NFT collector scammed out of Bored Ape NFT: "This was my kids college. My mortgage."

A Bored Ape on a yellow-orange background wearing a captain's hat and sunglasses, with a neutral expression.Bored Ape #8038 (attribution)
An NFT collector lost his Bored Ape NFT to a scammer impersonating the well-known NFT collector Jeffrey Huang, aka "Machi Big Brother". The real Huang did eventually buy the NFT off the scammer for 77 ETH (about $290,000) and agreed to sell it back to its original owner for that price. Although the original owner tweeted on December 30 that they were "trying to launch a project that will help me raise funds to buy back my ape that was stolen", the following day they seemed disillusioned with the whole space. They wrote, "Been trying to put on a good face since I lost my ape but I gotta be honest. This was my kids college. My mortgage. Just absolute shit that some of you out there think it's okay that I got ripped off. Fuck you if you think theft is okay because I wasn't 'smart' enough. I got news for you tool boxes. This space is going to zero and regulators are coming hard because the lay person isn't coming with the attitude of a lot of you. No one is coming to a space where they aren't sure there investments are safe. Good luck in the meta".

Open source contributors and advocates are surprised to find photographs of themselves being sold as NFTs

A black-and-white promo card for the project, with text that reads 'White label; 120+ unique portraits; first NFT offering!; limited edition; collect them all!; $99 each (initial price)' The image features three NFTs, of Kelsey Hightower, Yan Zhu, and Bill Joy."Faces of Open Source" promotional image (attribution)
Some prominent open source advocates and contributors were surprised to find that their likenesses were turned into NFTs by an artist who photographed them in 2018. Kris Nóva tweeted, "What would you do if you woke up and found out somebody made an NFT of you? Because that just happened to me and a lot of other open source contributors and thought leaders." She later wrote that the photographer "ended up reaching out, his heart is totally in the right place." However, it still seems pretty gross to me that the NFT creator didn't check with the subjects before using their likenesses in the NFT project, and that he prominently featured Kelsey Hightower, an outspoken critic of web3 who I suspect would not approve of his image being used in such a way, in the branding for the project.

Funko Pop launches Bob Ross NFTs in apparent disregard of Ross's wishes

A digital rendering of a Bob Ross Funko Pop, sitting in a paint canBob Ross NFT (attribution)
Because apparently the vinyl figurines known as Funko Pops aren't a sufficiently useless collectible, Funko decided to get in on the NFT craze by releasing a Bob Ross "Digital Pop". Ross made major changes to his will just before his death to try to prevent people from merchandising his legacy, and many fans were outraged by the NFT project, which they believe is exactly the sort of thing he was trying to prevent from happening.

Visor Finance is hacked for about $8.2 million

A reentrancy exploit in the Ethereum-based Visor Finance DeFi protocol allowed hackers to pull 8.8 million VISR tokens out of the network, equivalent to about $8.2 million. The VISR token went from trading at around $0.93 to around $0.04, losing more than 95% of its value. The Visor team subsequently announced that they would perform a token migration to compensate affected users. Visor has suffered other hacks since its launch earlier in 2021, despite having undergone several audits.

Another Discord scam earns its perpetrators about $150,000

Another Discord scam netted its perpetrators around 800 SOL, or about $150,000, from 373 individuals. The scammer posted a fake minting link in the official Discord of Fractal, the upcoming NFT and blockchain gaming marketplace co-founded by Twitch co-founder Justin Kan. Fractal said it would be compensating all who fell for the scam. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target members of the Monkey Kingdom NFT collection Discord that same day.

Traders hoping to get in on the "Monkey Kingdom" NFT collection are duped by a scam link in the project's official Discord

A pixel-art monkey on a light yellow background. It is wearing a red turtleneck sweater and Santa hatOne of the Monkey Kingdom NFTs (attribution)
An NFT trader hoping to get in on the "Monkey Kingdom" NFT collection was duped by a scam link in the project's official Discord channel, and sent 650 SOL (about $116,000) to a scammer. "It is important money to my family: my wife, my son", the victim wrote on Twitter. Another person replied to the tweet to say they too had been duped by the Discord scammer, to the tune of about 19.5 SOL (about $3,500). In total, the phishing link netted the attacker about $1.3 million. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target users of the Fractal project's Discord that same day.

Either a rug pull or a hack drains at least $1.8 million from Bent Finance

Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance project's own deployer. Because of this, some speculated that it may have been a rug pull. Bent said in a statement, "There are multiple members on this team and we will make this right. We recommend you withdraw all funds until it is clear." The platform hasn't revealed how much money was lost, though a crypto fraud investigator wrote that 440 ETH (equivalent to about $1.8 million) appeared to have been funneled out of the platform. The attack was discovered on December 20, but appeared to have been ongoing since at least December 12, and possibly longer.

Dozens of users report money disappearing from their El Salvadoran Chivo Wallet accounts

Tweet by @designnvt: "@chivowallet Van hacer algo o no ya es demasiado que clase de suporte tienen, son $16000 que ha sacado su sistema sin autorización, ya es demasiado tendré que llamar a una radio o televisión para que lo publiquen si no dan una respuesta." There is a screenshot of about a dozen transactions, each around $800One of the tweets reporting apparent theft (attribution)
A Twitter thread showed dozens of people reporting amounts from hundreds to tens of thousands of dollars disappearing from their Chivo Wallets, the Bitcoin wallet backed by El Salvadoran President Nayib Bukele. El Salvador adopted Bitcoin as legal tender in September of this year, where it is used alongside the U.S. dollar.

Grim Finance is exploited for $30 million

Grim Finance, the "compounding yield optimizer" DeFi platform, was hacked. According to them, attackers exploited a bug in the platform to perform a reentrancy attack that netted them $30 million. Grim, indeed. A cryptocurrency watchdog group, RugDoc, opined that the exploit was possible because of very basic mistakes in implementation, and wrote, "Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand. If you haven't acquired this yet, don't build multi-million dollar projects. Don't get audits from companies which everyone knows are useless." This was apparently a dig at Solidity Finance, who had performed an audit several months prior to the hack and found that "ReentrancyGuard is used in relevant locations to preent[sic] reentrancy attacks."

Adidas learns the hard way that limiting the number of NFTs one person can buy is hard

Adidas NFT, a monkey wearing a tracksuitAdidas NFT (attribution)
Anticipating that buyers would try to hoard items from a big-name NFT drop, Adidas decided to try to limit their NFT drop to two per buyer. They apparently didn't realize that there is no guarantee that one address = one individual, and a crafty blockchain engineer created a smart contract that generated additional smart contracts, each with their own address. These contracts snapped up NFTs, then transferred them to the engineer's primary wallet and self-destructed. The engineer was able to snag 330 NFTs.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.