G2 Esports sues NFT provider Bondly, accuses them of using them for publicity

G2 Esports announced a partnership with NFT provider Bondly in June 2021, through which they planned to release profile picture NFTs that would also provide access to membership perks. Nothing has materialized since then, despite their plans to launch in February. On March 22, G2 filed suit against Bondly, accusing them of agreeing to a deal they knew they could not fulfill, but that would lend Bondly credibility and publicity via the association with the G2 brand. According to the lawsuit, shortly after the first invoice was sent for the rights payments that Bondly was due to pay to G2, Bondly wrote that the company was "past the point of being able to successfully deliver an NFT program". G2 has said the failed deal resulted in $5,250,000 in damages.

Team behind the NeoNexus NFT project raises several million dollars, then abandons it

Tweet by Jack Shi, containing a photo of a man sitting in the driver's seat of a sports car with the gull-wing door opened. Text reads "#NewProfilePic This car is so comfortable and worth way more than my house."Tweet by NeoNexus founder Jack Shi (attribution)
NeoNexus was a metaverse NFT project that raised about 25,000 SOL (worth around $2.2 million today; previously worth $3.5 to $4.5 million). The project had sold various "property NFTs", and had plans to create other NFTs representing things like characters and vehicles.

On March 21, the project's founder Jack Shi wrote on Twitter, "It is with a heavy heart that we must inform you that we can no longer continue healthy development of the NEONEXUS project. We would like to hand over the project to our community, or a community-selected party for takeover if that's feasible / possible." Going into more detail on Discord, he said the project had run out of money, which he blamed on waning interest in Solana NFTs.

The reaction to the announcement was overwhelmingly negative, particularly given the project's founder's apparent habit of bragging about his luxury cars. Many users described the abrupt shutdown as a rug pull, and one user even mentioned looking into a class action suit against the project team.

Phishing scheme promising to animate one's apes nets attacker a collector's three pricey Bored Apes

A Bored Ape with leopard print fur, wearing a black bowler hat and American flag shirt with a deep V-neck, with half-closed red eyes, on an orange backgroundBAYC #71 (attribution)
An NFT collector fell for a scam website promising to "turn your BAYC animated". After connecting their wallet, the attacker transferred their three pricey Bored Ape NFTs to their own wallet, then quickly flipped them for resale for a combined total of around 264 ETH ($764,000). Zachxbt, a crypto fraud sleuth who first noticed the scam, estimated the NFTs' actual value at closer to $900,000.

It appeared from the victim's retweets that they had fallen for a scam shared by a verified Twitter account that claimed to be one of the Bored Apes founders. However, a closer look at the Twitter handle showed it was a hacked account with the username "volt_france", which previously had belonged to the French branch of the Volt Europa political movement.

Hacker steals more than $1.5 million after compromising wallets belonging to crypto whale Arthur_0x

CloneX #13992, one of the stolen NFTsCloneX #13992, one of the stolen NFTs (attribution)
Arthur_0x, a crypto investor and NFT whale, had two of their hot wallets compromised. The attacker stole ETH and transferred some big-ticket NFTs out of the wallets, including at least five CloneX NFTs and 17 Azuki NFTs. CloneX NFTs have been selling for an average of 16.76 ETH (about $50,000) over the past 30 days, and Azuki NFTs have been going for 12.5 ETH ($37,600). The attacker had not yet sold all the NFTs they had stolen, but within two hours of the attack they had 545 ETH (about $1.6 million) in their wallet.

Arthur_0x wrote on Twitter that they had previously only ever used a hardware wallet on their PC, but when they started more regularly trading NFTs they'd started using a hot wallet. "Hot wallet on mobile phone is indeed not safe enough", they wrote on Twitter, "Guess no more hot wallet usage then." They also wrote, "The only thing I can say to the hacker is: you mess with the wrong person" and tweeted the wallet address to which the NFTs were being transferred, asking for it to be blocklisted.

Hacker steals $1.45 million from OneRing Finance using code that self-destructs after the attack

A hacker was able to use a flash loan attack to exploit an issue with OneRing Finance. By manipulating the price of tokens in the project's liquidity pool, the hacker was able to draw out 1.45 million USDC, a stablecoin pegged to the US dollar. According to PeckShield, the loss to the protocol was larger than what the hacker actually was able to cash out.

The hacker complicated things somewhat for OneRing by covering their tracks. They used a "self-destruct" mechanism—typically used by developers to destroy smart contracts that are found to have a bug—to destroy the contract they used to carry out the attack, making it more difficult for OneRing to determine which parts of their codebase were vulnerable and led to the attack.

NFT scammers take over the Twitter account of a Florida gubernatorial candidate

Twitter profile of Nikki Fried, showing banner and profile pictures for "Skulltoons", and the name "nikki.eth"Nikki Fried's compromised Twitter profile (attribution)
The Twitter account belonging to Nikki Fried, the current Florida Agriculture Commissioner and a Democratic candidate for the 2022 Florida gubernatorial race, was compromised and repurposed as an NFT shill account. The account, which was verified and had more than 270,000 followers, suddenly underwent what I imagine was a bit of a startling rebrand for her followers: her name was changed to "nikki.eth", and the Twitter bio was replaced with "Mod for SkulltoonsNFT, ThugBirdz, AzukiZen. Web3 Enthusiast". The account also changed its banner and profile pictures to Skulltoons images, and started tweeting about giveaways. By March 20, Fried had apparently regained control of the account, though the account privacy had been changed to protected.

The Fried account compromise is only one instance of what has become a trend on Twitter: Twitter accounts belonging to high-profile individuals, or accounts that are verified or have a large number of followers, being compromised and sold to NFT scammers. On March 11, ESPN baseball reporter Jeff Passan also had his twitter account compromised and repurposed to shill Skulltoons NFTs. Skulltoons distanced themselves from that incident, writing that they believed the hackers were trying to scam their NFT community.

Kaiju Kongz NFT project artificially inflates its floor price by destroying your NFTs if you list them for sale at too low a price

A pixel art image of a large ape creature with green and yellow eyesKaiju Kongz (attribution)
An NFT project's value is often discussed in terms of its floor price—that is, the lowest price at which any given NFT in a collection is listed for sale. The new NFT project Kaiju Kongz decided to take advantage of the fact that you can pretty much do anything you want with a smart contract to ensure that the floor price of its project only increases shortly after the NFTs are launched. They released their project with a "burn schedule"—a list price that gradually increases as time goes on, where if someone lists their NFT below that price, it will automatically be burnt—the closest thing to "destroying" an NFT that's possible. This serves to ensure that the floor price stays above the minimum value the project creators want, which doubles daily from 0.065 ETH (~$190) on the day of launch to 0.64 (~$1900) on March 22.

Some NFT collectors criticized the choice. One described it as "illegal market manipulation tactics", and others said the project should grow the floor "organically". Given the rampant manipulation in the NFT space, one wonders if the real criticism collectors have with the project is that they were too transparent about their price manipulation, and should've just done it quietly like other projects have.

Founder of crypto investment scheme "IGObit" and the sham organization "World Sports Alliance" is convicted of wire fraud

Asa Saint Clair created an organization called the World Sports Alliance, which he falsely described to prospective investors as being closely affiliated with the United Nations (for some reason). Saint Clair convinced more than 60 people that they should invest in his IGObit digital coin offering, stating they would received guaranteed return on investment, but instead he just took the money and used it for his own purposes. Saint Clair was convicted on March 18, and faces a maximum sentence of 20 years in prison.

People briefly borrow Bored Ape NFTs to claim as much as $1.1 million in $APE tokens

The Bored Ape Yacht Club recently created a token called ApeCoin, some of which they announced would be distributed to people who owned various Bored Ape NFTs and NFTs from their related collections. However, because the token distribution didn't use a snapshot of ownership data, but rather distributed tokens per-NFT to the first owner who claimed them, people were able to game the system. Some owners of Bored Ape and related NFTs had put their NFTs into an NFTX vault, which is a setup where someone takes a subset of their NFTs and creates a token that is based on them. The token can then be staked to generate yield, or can be sold, and if someone owns enough of the tokens, they can redeem them for the NFTs. A clever operator found a vault containing five Bored Ape NFTs, which had unclaimed $APE associated with them since they were locked up in the vault. They used a flash loan to purchase a large amount of the vault's token, redeem the five BAYC NFTs, claim the airdropped tokens, return the BAYC NFTs, sell back the tokens, and repay the loan, all in one transaction that cost them nothing but netted them 60,564 $APE, which they then swapped for 399 ETH ($1.1 million).

People were somewhat split on whether this could be classed as a vulnerability in the $APE airdrop, since (as with many crypto hacks and scams) the person was operating completely within the rules set out in code.

Australian regulatory agency begins lawsuit against Facebook over failing to address scammy crypto ads

The Australian Competition & Consumer Commission (ACCC) announced that they had begun federal court proceedings against Facebook, alleging that the company "engaged in false, misleading or deceptive conduct by publishing scam advertisements featuring prominent Australian public figures". The ACCC claims that Facebook ads featured prominent Australian individuals without their approval, and implied that the crypto schemes were associated with or endorsed by those individuals. When a person clicked through the link, they were invited to provide contact information to a group of scammers who reportedly incessantly called the targets to pressure them into putting money into the schemes—in one case, a Facebook user lost more than $650,000. The ACC alleged that Facebook "aided and abetted or was knowingly concerned in false or misleading conduct and representations by the advertisers", but didn't take sufficient action to stop the misrepresentation, even after public figures raised the alarm about their likenesses being used without consent to scam people.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.