Department of Justice charges the scammers behind the January "Frosties" NFT rug pull with fraud and money laundering shortly before they launch their second project

Pastel rainbow colored illustration of a flame, wearing a hoodieImage from the Embers NFT project, which the Frosties scammers were about to launch (attribution)
On January 9, an ice cream-themed NFT project called "Frosties" made off with $1.1 million in a rug pull only an hour after the NFTs were launched. Less than three months later, the U.S. Attorney's Office for the Southern District of New York announced that they had charged the two 20-year-old individuals behind the scheme with conspiracy to commit wire fraud and conspiracy to commit money laundering. Although it is bizarrely common to see people question whether NFT rug pulls are actually crimes, the USAO was quite clear: "Rather than providing the benefits advertised to Frosties NFT purchasers, Nguyen and Llacuna transferred the cryptocurrency proceeds of the scheme to various cryptocurrency wallets under their control." The Special Agent in Charge stated, "the same rules apply to an investment in an NFT or a real estate development. You can’t solicit funds for a business opportunity, abandon that business and abscond with money investors provided you."

The statement also alleged that the duo were working on another NFT project called "Embers", which they hoped would generate around $1.5 million. The project was set to mint on March 26, and the 60,000-member Discord has been thrown into disarray. Some of the community moderators began deleting links to the D.O.J. announcement, and attempted to suggest that the Department of Justice website had been faked to "FUD" the project.

The individuals behind the Frosties scheme face charges that each carry a maximum sentence of 20 years in prison, if they are convicted.

Pye suffers a $2.6 million loss in a flash loan attack

The security firm PeckShield reported that the Pye ecosystem had been targeted with a flash loan attack, which drained around $2.6 million from the protocol. Pye is a group of defi software projects built on the Binance Chain. The project had just undergone a large migration, and it appeared the bug may have been introduced in the new contracts.

The guy behind the "NFT band" on Ellen thinks you should have to pay royalties on dance moves

Four figures resembling neon-colored versions of bigfoot play instruments on a large screen. A woman wearing bright blue pants and a jacket kneels in front of the screen singing into a microphone.I tried to get a good screengrab of the "NFT band" but the videographer, reasonably, seemed to find the human performer more interesting (attribution)
In the latest installment of "large television program launders the reputations of NFTs", an "NFT band" performed on Ellen... Well, some animated characters danced on a screen while a human performed, a concept that is not exactly new.

The animator who created the band animation, however, has big dreams for the possibilities NFTs could bring to dancers. Dancers "can now claim digital ownership over a series of moves or routines by means of NFTs". Imagine, he says, "owning the original Moonwalk". Yes, everyone, just imagine how much better the world could be today if everyone had had to pay royalties whenever they imitated Michael Jackson's signature move.

Parts of the "Caked Apes" NFT project team both sue each other

A purple dripping ape with a turquoise helmet and green dripping teeth, wearing a pink shirt on a pink and orange backgroundCaked Ape #2487 (attribution)
Two lawsuits were filed nearly simultaneously, each alleging misconduct by the other party with respect to the "Caked Apes" NFT project—a project full of illustrations that were very clearly derived from the popular Bored Apes project, but feature neon colors and psychedelic motifs. Caked Apes so far has done around $1.9 million in sales.

Both lawsuits center on Taylor Whitley and his departure from the project, but they diverge considerably from there. Whitley's suit claims that he was wrongly ousted from the project; the other lawsuit claims that Whitley engaged in "unhinged, destructive, and egotistical acts... to sabotage... "Caked Apes", after Whitley failed to usurp ownership and control of the project entirely for himself". They also allege that Whitley misused DMCA takedowns to have the collection removed from online marketplaces. The lawsuits are liable to be complicated somewhat by the fact that a partnership agreement doesn't appear to have ever been written up.

A Robin Hood-esque attacker steals $52 million from Cashio, then returns smaller amounts and pledges to donate the rest to charity

A hacker was able to exploit an infinite mint glitch in the protocol of Cashio, a Solana stablecoin project. They were able to pull around $50 million out of the platform, while also tanking the value of the $CASH token in the process. The attacker left a note in the input data of their Ethereum transactions that "Account with less 100k have been returned. all other money will be donated to charity."

Saber, the providers of the Cashio liquidity pool, published a postmortem of the attack in which they wrote that "We do not have the money to pay back depositors." The hack was the second largest in Solana history, behind the February Wormhole hack. Saber entreated the hacker to return the funds, writing, "accounts with over $100k are often users’ life savings on leverage, and many of us will seriously be affected financially after this incident."

On March 28, the attacker sent a message saying that "the intention was only to take money from those who do not need it, not from those who do", and invited users who had over $100,000 to apply to receive their funds back with "an explanation of the source of this money and why you need it back. more detail is better. money will not be refund to rich american and european that don't need it." Somewhat strangely, Cashio themselves began hosting a website to allow affected users to plead with the hacker to return the money.

VeVe marketplace goes offline for over a day after an exploit results in a "large amount of gems being acquired illegitimately"

The VeVe marketplace has developed a bit of a reputation as the partner of choice for some big names who have dipped their toes into "licensed digital collectible" NFTs, including Marvel, Pixar, and Coca-Cola. It is also notable for using in-app tokens called Gems, which can be purchased with credit cards, but have been impossible to cash out since the mid-2021 launch (though VeVe has very recently said they are beta testing a cashout system).

On March 22, VeVe tweeted that "We have become aware of an exploit of our systems which resulted in a large amount of gems being acquired illegitimately", and that they had closed the market, as well as purchases and transfers of Gems. The market remained closed for over a day as VeVe apparently triaged the problem. It's not clear yet what the impact has been to the platform or its users, though many reported that their NFTs appeared to have plunged in value.

G2 Esports sues NFT provider Bondly, accuses them of using them for publicity

G2 Esports announced a partnership with NFT provider Bondly in June 2021, through which they planned to release profile picture NFTs that would also provide access to membership perks. Nothing has materialized since then, despite their plans to launch in February. On March 22, G2 filed suit against Bondly, accusing them of agreeing to a deal they knew they could not fulfill, but that would lend Bondly credibility and publicity via the association with the G2 brand. According to the lawsuit, shortly after the first invoice was sent for the rights payments that Bondly was due to pay to G2, Bondly wrote that the company was "past the point of being able to successfully deliver an NFT program". G2 has said the failed deal resulted in $5,250,000 in damages.

Team behind the NeoNexus NFT project raises several million dollars, then abandons it

Tweet by Jack Shi, containing a photo of a man sitting in the driver's seat of a sports car with the gull-wing door opened. Text reads "#NewProfilePic This car is so comfortable and worth way more than my house."Tweet by NeoNexus founder Jack Shi (attribution)
NeoNexus was a metaverse NFT project that raised about 25,000 SOL (worth around $2.2 million today; previously worth $3.5 to $4.5 million). The project had sold various "property NFTs", and had plans to create other NFTs representing things like characters and vehicles.

On March 21, the project's founder Jack Shi wrote on Twitter, "It is with a heavy heart that we must inform you that we can no longer continue healthy development of the NEONEXUS project. We would like to hand over the project to our community, or a community-selected party for takeover if that's feasible / possible." Going into more detail on Discord, he said the project had run out of money, which he blamed on waning interest in Solana NFTs.

The reaction to the announcement was overwhelmingly negative, particularly given the project's founder's apparent habit of bragging about his luxury cars. Many users described the abrupt shutdown as a rug pull, and one user even mentioned looking into a class action suit against the project team.

Phishing scheme promising to animate one's apes nets attacker a collector's three pricey Bored Apes

A Bored Ape with leopard print fur, wearing a black bowler hat and American flag shirt with a deep V-neck, with half-closed red eyes, on an orange backgroundBAYC #71 (attribution)
An NFT collector fell for a scam website promising to "turn your BAYC animated". After connecting their wallet, the attacker transferred their three pricey Bored Ape NFTs to their own wallet, then quickly flipped them for resale for a combined total of around 264 ETH ($764,000). Zachxbt, a crypto fraud sleuth who first noticed the scam, estimated the NFTs' actual value at closer to $900,000.

It appeared from the victim's retweets that they had fallen for a scam shared by a verified Twitter account that claimed to be one of the Bored Apes founders. However, a closer look at the Twitter handle showed it was a hacked account with the username "volt_france", which previously had belonged to the French branch of the Volt Europa political movement.

Hacker steals more than $1.5 million after compromising wallets belonging to crypto whale Arthur_0x

CloneX #13992, one of the stolen NFTsCloneX #13992, one of the stolen NFTs (attribution)
Arthur_0x, a crypto investor and NFT whale, had two of their hot wallets compromised. The attacker stole ETH and transferred some big-ticket NFTs out of the wallets, including at least five CloneX NFTs and 17 Azuki NFTs. CloneX NFTs have been selling for an average of 16.76 ETH (about $50,000) over the past 30 days, and Azuki NFTs have been going for 12.5 ETH ($37,600). The attacker had not yet sold all the NFTs they had stolen, but within two hours of the attack they had 545 ETH (about $1.6 million) in their wallet.

Arthur_0x wrote on Twitter that they had previously only ever used a hardware wallet on their PC, but when they started more regularly trading NFTs they'd started using a hot wallet. "Hot wallet on mobile phone is indeed not safe enough", they wrote on Twitter, "Guess no more hot wallet usage then." They also wrote, "The only thing I can say to the hacker is: you mess with the wrong person" and tweeted the wallet address to which the NFTs were being transferred, asking for it to be blocklisted.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.