The Associated Press wants to sell you an NFT of migrants adrift at sea

Still frame of an inflatable boat full of people wearing orange life jackets, pictured from aboveStill frame from the video (attribution)
The Associated Press announced they would be dropping a new NFT on the platform they launched in January, which notably doesn't allow users to sell their NFTs off-platform or really do much at all with the image or video associated with their NFT. Most NFTs they've offered to date have been fairly benign, like a photo of a shooting star over a house in a field, or of a person spray-painting "illegal" on a brick wall (edgy!)

However, on February 24 they announced that their newest NFT would show a short, top-down video of around fifty migrants crammed into a small inflatable boat, adrift at sea in the Mediterranean. Any goodwill the AP might have had for their NFT project was likely shattered by their choice to monetize a video of human suffering. The already horrific NFT announcement was particularly ill-timed, given its juxtaposition on many Twitter feeds amongst news of Russian military action against Ukraine. The Associated Press deleted the announcement tweet four hours later.

Founders of BitMEX crypto exchange take guilty plea, pay $10M fine for failing to implement an anti-money laundering program

Arther Hayes and Benjamin Delo, the founders of the BitMEX cryptocurrency exchange, pled guilty to violations of the Bank Secrecy Act, which they violated by ignoring requirements to implement any anti-money laundering (AML) programs, including programs that would verify customer identities (KYC). They also separately agreed to pay a $10 million fine, which represents the monetary gain from their crime. "BitMEX was in effect a money laundering platform", said the U.S. Department of Justice statement, which also described how the platform was reportedly used to launder funds from a hack of another exchange, and how the executives both had direct knowledge that some of their customers were from countries under OFAC sanctions.

BitMEX had attempted to evade sanctions by claiming they didn't serve customers in the United States, though in reality they served thousands of U.S. customers and marketed in the U.S. At one point, when an early investor inquired as to why an investment in the company hadn't triggered a report to regulatory authorities, Delo responded with a meme of a man smiling, superimposed with the text "Incorporated in Seychelles, come at me bro". Hayes and Delo face a maximum sentence of five years in prison as a result of this plea. The exchange had in August paid $100 million to settle a separate lawsuit from the Commodity Futures Trading Commission, in an agreement which had also required them to implement proper blocks to prevent U.S. customers from using the service.

Space Crypto game surprises its player base with new, disadvantageous tokenomics

Space Crypto to USD Chart, showing a precipitous drop on February 23Space Crypto to USD chart (attribution)
Space Crypto, a play-to-earn game that launched on February 15, announced on February 23 that users wouldn't be able to withdraw all their reward tokens, as expected. Without previously informing investors, they decided that players won't be able to withdraw the necessary amount of reward tokens ($SPE) to repair all their ships, essentially locking everyone in to artificially extend the game's life. They also decided that the token exchange rate would be 5 in-game tokens = 1 $SPE (also not specified in the whitepaper), essentially hiding the true amount of in-game currency needed for positive return on investment. The community was fairly universally enraged, and the $SPE token price dropped in value by 93% after the announcement.

Utility promising to restore mining performance on Nvidia GPUs actually malware

The popular Tom's Hardware and PC Gamer websites both ran articles about a utility called "Nvidia RTX LHR v2 Unlocker", which claimed to increase the artificially-limited cryptocurrency mining performance of its RTX graphics cards. These graphics cards are shipped with performance-limiting software to reduce the GPUs' attractiveness to cryptocurrency miners, whose thirst for GPUs has made it difficult and expensive for gamers and various others to acquire the hardware. Unfortunately, both publications had to run a second article just a day later to warn their readers away from the software they had just advertised. "Instead of fixing the capped mining performance, the utility infects the host system with malware", wrote Tom's. Though it is now clear that the tool is malware, it's not immediately clear what exactly the malware does—speculation has ranged from keylogging to, well, cryptocurrency mining.

NBA player De'Aaron Fox ditches his NFT project after raking in $1.5 million

A 3D fox wearing a black ball cap and purple basketball jersey reading "Swipa". His eyes are popping out like in a cartoon.Swipa The Fox #5784 (attribution)
Sacramento Kings player De'Aaron Fox announced his "SwipaTheFox" NFT project in mid-December, and the "high utility NFT collection" went live on January 15. The project roadmap promised a metaverse basketball court, a scholarship to a University of Kentucky student, and chances to win all-star game tickets, as well as "much more to come". The project had over 100,000 people in its Discord, and pulled in about 475 ETH (about $1.5 million at the time).

Suddenly, on February 23, the project deleted its social media accounts and most of its Discord. Fox wrote in the remaining Discord announcements channel that "The time and attention that y’all deserve and that I wanted to give you all/what this project requires, was not known to me and I overstepped and stretched myself too thin, trying to do this project in the middle of an NBA season." He promised to send anyone who bought more than five NFTs (which would have cost ~0.4 ETH, around $1,300, if bought at mint price) a signed jersey (available for purchase online for around $100).

The following day, after some attention was drawn to the rug pull, Fox released a Twitter statement that said basically nothing at all, and made no mention of reimbursing holders. Meanwhile, the floor price of the NFTs dropped to around 0.003 ETH ($8).

Seller withdraws Sotheby's CryptoPunks auction minutes before it's due to go live, likely due to "tepid" reception

A pixel-art person with black bob-style hair and blue makeup around their eyes, on a blue backgroundCryptoPunk #1563 (attribution)
Two weeks prior, collector 0x650d announced that they would be partnering with the Sotheby's auction house to auction a single lot of 104 CryptoPunks. CryptoPunks are some of the earliest NFTs, and trade for hundreds and even thousands of ETH (equivalent to hundreds of thousands to millions of dollars). The collector wrote in a Twitter thread that they "simply could not pass up the opportunity to elevate CryptoPunks in the international art community. And with this sale, the CryptoPunk collection will be solidified in the broader art world." Media reports speculated that the auction would fetch as much as $30 million.

However, 0x650d withdrew the sale only minutes before the auction was due to start, tweeting only "nvm, decided to hodl". CoinDesk reported that, "Perhaps contributing to 0x650d’s reversal were rumors of a tepid reception for the CryptoPunks mega-lot. Three sources, including one bidder on-site at Sotheby’s, told CoinDesk that the highest pre-bid offer was $14 million, which was also the reserve price."

Journalist says she's been able to use chain analysis tools to discover the person behind the 2016 hack of The DAO

"The DAO", one of the first DAOs, was famously hacked in 2016, requiring a hard fork of the Ethereum blockchain to "undo" the breach. (So immutable!) Had Ethereum not forked, members of The DAO would have lost 3.6 million ETH—then worth around $50 million.

Journalist and researcher Laura Shin reported on February 22 that she had successfully used a forensics tool from Chainalysis to discover the identity of the hacker: Toby Hoenisch, a co-founder of the TenX "crypto debit card" project. Hoenisch refused to speak with Shin, and has denied the allegation.

For a technology that makes lofty promises of anonymity and privacy, increasingly-powerful technology is being released that at least claims to be able to unwind crypto mixing and make other connections between wallets and transactions that were previously extremely difficult, if not next to impossible. I imagine there may be a few people behind various crypto crimes sweating a bit as these technologies progress and threaten to unmask those behind other hacks and scams.

Security researchers desperately try to contact Ocean Protocol about a critical security problem

Screenshots of Kubernetes credentials and a shell connection, with sensitive credentials blurred out.Image from Bleckmann-Dreher's tweet (attribution)
Ocean Protocol is a web3 project promising to help people "publish, discover, and consume data in a secure, privacy-preserving fashion". Recently, they've been promoting the ALGA defi wallet, a project created by an external development team called Data Whale. Security researcher Christopher Bleckmann-Dreher, also known as "schniggie", resorted to publicly replying to one of Ocean Protocol's promo tweets to try to get the group's attention on a security vulnerability he and his collaborator Daniel Matesic ("mtd_0x00") had discovered. The duo found Kubernetes infrastructure that appeared to be completely compromised, and were able to get a shell, call their underlying AWS metaservice, and more. When Bleckmann-Dreher tried to report the bug through Ocean Protocol's Github bug bounty program, he found it was retired. He also tried to contact the team via their security email address, Telegram, and Discord, but received no reply.

After Bleckmann-Dreher's attempts to contact the project were published on Web3 Is Going Great on February 26, Ocean Protocol's founder Bruce Pon commented to say they were "on it", and that he had alerted Data Whale about what appeared to be an issue in the ALGA project. Several hours later, Data Whale announced they would be taking the app offline due to concerns that there was a vulnerability, and that they had contacted the researchers. ALGA was later brought back online after they confirmed the vulnerability was not an issue with their project, but rather with Ocean Protocol itself. Pon acknowledged on February 27 that "there was a configuration issue on Ocean compute-to-data which is being fixed now", and later that day Ocean Protocol cut a new release of their operator engine which appeared to be a patch.

Coinbase CEO tries to weave a compelling story about how their own team came up with a Super Bowl ad that "broke the rules on marketing", is quickly revealed to just be taking credit for the work of an outside ad agency

Two tweets. First by Brian Armstrong: "10/ I guess if there is a lesson here it is that constraints breed creativity, and that as founders you can empower your team to break the rules on marketing because you're not trying to impress your peers at AdWeek or wherever. No ad agency would have done this ad." Reply by Kristen Cavallo: "Except an ad agency did do that ad."Tweet by Armstrong, with reply from Cavallo (attribution)
Coinbase CEO Brian Armstrong embarked on a 12-tweet-long thread congratulating Coinbase employees for coming up with the bouncing QR code Super Bowl ad. He wrote, "I guess if there is a lesson here it is that constraints breed creativity, and that as founders you can empower your team to break the rules on marketing because you're not trying to impress your peers at AdWeek or wherever. No ad agency would have done this ad."

Unfortunately for him, CEO of The Martin Agency Kristen Cavallo showed up with receipts: "It was actually inspired by presentations our agency showed your team on 8/18 (pages 19-24) and 10/7 (pages 11-18) with ad concepts for the Super Bowl with floating QR codes on a blank screen."

I guess if there is a lesson here it is that if you're going to take credit for someone else's idea to try to make your team sound good, maybe you shouldn't also use it as an opportunity to dunk on the people who actually came up with the idea.

Another pseudonymous defi project exec revealed to have a checkered past

Composable Finance is a company that makes infrastructure tools for defi. Until recently, their head of product has been known only as 0xbrainjar, and has operated pseudonymously. However, on February 18, the crypto detective zachxbt revealed his discovery that 0xbrainjar was actually Omar Zaki. Zaki was charged with fraud by the SEC in 2019 for misleading investors while operating an unregistered investment adviser and hedge fund. He ultimately settled the case for a $25,000 fine, and a three-year ban from working in the investment industry. Although I personally think it's reasonable not to describe anything crypto-related as an "investment", I'm curious how the SEC might feel about him working on defi projects.

On February 20, 0xbrainjar confirmed that he was indeed Zaki. He wrote, "I did this so that my efforts to build up a suite of products would not be shadowed by a mistake that I made in my past.... 0xbrainjar was a place for me to not be defined by this serious misstep (which has been settled and was amplified by the media)". He also wrote on Twitter that "I do not want a mistake in my youth to cloud all of the team's efforts", though the SEC charge was filed less than three years ago, when Zaki was 21.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.