An attempted governance attack aims to defraud 25 million MIR (about $64.2 million) from Terra's Mirror protocol

A slew of polls, titled "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Freeze the community pool in case of scam", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", "Reduce mDOT to .01 and redistribute to newly voted mAssets", "poll 205 is right ! vote yes !"Polls on the Mirror governance page (attribution)
A scammer created a public poll on Mirror's official website, proposing to "Freeze the community pool in case of scam". However, if the poll passed, it would send 25 MIR to the poll creator. Because of the design of the poll system, Mirror can't remove the poll, and so has attempted to inform its community of the potential scam by creating a different poll, as well as tweeting about it. The governance platform shows a slew of polls, including, "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", and "poll 205 is right ! vote yes !"

Steve Bannon touts a "Fuck Joe Biden" coin that looks designed to scam investors

An illustration of an eagle wearing American flag print sunglasses that say "FJB" on each lensFJB coin illustration (attribution)
Around the holidays, Steve Bannon started touting a "Fuck Joe Biden" ($FJB) coin (formerly known as the "Let's Go Brandon" coin, and not to be confused with the other Let's Go Brandon coin) on his podcast. He and his partners have touted investing in the currency as a way to somehow "let your feelings, your primal disapproval, your primal disgust with Biden be heard" (and certainly not just a way to pad Bannon's own pockets). Reviewers inspecting the coin's contracts observed some unusual features, including provisions that allow the currency's operators to manually lock an individual's token balance so they can't sell (how decentralized!), though this of course does not apply to the operators themselves. One reviewer observed how this could easily be exploited for rug pull purposes, if the operators locked token holders from selling as they sold off their own coins, allowing them to get out before others started selling off too.

NFT collector scammed out of Bored Ape NFT: "This was my kids college. My mortgage."

A Bored Ape on a yellow-orange background wearing a captain's hat and sunglasses, with a neutral expression.Bored Ape #8038 (attribution)
An NFT collector lost his Bored Ape NFT to a scammer impersonating the well-known NFT collector Jeffrey Hwang, aka "Machi Big Brother". The real Hwang did eventually buy the NFT off the scammer for 77 ETH (about $290,000) and agreed to sell it back to its original owner for that price. Although the original owner tweeted on December 30 that they were "trying to launch a project that will help me raise funds to buy back my ape that was stolen", the following day they seemed disillusioned with the whole space. They wrote, "Been trying to put on a good face since I lost my ape but I gotta be honest. This was my kids college. My mortgage. Just absolute shit that some of you out there think it’s okay that I got ripped off. Fuck you if you think theft is okay because I wasn't 'smart' enough. I got news for you tool boxes. This space is going to zero and regulators are coming hard because the lay person isn’t coming with the attitude of a lot of you. No one is coming to a space where they aren’t sure there investments are safe. Good luck in the meta".

Open source contributors and advocates are surprised to find photographs of themselves being sold as NFTs

A black-and-white promo card for the project, with text that reads 'White label; 120+ unique portraits; first NFT offering!; limited edition; collect them all!; $99 each (initial price)' The image features three NFTs, of Kelsey Hightower, Yan Zhu, and Bill Joy."Faces of Open Source" promotional image (attribution)
Some prominent open source advocates and contributors were surprised to find that their likenesses were turned into NFTs by an artist who photographed them in 2018. Kris Nóva tweeted, "What would you do if you woke up and found out somebody made an NFT of you? Because that just happened to me and a lot of other open source contributors and thought leaders." She later wrote that the photographer "ended up reaching out, his heart is totally in the right place." However, it still seems pretty gross to me that the NFT creator didn't check with the subjects before using their likenesses in the NFT project, and that he prominently featured Kelsey Hightower, an outspoken critic of web3 who I suspect would not approve of his image being used in such a way, in the branding for the project.

Funko Pop launches Bob Ross NFTs in apparent disregard of Ross's wishes

A digital rendering of a Bob Ross Funko Pop, sitting in a paint canBob Ross NFT (attribution)
Because apparently the vinyl figurines known as Funko Pops aren't a sufficiently useless collectible, Funko decided to get in on the NFT craze by releasing a Bob Ross "Digital Pop". Ross made major changes to his will just before his death to try to prevent people from merchandising his legacy, and many fans were outraged by the NFT project, which they believe is exactly the sort of thing he was trying to prevent from happening.

Visor Finance is hacked for about $8.2 million

A reentrancy exploit in the Ethereum-based Visor Finance DeFi protocol allowed hackers to pull 8.8 million VISR tokens out of the network, equivalent to about $8.2 million. The VISR token went from trading at around $0.93 to around $0.04, losing more than 95% of its value. The Visor team subsequently announced that they would perform a token migration to compensate affected users. Visor has suffered other hacks since its launch earlier in 2021, despite having undergone several audits.

Another Discord scam earns its perpetrators about $150,000

Another Discord scam netted its perpetrators around 800 SOL, or about $150,000, from 373 individuals. The scammer posted a fake minting link in the official Discord of Fractal, the upcoming NFT and blockchain gaming marketplace co-founded by Twitch co-founder Justin Kan. Fractal said it would be compensating all who fell for the scam. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target members of the Monkey Kingdom NFT collection Discord that same day.

Traders hoping to get in on the "Monkey Kingdom" NFT collection are duped by a scam link in the project's official Discord

A pixel-art monkey on a light yellow background. It is wearing a red turtleneck sweater and Santa hatOne of the Monkey Kingdom NFTs (attribution)
An NFT trader hoping to get in on the "Monkey Kingdom" NFT collection was duped by a scam link in the project's official Discord channel, and sent 650 SOL (about $116,000) to a scammer. "It is important money to my family: my wife, my son", the victim wrote on Twitter. Another person replied to the tweet to say they too had been duped by the Discord scammer, to the tune of about 19.5 SOL (about $3,500). In total, the phishing link netted the attacker about $1.3 million. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target users of the Fractal project's Discord that same day.

Either a rug pull or a hack drains at least $1.8 million from Bent Finance

Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance project's own deployer. Because of this, some speculated that it may have been a rug pull. Bent said in a statement, "There are multiple members on this team and we will make this right. We recommend you withdraw all funds until it is clear." The platform hasn't revealed how much money was lost, though a crypto fraud investigator wrote that 440 ETH (equivalent to about $1.8 million) appeared to have been funneled out of the platform. The attack was discovered on December 20, but appeared to have been ongoing since at least December 12, and possibly longer.

Dozens of users report money disappearing from their El Salvadoran Chivo Wallet accounts

Tweet by @designnvt: "@chivowallet Van hacer algo o no ya es demasiado que clase de suporte tienen, son $16000 que ha sacado su sistema sin autorización, ya es demasiado tendré que llamar a una radio o televisión para que lo publiquen si no dan una respuesta." There is a screenshot of about a dozen transactions, each around $800One of the tweets reporting apparent theft (attribution)
A Twitter thread showed dozens of people reporting amounts from hundreds to tens of thousands of dollars disappearing from their Chivo Wallets, the Bitcoin wallet backed by El Salvadoran President Nayib Bukele. El Salvador adopted Bitcoin as legal tender in September of this year, where it is used alongside the U.S. dollar.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.