Although some users reported funds missing from their wallets, including one investor who reported that $16.3 million missing, Crypto.com announced that "All funds are safe". Over the next few days this was revealed to be untrue; as of January 20, the total estimated funds stolen from the platform had reached $30 million. Large amounts of stolen funds were quickly laundered through Tornado Cash, a popular crypto mixer.
At least $34 million is stolen from users of Crypto.com
Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The platform restored trading later that day after pushing an update to require their users to re-authenticate their sessions and reset two-factor authentication.
Mysterious NFT project NotASecretNFT gets people to authorize a shady contract after leaving clear clues to their intentions
Enthusiasts rushed to buy NFTs from a project called NotASecretNFT after seeing NFT mega-whale Pranksy buy in, even though the OpenSea description was simply, "1000 secrets, endless lies... Farming $LIES starts 24 hours from mint." After funds were drained from the project, Pranksy tweeted, "Ok you may have seen me buy some NotASecretNFT's from opensea - it looks like this was a rug pull / scam, please do not buy anymore based on my purchases and revert any permissions you may have given". A note in the project's smart contract read, "Hello world, Nothing was intended to be obscured from you, you simply did not follow the clues." In a tweet thread, one buyer explained how he didn't research the project himself, but bought in after seeing an alert that Pranksy had bought NFTs. He ended the thread by writing, "Never buy into hypes and always #DYOR [do your own research]. Lesson learned once more!"
CryptoBurgers play-to-earn game is hacked shortly after launch
The value of the $BURG token associated with the CryptoBurgers game suddenly plummeted after being hacked shortly after launching earlier that day. The game allowed users to earn cryptocurrency by flipping burgers... yes, really. A bug in the smart contract allowed an attacker to use flash loan attacks to drain $BURG, netting them around $770,000 as of that evening. The CryptoBurgers team announced they would be contacting Binance to try to recover funds, and the team would be creating a new smart contract and token. Hope the next one goes better!
SpiceDAO wins a $3 million auction to buy an extremely rare storyboard book of Dune, only to learn that owning a book doesn't confer them copyright
Somehow, SpiceDAO managed to raise €2.66 million (about $3 million) to buy the storyboard for Alejandro Jodorowsky's never-made Dune adaptation. In a celebratory tweet the group wrote, "We won the auction for €2.66M. Now our mission is to: 1. Make the book public (to the extent permitted by law) 2. Produce an original animated limited series inspired by the book and sell it to a streaming service 3. Support derivative projects from the community". They were quickly informed that buying the physical book did not somehow confer to them copyright or licensing rights (much like how buying an NFT does not automatically confer you the rights to the underlying artwork!). You'd think they might have checked that first.
Developer apparently rug pulls two NFT projects at once
Shortly after it was discovered that the images used for the NFT project "InvertedCulture" were nothing more than unauthorized flipped copies from a different NFT project, DNA Cultura, the creator deleted the project's Twitter account and transferred funds out of the project. Simultaneously, another project called "MadHashers" also deleted their Twitter account and drained funds. It didn't take long for people to realize that the money from both projects was going to the same account, suggesting that that the same person was behind both scams.
Chinese police arrest eight people over a $7.8 million rug pull
Eight people were arrested in China after being connected to a rug pull. One investor lost ¥590,000 ($90,000) he had poured into the token in June, when project owners took the website offline and pulled all of the money out. A total of ¥50 million (a bit below $7.9 million) was lost to the scam.
An attacker pulls about 350 ETH from Float Protocol's Rari Capital pool
Lack of liquidity in the Uniswap V3 FLOAT/USDC oracle allowed an attacker to manipulate the prices within the pool, then deposit it at a much higher rate. The hacker pulled about 350 ETH (equivalent to $1.1 million) out of the pool, though according to PeckShield they later returned around $250,000 for some reason.
Voice actor Troy Baker announces his involvement in "voice NFT" project Voiceverse with an antagonistic tweet, shortly before it's revealed that the project stole work
Troy Baker, the voice actor behind video game characters in The Last of Us, Far Cry, and various Batman games, announced he would be partnering with "voice NFT" company Voiceverse. Voiceverse is pretty vague as to what it's actually offering, but it has something to do "provid[ing] you an ownership to a unique voice in the Metaverse". Baker's announcement tweet ended, "You can hate. Or you can create. What'll it be?", which didn't seem to help with the already-negative reaction to the idea. Things were further soured when it was revealed that Voiceverse had stolen work without crediting it from a computer-generated voice project called 15.ai. Voiceverse subsequently apologized for the theft, and Baker acknowledged that his initial tweet "might have been a bit antagonistic".
Token drop for the aptly named WTF token devolves into chaos
fees.wtf, a platform allowing people to see how much money a given cryptocurrency wallet has spent in gas fees, decided it was time to release their own token, and promised to follow it up with NFTs. They tempted people with an initial airdrop, where people recruited their friends in exchange for more "WTF" tokens. However, with a small initial liquidity pool and trading bots quickly entering the fray, enormous volatility led to absolute chaos. Some traders who were unfamiliar with setting up tolerances for slippage found their orders executed for substantially less than expected, with one user trading 42 ETH ($135,000) for what ended up being less than 1¢ of WTF. Edward Ongweso Jr wrote for Vice, "Like so many other crypto projects, it was so poorly planned, capitalized, and executed, that it's almost indistinguishable from a scam."
Global Game Jam plugs their blockchain company sponsor, then tries to scrub mention of it after backlash
Global Game Jam, an annual event where people collaborate to make video games, proudly plugged The Sandbox as their "primary headline sponsor" on Twitter. The Sandbox is a platform for selling game assets on the Ethereum blockchain. After swift backlash, GGJ deleted the tweet and deleted references to blockchains from The Sandbox's description in their sponsor list. Needless to say this didn't go unnoticed, appearing to many as an attempt to deceive their community. GGJ eventually apologized for this action, and dropped The Sandbox as a sponsor.