Someone tries to spoof promised Ukraine airdrop

After embracing cryptocurrency donations to help fund its resistance to Russian invasion, the Ukrainian government decided to try to solicit even more donations by announcing they would airdrop a token to anyone who donated. There was some excitement on March 3 as it appeared that Ukraine was seeding liquidity pools on Uniswap with $WORLD tokens. However, blockchain analysis tool Etherscan shortly afterwards marked the token as "misleading... and may be spam or phishing". It's not yet clear what the person apparently spoofing the tokens was trying to do.

Conspiracy theorists Brian Rose and David Icke get in on the defi and NFT grift

Brian Rose and David Icke pose next to one another with their arms crossedBrian Rose and David Icke (attribution)
Conspiracy theorists Brian Rose and David Icke are together known for their April 7, 2020 interview where Icke attempted to draw unsubstantiated links between the rollout of 5G cellular technology and the COVID-19 pandemic. Independently, Icke is also known for many other conspiracy theories, including the antisemitic theory that an interdimensional race of reptilian creatures form the Illuminati, and control humans through fear.

Rose, for his part, runs a show called Brian Rose's DeFi Real, where he has published episodes like "Create your Career in Crypto: How to Become a DeFi Influencer, Educator & Fund Manager", and "The Next 100x Coins: How to Pick the Big Crypto Winners". As for the Rose and Icke duo, not only have they teamed up to broadcast COVID-19 conspiracy theories, they've also turned that project into NFTs, with a 100-item collection consisting of several-minute-long portions of their COVID-19 conspiracy TV series. Although all of the NFTs were given away, only a single NFT has experienced any trading so far.

Personally, I'm shocked to see the conspiracy theorists and crypto communities overlapping in this way.

Bug in Treasure NFT marketplace results in listings being sold for free

A pixel art monkey with a large brain, who appears to be made out of goldSmol Brains #5203 (attribution)
The Treasure NFT marketplace on Arbitrum (a layer 2 network built atop Ethereum) apparently experienced a bug that allowed someone to "buy" NFTs in transactions where they sent 0 currency. The attacker particularly seemed to target the "Smol Brains" NFT project, likely because of its relatively high value — the project has a floor price of almost $10,000. Some of the NFTs that were transferred at no cost to the attacker had been listed for several times that floor price, including one gold-colored Smol Brain (pictured) that had been put of for sale for the equivalent of $560,000.

At least 17 Smol Brains NFTs were stolen, which were listed for a combined total of around $1.4 million. PeckShield reported that more than 100 NFTs from multiple collections had been stolen. They reported that the exploit was due to a bug in their contract that allowed an attacker to set a quantity of 0 in a transaction, which when multiplied by the item price resulted in a total price of 0.

TreasureDAO co-founder John Patten wrote in a tweet while the hack was ongoing that "We will cover the costs of the exploit — I will personally give up all of my Smols to repair this."

One contracted developer writes malicious code for 32 different NFT projects

Rendering of a spherical planet with dark green trees interspersed with futuristic skyscrapersThestarslab #6333 (attribution)
A developer offering his services on the freelancer marketplace Fiverr was hired by 32 different NFT projects, for which he wrote and deployed the smart contracts. The first project to be compromised via the malicious code was "TheStarsLab" project, when the developer renounced ownership on the mint contract, making it impossible for the project team to access the funds. The developer is the only one who has the ability to move the money out of the project contract, though as of a month after the attack on the project, the 197 ETH stuck in the contract (~$580,000 at the time of the attack; ~$648,000 as of April 10).

About 2/3 of the other affected projects had yet to launch or had no social media presence. Crypto sleuth zachxbt tried to contact the other 1/3, and some of the projects were able to migrate contracts before any malicious actions. zachxbt wrote, "Funny enough when I reached out to all the different projects the ones that responded said they either didn't read over the smart contract beforehand or weren't the most technically inclined teams." On April 7, OpenSea contacted zachxbt to say they had frozen trading for all contracts created by the developer.

Hackers who stole data from Nvidia demand the chipmaker remove cryptomining limitations on GPUs

In late February, the Lapsus$ ransomware group claimed to have breached Nvidia's corporate network and stolen more than a terabyte of data, which they say includes schematics and source code for drivers and firmware, as well as employee credentials. Instead of the typical monetary ransom, Lapsus$ demanded something unusual: that Nvidia remove the "Lite Hash Rate" (LHR) feature from their graphics card. LHR is an artificial limitation that Nvidia has applied to their line of gaming chips, which makes them less attractive to cryptominers who have otherwise been causing shortages in GPUs.

Lapsus$ initially promised that if Nvidia removed LHR from their 30-series line of chips, they would "forget about [the hardware] folder (it's a big folder)". However, they updated their demand on March 1, demanding that Nvidia either make all current and future drivers for all of their cards open source ("while keeping the Verilog and chipset trade secrets... well, secret"), or else they would publish all files for Nvidia chips. They wrote that Nvidia had until March 4 to make a decision. As of March 3, Nvidia had not made a statement around whether they would acquiesce to the hackers' demands.

Former ConsenSys employees demand audit regarding MetaMask and Infura's transfer to a new company

A group of 35 former employees of the startup incubator ConsenSys filed a request for an audit of a transfer of the company's "crown jewel" assets to a new company, which they say "was to the detriment of the minority shareholders". The requested audit relates to an August 2020 deal that saw the cryptocurrency wallet MetaMask and the developer platform Infura be transferred to a brand new entity. The transaction also resulted in the banking giant JPMorgan taking a 10% share in ConsenSys, and in a $39 million loan by ConsenSys founder being offset. The shareholders allege that MetaMask and Infura were massively undervalued in the trade; an allegation that a ConsenSys spokesperson has rebutted, saying that "the group would like to apply a valuation that might be achieved today to a set of projects that were pre-monetization during the darkest days of Covid when the transaction took place".

Far-right social network Parler launches an NFT platform where you have to pay with credit cards

An illustration of Donald Trump wearing rhinestone sunglasses and a rhinestoned tuxedo and bow tie, in front of rhinestoned text reading "TRUMP"CryptoTrump (attribution)
You might think if Parler was going to create an NFT celebrating their hero, they wouldn't include along with their promotional material the example most reminiscent of Milo Yiannopoulos, the man who's been so effectively deplatformed that he's had to resort to selling statues of the Virgin Mary on a home shopping TV channel. On March 1, the far-right social network Parler announced their "CryptoTrump" NFTs, which will sell on their "DeepRedSky" NFT platform. The platform is built on the Solana blockchain, and has already helped Melania Trump "sell" (wash trade) her NFTs. Their inaugural project is a collection of 250 algorithmically-generated Trump NFTs, which will sell for $2,750 each and eventually be part of a collection of 10,000 items.

Although Parler's press release contains a lot of their usual chest-thumping about "freedom from Big Tech", the DeepRedSky NFTs can only be minted with credit cards, with payments being processed through Stripe. The good news: if you aren't getting enough of a rush out of the risks involved with crypto in general, you can get a new thrill from giving your personal information to a platform that's been hacked multiple times.

GenomesDAO wants you to give them your genetic data, which they acknowledge is "data that can be exploited in ways we cannot even imagine yet"

An illustration of a calico cat with green eyesWho's going to tell them cats don't have human eyebrows? (attribution)
GenomesDAO has created a platform which they promise will allow people who wish to sell their genetic data to have more control over it. They write that genetic data is "data that can be exploited in ways we cannot even imagine yet" and go into a list of these possible exploits — and this is apparently why you should definitely entrust it to a company building in a space known for its endless hacks. The company promises to help users earn money through selling access to their genome — though of course this isn't until step five in their roadmap. They're currently at step two or step three, depending on which version of your roadmap you look at; both steps seem focused on creating cat NFTs out of your genetic data for some reason.

Randi Zuckerberg tests your secondhand embarrassment tolerance with her second crypto-themed parody song

Apparently hoping to create the "rallying cry for the women of web3", Randi Zuckerberg released her second crypto-themed song "WAGMI", a parody of Twisted Sister's "We're Not Gonna Take It". Earlier that month, she had released another parody video, of Adele's "Hello". "WAGMI" is loaded with crypto in-jokes, with Zuckerberg at one point yelling "LFG! sweep the goddamn floor! we're hodling, yes we are!" The reaction on Twitter appeared to be fairly universally one of cringe, and more than a few users drew comparison to the terrible raps of alleged Bitfinex money launderer Heather "Razzlekhan" Morgan.

Partway through the song, Zuckerberg sings "carpe the crypto diem". This raises the question of whether she intentionally included a dig at her brother Mark's failed Diem cryptocurrency project (formerly Libra), or if the project was such a flop even his own sister didn't know about it. I truly can't decide which scenario would be funnier.

NFT collector files $6 million lawsuit against OpenSea, LooksRare, and the company behind Bored Apes for not doing more to discourage thefts

A Mutant Ape illustration, with an ape made out of yellow oozing slime, with rainbow worms coming out of its nose, wearing rainbow suspendersMutant Ape #1819, one of the stolen NFTs (attribution)
Robert Armijo is the former owner of three valuable NFTs — one Bored Ape and two Mutant Apes — which he bought for a total of around $300,000 between November 2021 and January 2022. On February 28, he filed a lawsuit against the NFT marketplaces OpenSea and LooksRare, as well as the company behind the Bored and Mutant Ape projects, Yuga Labs. The lawsuit was filed only ten days after another former Bored Apes owner filed suit against OpenSea for allegedly failing to secure their platform.

On February 1, he was the victim of a phishing attack in which he lost the three pricey NFTs. He had agreed to trade one of his Mutant Apes for another NFT he was interested in, but he and the prospective buyer had to perform the transaction through a platform other than OpenSea or LooksRare because it was a swap rather than a purchase for ETH. Armijo turned down several suggestions of platforms by the other party, saying he was unfamiliar with them, and instead suggested one of his own choosing. However, the other party was still able to send him a trading link that appeared to be from the site he had suggested, and Armijo approved what turned out to be an illegitimate transaction that allowed the other party to take all three of his NFTs for nothing in return. Armijo alleges that although he quickly realized he'd been phished, he was not able to get OpenSea or LooksRare to freeze sales of the stolen NFTs, and they were flipped for resale within days.

Armijo alleges that OpenSea and LooksRare have "utterly failed to protect consumers or do anything to disincentivize or stop the thefts" because they profit from each trade on their platform. He has also named the company behind the Apes NFTs, Yuga Labs, in his lawsuit, stating that they have not done enough to disincentivize theft by failing to "monitor its proprietary and exclusive ape community by denying entry to individuals whose access is predicated on a stolen BAYC NFT". Once again, my heart goes out to the judge hearing this case.

In terms of damages, Armijo states he has been "deprived not only of the significant monetary value of the NFTs he owned, but also [has been] strip[ped] of his membership in the BAYC community and the commercialization rights he possessed in his underlying Bored Ape and Mutant Ape images", and as such is seeking damages "in no event less than $6 million". Interestingly, the name Robert Armijo also appears as a defendant in SEC charges from June 2021, where the individual is alleged to have unlawfully sold securities managed by an organization also alleged by the SEC to be a Ponzi scheme. It's not immediately clear if this is the same person, or someone who shares a name.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.