Traders duped out of $1.8 million in a fake MetaMask governance token scheme

A listing for MASK on DEXTools, showing a blue checkmark by the nameSpoofed verification badge on DEXTools (attribution)
Scammers took advantage of rumors that MetaMask, a popular Ethereum wallet, would be airdropping governance tokens. The scammers created a fake MetaMask token, $MASK, and managed to inject code into the popular DEXTools trading app to show the token as verified. The token reached over $9 million in traded volume before scammers pulled the liquidity, making off with about $1.8 million worth of Ethereum.

Rapper Waka Flocka Flame has an OpenSea account hacked to the tune of $19,000

A still frame from a video, of a finger pointing to an NFT on a computer screen.Waka Flocka pointing out one of the fake NFTs (attribution)
Waka Flocka Flame posted to Twitter: "@opensea One of me wallets was hacked wtf man". In a video, he showed NFTs in his OpenSea wallet, saying "This is fake, this is fake, this is fake, this is fake. They popped up in my wallet, I clicked on it to delete it, immediately they stole 19 grand. Happily I just started this wallet, they already stole 19,000 out of it. I need fucking help immediately."

MetaSwap Gas project rugpulls about $600,000

1,100 BNB, or around $600,000, were transferred out of the MetaSwap token MGAS, dropping the price of the token nearly 50%. The funds went to a Tornado Cash account, a popular cryptocurrency tumbler. After the transfer, MetaSwap Gas social media accounts were deactivated.

MetaDAO project rugpulls for more than $3.2 million

A project that promised to be "the DAO of DAOs" managed to accumulate and then make off with 800 ETH, which was worth around $3.2 million at the time of the scam. The project creators took the invested tokens and quickly tumbled them using Tornado Cash.

Another NFT project sells NFTs depicting real people without their consent

A CipherPunk trading card, illustrated with the face of Marc AndreessenNFT depicting Marc Andreessen (attribution)

The "Cipher Punks" NFT project tried to sell NFTs with illustrations of various cypherpunks, or at least the ones that were listed on Wikipedia. The project said that it intended to "[honor] everyone involved in the CypherPunk movement. They are our heroes, and we need to recognize them". Apparently honoring them did not also involve asking for their consent to be used in the project, as Jillian York tweeted on December 26, "I don’t approve of this whatsoever and would like it removed."

ItsBlockchain, the group behind the project, subsequently announced that they would scrap the project and apologized. This apology rang a little hollow, to me, after they retweeted a tweet saying "never meet your heroes" in reference to the individuals asking that the project stop using their likeness without their consent, for their own profit.

JungleFreaks and Sandbox NFTs are stolen from a collector

A shiny chrome robot, with a captain's hat, Bitcoin symbols for eyes, smoking a cigarette on a blue-green background.Jungle Freak #6028 (attribution)
bergpay.eth checked his MetaMask wallet on the day after Christmas only to discover that all his NFTs had been stolen, including five from the popular "Jungle Freaks" collection and 2 from "Sandbox". Jungle Freaks average about 0.9 ETH ($3,700) each; Sandbox NFTs average around 2.75 ETH ($11,300) each.

A DAO forms with the goal of "liberating" Blockbuster, hoping to raise $5 million from NFTs

Tweet from BlockbusterDAO (@BlockbusterDAO): "Our mission is to liberate Blockbuster and form a DAO to collectively govern the brand as we turn Blockbuster into the first-ever DeFilm streaming platform and a mainstay of both the Web3 brands and products, but a powerhouse in the future of the film industry. Read the 🧵👇"BlockbusterDAO's announcement tweet (attribution)
A group called "BlockbusterDAO" emerged, with the stated goal of "liberat[ing] Blockbuster and form[ing] a DAO to collectively govern the brand as we turn Blockbuster into the first-ever DeFilm streaming platform". Ideas for the DAO's plans after buying the corporation included creating original films and also getting into crypto gaming, for some reason. Some outlets noted that it's unlikely Dish, the current owner of Blockbuster, would sell the corporation for any amount (and particularly for an amount $315 million less than what it bought them for ten years ago), but I suspect that minor detail is unlikely to slow the group down much.

Elon Musk tweeting a photograph of his dog in a Santa suit somehow pumps a memecoin

A tweet from Elon Musk reading "Floki Santa" and containing a photo: A shiba inu wearing a Santa suit stands in front of a fireplace. The text "Merry Christmas" has been superimposed atop it.Floki Santa tweet (attribution)
On Christmas, Elon Musk tweeted a very cute photograph of his pet dog, Floki, wearing a Santa suit with the caption "Floki Santa". Creators of a memecoin called "Santa Floki" ($HOHOHO, of course) capitalized on this with a claim that he'd been tweeting about their coin, and the token surged by 18,840% in about 48 hours (from $0.000000012935 to a whopping $0.00000245). The value quickly fell back below this new high, and settled back to around the pre-tweet price not long after.

An attempted governance attack aims to defraud 25 million MIR (about $64.2 million) from Terra's Mirror protocol

A slew of polls, titled "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Freeze the community pool in case of scam", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", "Reduce mDOT to .01 and redistribute to newly voted mAssets", "poll 205 is right ! vote yes !"Polls on the Mirror governance page (attribution)
A scammer created a public poll on Mirror's official website, proposing to "Freeze the community pool in case of scam". However, if the poll passed, it would send 25 MIR to the poll creator. Because of the design of the poll system, Mirror can't remove the poll, and so has attempted to inform its community of the potential scam by creating a different poll, as well as tweeting about it. The governance platform shows a slew of polls, including, "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", and "poll 205 is right ! vote yes !"

Steve Bannon touts a "Fuck Joe Biden" coin that looks designed to scam investors

An illustration of an eagle wearing American flag print sunglasses that say "FJB" on each lensFJB coin illustration (attribution)
Around the holidays, Steve Bannon started touting a "Fuck Joe Biden" ($FJB) coin (formerly known as the "Let's Go Brandon" coin, and not to be confused with the other Let's Go Brandon coin) on his podcast. He and his partners have touted investing in the currency as a way to somehow "let your feelings, your primal disapproval, your primal disgust with Biden be heard" (and certainly not just a way to pad Bannon's own pockets). Reviewers inspecting the coin's contracts observed some unusual features, including provisions that allow the currency's operators to manually lock an individual's token balance so they can't sell (how decentralized!), though this of course does not apply to the operators themselves. One reviewer observed how this could easily be exploited for rug pull purposes, if the operators locked token holders from selling as they sold off their own coins, allowing them to get out before others started selling off too.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.