Successful exploit of the CreatureToadz NFT project briefly nets a poorly-disguised hacker 88 ETH (almost $350,000)
A 17-year-old hacker was able to use a phishing webhook to make himself an admin in the CreatureToadz Discord server. Users who minted NFTs unknowingly sent cash to him, netting him a total of around 88 ETH (almost $350,000). However, after the hacker's real identity was uncovered shortly after the attack, the hacker returned the funds, claiming he'd intended to return it all along.
A hacker drained $16 million from Indexed Finance, a defi protocol built on the Ethereum blockchain. The stolen funds represented nearly half of the total value locked on the platform. The hacker was later revealed to allegedly be an 18-year-old Canadian named Andy Medjedovic, who continued to refuse to return the funds even when his identity was revealed. The hacker argues that he simply took advantage of an arbitrage opportunity, and swore to "fight to the death" in court over his right to keep the money. However, the hacker never showed up to a December court appearance, and a warrant was issued for his arrest.
Developers behind Solana Towers, an NFT project allowing investors to buy rooms in a metaverse virtual condo as NFTs, disappeared with around $280,000 a day after the project's launch. It was only one of the projects to do so that day, joining the developers behind three other Solana NFT projects: "Interstellar Bots", "Cheesy Dizzy", and "Technidroids".
A week after the launch of the "Evolved Apes" NFT project, which consisted of 10,000 NFTs and a promised fighting game, the anonymous developer behind the project disappeared after pulling the equivalent of $2.7 million out of the project's funds.
A blatant clone of the extremely popular Bored Ape Yacht Club project, called "Baller Ape Club" and on the Solana blockchain, went live after much anticipation. Shortly afterwards, its creators made off with $2.6 million and deleted their websites and social media. The same group had pulled off one rug pull already, stealing around $150,000, and later went on to do a third rug pull in January 2022.
Robert Leshner, the founder of Compound Labs, took an unusual approach when trying to recoup funds that were mistakenly distributed through a $160 million bug in the protocol. He tweeted, "Please return [the funds]. Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS". The threats were not received particularly well, with some questioning what assumptions Leshner was making about his typical user's tax status, and Leshner subsequently apologized for his "bone-headed" tweet.
NFT collectors eagerly bought thousands of presales of an NFT project called "Iconics" after viewing sample artwork from a supposedly 17-year-old 3D artist. When they viewed their NFTs, instead of the 3D busts they had expected, they were brought to images of random collections of emojis. It was later discovered that the artwork had been stolen from an artist unaffiliated with the NFT project.
German government's blockchain-based ID wallet removed from app stores shortly after launch due to major issues
Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".
- "ID Wallet: The German government had long known about IT security vulnerabilities", Market Research Telecast
- "Konzeptionell kaputt und ein riesiger Rückschritt", Netzpolitik.org
The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.
A hacker stole $12 million from the DeFi platform pNetwork after exploiting a bug in the codebase. The network offered a $1.5 million bounty to the attacker to return the funds.