MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"

Security researchers publicly disclosed a critical privacy vulnerability with the popular cryptocurrency wallet Metamask, where a malicious attacker can easily create an NFT and airdrop it to a victim to obtain their IP address (and thus potentially their location). Metamask founder Dan Finlay acknowledged that "this issue has been widely known for a long time", and that the researchers were "right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it."

Twitter launches special hexagonal NFT profile pictures, so now you don't even have to check a username for ".eth" to know who to avoid

Screenshot of a popup announcing Twitter's NFT support, and showing off the hexagonal profile picturesScreenshot of the Twitter NFT announcement (attribution)
Although NFTs-as-profile-pictures on Twitter is nothing new, Twitter launched a new feature in which users can connect their crypto wallets to verify that an NFT belongs to them. Such verified NFTs will display with a hexagon shape, rather than the standard circle, presumably to differentiate these users from the right-clickers.

OpenSea outage dampens Twitter feature launch, highlights centralization among popular web3 services

Popular NFT marketplace OpenSea suffered an outage that had ripple effects throughout several major services using their APIs, including the browser extension crypto wallet MetaMask. The same day, Twitter announced it was rolling out its support for NFT profile pictures, an announcement that was dampened a bit by collection pages failing to load due to the outage. The widespread effects of the outage highlighted points by many web3 critics, that the ecosystem is hardly as decentralized in practice as it claims to be.

Kingfund Finance rug pulls for $141,000

Kingfund Finance suddenly drained more than 300 WBNB (about $141,000) from their project. This happened a few days after users began to report being blocked by the project's Twitter account and kicked from its Telegram channel for reporting issues with unavailable funds, apparently an attempt to buy time as they prepared for their exit. Around the time of the rug pull, they took their Twitter and website offline.

Multichain publicly announces a vulnerability, and is quickly hacked by attackers using it

Multichain publicly announced a vulnerability that was affecting their tokens, without first notifying users to ask them to remove vulnerable funds. Several hackers quickly exploited the vulnerability, stealing around $3 million from the platform. Security researchers described the saga as "the worst way to treat a vulnerability".

Mastercard spins a partnership with Coinbase as addressing "accessibility" and "inclusivity"

Apparently the real issue with crypto grifts all along has been that it's just too dang hard to put your money into them. Mastercard has shown up to fix that, announcing a new partnership with Coinbase to allow Mastercard holders to buy NFTs on Coinbase's upcoming NFT platform with credit. With just a jaw-dropping attempt at spin, Mastercard wrote in their announcement tweet, "We're working to make NFTs more accessible because we believe tech should be inclusive."

Once popular play-to-earn game BNB Heroes rug pulls after a period of inactivity from the team

Chart showing the value of the BNB Heroes token suddenly droppingBNBHeroToken value (attribution)
The BNB Heroes play-to-earn game apparently rug pulled after a period of inactivity from the development team. The developer drained almost $200,000 from the token pool, plummeting the token value by 65%.

Creator of "MetaBirkins" NFTs writes that he "won't be intimidated" by a trademark lawsuit from Hermès

A rendering of a fuzzy Birkin-styled bag with rainbow-colored abstract flowers on a black background. The bag is sitting on a white museum pedestal.MetaBirkin (attribution)
Mason Rothschild, the creator of "MetaBirkins" NFTs, was the target of a trademark lawsuit by Birkin bag-maker Hermès. The lawsuit came after he ignored a cease and desist from the company over his his 3D renderings depicting and named after the distinctive bags. In a public statement replying to the lawsuit, Rothschild wrote that "I am not creating or selling fake Birkin bags. I've made art works that depict imaginary, fur-covered Birkin bags... I have the right also to use the term 'MetaBirkins' to describe truthfully what that art depicts, and to comment artistically on those bags and on the Birkin brand." So far, the NFT collection has enjoyed about $1.2 million in trading.

I, for one, am very curious to see how the litigation plays out. In the meantime, the Rarible landing page for the connection displays an error message stating, "This user or item has been temporarily blocked from public access".

At least $34 million is stolen from users of Crypto.com

Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The platform restored trading later that day after pushing an update to require their users to re-authenticate their sessions and reset two-factor authentication.

Although some users reported funds missing from their wallets, including one investor who reported that $16.3 million missing, Crypto.com announced that "All funds are safe". Over the next few days this was revealed to be untrue; as of January 20, the total estimated funds stolen from the platform had reached $30 million. Large amounts of stolen funds were quickly laundered through Tornado Cash, a popular crypto mixer.

Mysterious NFT project NotASecretNFT gets people to authorize a shady contract after leaving clear clues to their intentions

An Opensea landing page for the NFT project, showing a collection of black and white imagesNotASecret's Opensea page (attribution)
Enthusiasts rushed to buy NFTs from a project called NotASecretNFT after seeing NFT mega-whale Pranksy buy in, even though the OpenSea description was simply, "1000 secrets, endless lies... Farming $LIES starts 24 hours from mint." After funds were drained from the project, Pranksy tweeted, "Ok you may have seen me buy some NotASecretNFT's from opensea - it looks like this was a rug pull / scam, please do not buy anymore based on my purchases and revert any permissions you may have given". A note in the project's smart contract read, "Hello world, Nothing was intended to be obscured from you, you simply did not follow the clues." In a tweet thread, one buyer explained how he didn't research the project himself, but bought in after seeing an alert that Pranksy had bought NFTs. He ended the thread by writing, "Never buy into hypes and always #DYOR [do your own research]. Lesson learned once more!"

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.