gallery, which he has maintained for fourteen years, because his artwork keeps being minted as NFTs without his permission. He wrote, "I can't - and shouldn't have to - report each one and make a case, which is consistently ignored. Sad and frustrating."
Theme tags: Shady business
Tech tags: NFT

Artists going through the greuling process of reporting individual NFTs created without permission from their work reported tickets being automatically rejected. Artists were also required to provide personal information to OpenSea, who in some cases forwarded the personal information to the scammer behind the theft, opening the artist up to doxing and harassment. Eventually, OpenSea disabled their contact form that had previously allowed artists to report stolen work.
Theme tags: Shady business
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

A gas-masked character from the STALKER 2 gameS.T.A.L.K.E.R. 2 artwork (attribution)
Pushback from fans led S.T.A.L.K.E.R. 2 creators to quickly reverse their decision to add NFTs to the game. The studio announced their NFT plans on December 15, which involved collectible cards, in-game items, having one's name added to walls or other scenery in the game, and even the possibility to have an NPC added to the game that resembled the NFT buyer. In subsequent updates the studio urged that the NFTs would not be mandatory for gameplay, and later downplayed them further by saying that the NPCs they would add to the game "aren't even involved in the story". Fans were incensed, and the next day the studio scrapped "anything NFT-related" that was planned for the game.
Theme tags: Bad idea, Good news
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT, blockchain gaming