Blockchain bridge for the WonderHero play-to-earn game is exploited

WonderHero is a mobile play-to-earn turn-based strategy game. Attackers were able to mint 80 million $WND after successfully exploiting the bridge linking the WonderHero play-to-earn sidechain and the BNB chain. The attacker was able to swap their stolen $WND for 750 BNB ($325,000), tanking the price of $WND to near zero in the process.

Starstream treasury drained of $4 million

Starstream, a defi project built on the Andromeda layer 2 Ethereum protocol, had its treasury drained. Blockchain security company CertiK reported that the treasury appeared to have contained around $4 million in STARS, all of which was stolen. Shortly after the hack, the attacker transferred 900 ETH ($2.9 million) to a crypto tumbler. Starstream had been audited by two security firms prior to the exploit.

Scammer creates a fake site to revoke wallet permissions, then pretends there is an OpenSea vulnerability to trick people into using it

Tweet by grantith.eth, reading "HUGE OPENSEA ISSUE You MUST go check on revote.site if you have the OpenSea API allowance, if yes you should revoke for your NFTs! I just lost a $100k Azuki so ALWAYS check and don't make the same mistake. Share it to save someone NFTs.A tweet falsely claiming an OpenSea vulnerability, linking to a scam permission revocation website (attribution)
It's not exactly straightforward to revoke wallet permissions once they've been granted, and so many users use a site called revoke.cash to remove permissions in the case of malicious contracts or as a precautionary measure. A clever scammer created a fake website that mimics revoke.cash, called revoke.site, and then used a verified Twitter account to tweet about a "huge OpenSea issue" that they claimed resulted in the loss of a pricey NFT. Hoping that people would panic and try to use the site to revoke permissions, in reality the website runs a script to determine the highest value assets, and then prompts the user to "revoke" permissions for those assets — when in reality, it sets approval for those assets to be transferred to the scammer's wallet. As of the evening of April 7, the wallet had received 13 NFTs, and flipped eight of them for a total profit of 4.9 ETH (~$16,000).

Star Trek gets into NFTs

A rendering of a spaceship resembling the Starship EnterpriseSample Star Trek NFT (attribution)
Star Trek announced the creation of "Star Trek Continuum", a part of Paramount's new NFT platform. They state that the project is "accessible to everyone [with $250 to throw around] and allows another expression of fandom [by giving us their money]". The press release attempts to drum up FOMO by writing, "there will never be more of these designs created and the minting window will only be open for 24 hours" — however, it also talks about how this is "Season 0" and the platform will be used for "future seasons of Star Trek™ NFTs."

Ubisoft abandons Tom Clancy's Ghost Recon Breakpoint after shoehorning NFTs into it

A monochrome, dark grey helmet modelUbisoft "Wolf Enhanced Helmet A" NFT (attribution)
Ubisoft announced in December that they would be incorporating NFTs in to their Tom Clancy's Ghost Recon Breakpoint title, much to the chagrin of its players and some employees as well. On April 5, Ubisoft announced that they would no longer be releasing updates to the game, nor would they be minting any additional NFTs.

Although the Formula 1 blockchain game that shut down earlier this month made halfhearted promises to allow NFT holders to swap their NFTs for ones used in a different game, Ubisoft has made no such promises.

Another $1 million lawsuit is filed against OpenSea for stolen apes

An illustration of a red-furred ape wearing a captain's hat, grimacing with half-lidded eyes, and wearing a dress shirt and maroon vest with an ascotBored Ape #8858 (attribution)
A third "stolen ape" lawsuit was filed against OpenSea, alleging that Opensea's "security vulnerability allowed an outside party to illegally enter through OpenSea's code and access Plaintiff's NFT wallet, in order to sell Plaintiff's Bored Ape at a fraction of the value." Someone was able to buy the plaintiff's Bored Ape for 24.89 ETH (~$60,000) — much less than the 135 ETH (~$332,000) the plaintiff had recently listed it at. The scammer then quickly flipped the NFT for resale for 92.9 ETH (~$225,000) within an hour.

The language in the lawsuit is very similar to the stolen ape lawsuit filed February 18, which is not surprising because the plaintiffs are using some of the same lawyers. Vice interviewed one of the lawyers, and determined that the somewhat odd wording refers to the issue in which OpenSea users didn't realize their old listings of NFTs at lower prices were still active.

Worldcoin, creators of the eyeball scanning orb that promises universal basic income, encounters more difficulties

A man sits staring into a gleaming silver sphereStare into the Orb (attribution)
New reporting from BuzzFeed News and MIT Technology Review described some of the issues that Worldcoin has been encountering on its mission to scan the eyeballs of the world population, in exchange for nebulous promises of crypto. Although "Orb operators" have been out and about scanning eyeballs in countries around the world, those who've agreed to be scanned have only been offered a voucher for Worldcoin tokens and a promise that they may, someday, be redeemable for $20. Meanwhile, the company appears to be flouting data privacy laws and endangering operators of these Orbs, who have encountered threats from angry uncompensated users, and some of whom have been detained by law enforcement. Those who have agreed to have their eyes scanned have accused the company of "stealing their eyes", and fear how their biometric data may be used.

Collectors spend a cumulative $26 million on gas fees alone for "VaynerSports" NFT project—3x the amount made from the NFTs

A rendering of a card with the letters "VSP" on itVaynerSports Pass NFT (attribution)
AJ Vaynerchuk, brother of prominent NFT personality Gary Vaynerchuk (aka Gary Vee), launched his VaynerSports NFT collection. The popularity of the project resulted in surging gas fees on the Ethereum chain, and a poorly-implemented contract worsened issues. Users encountered failed transactions, meaning they lost the gas fee they had spent, and also did not successfully mint an NFT. Once the mint was over, 2411 ETH ($8.2 million) had been spent on mints, and 7652 ETH ($26.4 million) had been spent on gas fees. Some users lost thousands of dollars in gas fees on failed transactions.

Someone mints NFTs of r/place, because what's the point of collective artwork if someone can't profit off it

Pixel artwork showing a Bitcoin with a cancel symbol, and "r/FUCKNFTS"Portion of r/place (attribution)
Reddit reopened its chaotic collaborative art project, r/place, for several days. Users could place colored pixels onto a shared canvas at limited intervals, collaborating to festoon the page with flags, fan art, memes, subreddit names, activist statements, logos, and everything else people could collectively convince others to help create. The collaborative canvas at various times conveyed pro- and anti-crypto sentiment, with r/Buttcoin putting up a valiant effort to stamp "Fuck NFTs" onto the piece.

Sadly, the collaborative and fun community art piece and social experiment was financialized almost immediately after the last pixels were placed, with several projects cropping up to sell portions of the canvas for crypto. One of the projects ended almost as quickly as it began, replacing all its NFT images with the "r/FUCKNFTS" portion of the canvas and rewriting the description to say, "Ok, I guess that was a bad move and a bad Joke. Please use Cryptos as decentralized money against states, not to sale dumb images on the internet. Love U Reddit, got U". Other projects, however, remain for sale.

COVID-19 conspiracy theorist Robert Malone announces to trucker convoy his plans to dox more than 4,000 people using blockchain-based tech "so they can't take it down"

Robert Malone speaks into a microphone at a podium on an outdoor stageRobert Malone speaking to trucker convoy (attribution)
Robert W. Malone, a COVID-19 conspiracy theorist, gave a speech to a group of anti-vax truckers in which he announced plans to dox over 4,000 "[World Economic Forum] trainees" by publishing their names, addresses, and current and historical work information. "We're about to put this up on a blockchain-protected site so they can't take it down" he said, to cheers. "We're going to ask all of you and we're going to ask Steve Bannon's posse to crowdsource the rest of those names," he said, "There are a ton of... people residing in the United States... that are embedded throughout our government, and throughout the tech industry, and throughout the banking industry, and throughout the bloody media!" When a crowd member shouted "Lock them up!" he replied, "locking them up isn't even going to do it", leading another person in the crowd to shout, "hang them!"

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.