Popular blockchain game Axie Infinity suffers a $625 million exploit, possibly the largest in defi history

One of the most popular play-to-earn games, Axie Infinity, suffered an enormous hack to the Ronin network on which it runs. The project announced that a majority of Ronin validator nodes had been compromised—four belonging to the Sky Mavis company that builds Axie Infinity, and one belonging to the Axie DAO. After gaining control of the validators, they were able to approve malicious withdrawals of 173,600 ETH (about $600 million) and 25.5M USDC (a stablecoin, worth $25.5M). The $625 million loss was possibly the largest to date in the history of defi projects.

Sky Mavis announced that they had halted the Ronin Bridge and Katana DEX, and were making changes to their network to try to guard against future attacks. They also wrote that they were "working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed".

Would-be collectors of new Pak NFTs lose thousands of dollars in gas fees on failed transactions

A rendering of a clear glass-like sphere partially filled with black sand, with a white 3D x partially embedded in the sandOne of the Ash NFTs (attribution)
Collectors were excited for a chance to obtain NFTs from the artist Pak's upcoming collection, "Ash Chapter II: Metamorphosis". Pak is an extremely popular digital artist, and his newest collection boasted collaborators including Pussy Riot, Paris Hilton, and others.

Unfortunately, the drop did not go smoothly. Heavy botting caused gas fees to spike, and the project claimed there were issues with MetaMask's estimation of gas fees. Outside parties have suggested the issue was not with MetaMask, but rather with a poorly-implemented smart contract.

People wound up making transactions that ran out of gas before completing, meaning they lost their gas fees and did not successfully receive any NFTs. Others paid sufficient gas, but ran into other errors with the contract that meant they didn't get an NFT. The spiking gas fees meant some people lost a considerable amount of money—people reported failed transactions that cost them amounts ranging from 0.1 and 0.8 ETH (between $338 and $2,700). Some who did successfully receive NFTs also claimed to have lost value as a result of the rocky mint, which they said contributed to a lower-valued NFT.

manifold.xyz, the group behind the mint, reported that they planned to reimburse people who lost gas trying to mint NFTs. Some people seemed happy with this solution, while others were upset that they missed their chance to obtain an NFT they wanted as a result of the problems.

Artist for Andrew Yang's crypto lobbying DAO is offered $500 after being promised "a percentage" of revenue in a project that raised at least $790,000

An intricate, rainbow-colored digital art mural of a cityLobby3D mural (attribution)
In February, perennial political candidate Andrew Yang announced he had created "Lobby3", a DAO which he says will push for crypto-friendly regulation and "eradicate poverty". The website sports a cute illustration of a city, which was created by a group of artists, and which was also originally intended to be split into "puzzle pieces" to be minted as NFTs (though this apparently never came to pass).

One of the artists, Phillip Lietz, took to Twitter on March 28 to call out the group for the pittance he was offered for his work, posting screenshots of an email exchange he had had with a member of the project team. The emails show Lietz asking whether artists would receive compensation for their work, and a project team member replying: "Yes... any artist we select will receive a percentage of our revenue".

They went on to say that if they used his work, they would "negotiate a percentage of what we sell". The reply to Lietz's question about if there was a contract was: "No formal contract as we need to move fast, but I imagine this email would hold up in court as a written agreement if it ever came to that (it wouldn't! Andrew and I are men of our words!)" In a subsequent email, the team member wrote that they would "love to send you a Lobby3 Member token", and that "our artist commissions weren't huge, but [we] would love to send you $500 for your time and effort". Lietz replied to say that the DAO's NFT fundraising appeared to have raised at least $790,000, and that $500 was an unfair amount (although I suppose 0.06% is technically "a percentage"). The team member replied by basically negging Lietz, writing "Honestly, I didn't want to say this, but I will now mention: we weren't actually going to use your art in the project... but you seemed like a great guy and I wanted to throw you some cash and get you some exposure".

Anyway, nice job Andrew and team! Nothing says "eradicating poverty" and "empowering creatives" like paying them basically nothing.

Top Super Smash Bros. Ultimate player has his Twitter account hacked to shill NFTs

A pink robot with green drool and rolled-back eyes, with a head floating above the body.The profile picture of the hacked account (attribution)
MkLeo, who is widely considered to be the best Smash Ultimate player in the world, had his 217,000-follower Twitter account hacked and repurposed for NFT shilling. The scammers changed his profile picture to a pink robot creature with green drool, and began posting tweets talking about his supposed collaboration with The Possessed NFT project. The link in the tweets went to a scam website that claimed to allow people to mint NFTs from the actual Possessed NFT project. It's not yet clear how many people fell for the malicious link, but MkLeo's Twitter account appeared to be back under his control later that evening.

Another collector loses a Bored Ape to a phishing scam

A grey robot ape, making a confused face with an open mouth, wearing an orange beanie and black t-shirt on an orange backgroundBored Ape #5778 (attribution)
NFT collector Cameron Moulène was excited to see a link promising a merch drop in the bio of an account with the same branding as Bored Ape Yacht Club, but with the handle BoardApesYC (rather than BoredApesYC). Clicking the link, which matched the BAYC website link except with a character swapped in ("yarht"), the trader connected his wallet and soon found his favorite NFT transferred to the phisher. He had originally purchased Bored Ape #5778, which he described as his "forever ape" that he never planned to sell, in August 2021 for 53.88 ETH ($166,684 at the time). The scammer flipped the Ape within an hour for 110 ETH ($368,660).

When chastised by other NFT collectors who assumed he had stored the ape on a hot wallet, Moulène clarified that the NFTs had been stored in a Ledger hardware wallet. He later tweeted, "Since I've got a platform, here's what I learned today: COLD WALLET, does not just mean storing assets in a series of ledgers/trezors. It means a wallet that is NEVER Linked to anything besides MM or OS." Moulène went on to threaten legal action, saying, "Oh I will spend 10x that ape tracking these fucks down and suiting [sic] them into oblivion." and "I'm going to pursue legal action in the states and internationally (if need be) to find the people responsible and hold them accountable."

Owner of two pricey Ape NFTs sells them for $140 in a possible hack

A beige-furred ape with half-closed eyes, wearing sunglasses, smoking a cigarette, and wearing a leather jacket with no shirt underneath, on a yellow-green backgroundBored Ape #835 (attribution)
NFT trader Calvin Chan recently made some unusual NFT trades. He sold his Bored Ape, which he had bought in August 2021 for 16 ETH (then about $50,000), for 115 DAI ($115 — DAI is a stablecoin pegged to USD). Not only was this a near-total loss compared to the purchase price, Bored Apes' floor price is around 107 ETH (~$360,000), and this Ape likely could've sold for more than that. Chan also sold a Mutant Ape for 25 DAI/$25 to the same buyer—despite Mutant Apes' floor price of 22.5 ETH (~$75,000).

Some initially speculated that he may have mistaken the offer represented in DAI for ETH, as 115 ETH (~$387,500) and 25 ETH (~$84,000) would've been pretty reasonable trades for the respective NFTs. However, the trader posted on Twitter that he had been "swiped ... of his BAYC and MAYC... I am fine. In shock, but okay. Do i know what happened? No. Still trying to wrap my head around how and why."

NFT trader loses a Mutant Ape NFT to an NFT swap scam

An illustration of an ape that appears to be made out of volcanic rock and magma, with a green dripping face, smoking a pipe, wearing a sweater made out of wormsMutant Ape #232 (attribution)
A trader known by taylorRichie.eth agreed to swap their Morie NFT for a Doodle, in a trade they'd coordinated with a user on Discord. Because OpenSea doesn't support trading one NFT for another, only buying and selling them for crypto, the traders had to use a different, less-known swap platform to perform the trade. Although taylorRichie.eth took precautions, like typing in the URL themselves instead of clicking a link, they were still fooled into signing a malicious transaction that transferred a different NFT in their wallet, a Mutant Ape, to the scammer. The scammer then quickly flipped the stolen NFT to another buyer for 22 ETH ($73,585).

Revest Finance is hacked for $2 million

The Revest protocol was targeted with an attack that stole $BLOCKS, $ECO, and $RENA tokens from their vault. The protocol wrote that the attacker used a "highly sophisticated attack on a vulnerability that went unnoticed during our Solidity.Finance audit as well as ... multiple peer-reviews". The hacker quickly swapped the stolen tokens for ETH via various decentralized exchanges, then tumbled the funds using Tornado Cash. The protocol wrote that they "do not possess the funds needed for meaningful financial recompense, and are not covered by any DeFi insurance provider", but promised to try to "do everything within our power to make things as right as they can possibly be made".

Coinbase begins to require users in Canada, Singapore, and Japan to input personal information about the recipients of their crypto transactions

Coinbase began sending out notices to its customers who reside in Canada, Singapore, and Japan, to tell them that in early April, they will need to begin inputting information about the recipients of any crypto they send. Coinbase said the change was in order to comply with various regulations imposed by those countries. The specifics differ somewhat between the three countries: for example, in Canada, the verification is only required for amounts above CA$1,000 (about US$800); Japanese users need to provide verification for any amounts, but only if transferring to entities outside of Japan; and Singaporean users need to verify any amounts sent to anyone. Canadian and Singaporean residents will also need to provide the address of the recipient of their funds, whereas Japanese customers only need to supply the name and country of residence.

Some Coinbase customers in these jurisdictions seemed less than enthused at the announcement. One tweeted, "Wait, then what’s the point of crypto/blockchain, being outside of fin.system and all.. I may be better off sending fiat money".

Crypto tax software firm ZenLedger fires executive after the New York Times discovers he lied extensively about his background

Color-filtered photograph of Dan Hannum from the shoulders up, with a lens flareDan Hannum Twitter profile photo (attribution)
New York Times reporter Ron Lieber began fact-checking a story in March about a deal between crypto tax software firm ZenLedger and the Internal Revenue Service. Lieber ran into trouble fact-checking the claims of ZenLedger COO Dan Hannum, who told a compelling story of being arrested as a juvenile, then turning his life around and earning college degrees, working at several major Wall Street firms, and becoming a crypto millionaire. Lieber discovered that Hannum had never earned the degrees he claimed, nor worked at the Wall Street firms he listed. He also found no evidence that Hannum had ever managed $100 million in assets like he said, nor that he had made so much on crypto that he was paying "millions in taxes" alone.

After Lieber put these questions to ZenLedger, the company fired Hannum. ZenLedger founder Pat Larsen was cagey around the circumstances under which Hannum was hired, and an outside spokesperson for the company laid the blame on a bad referral and a federal background check that returned "no flags regarding his education or work history". A venture capital firm that invested in the company reported that they "did more due diligence than a traditional venture capitalist would have done" on the company but had not checked Hannum's background.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.