However, the NFT launch went poorly—fewer than 2,800 NFTs were minted out of the total supply of 9,671 NFTs. The project tried to relaunch but failed to drum up much more interest, so the creators apparently decided to call it quits—while keeping the money, of course. The project founder left a long message to the community, in which they said that they would be shutting the project and spoke at length about how difficult it had been for them.
Coinbase's new NFT marketplace hasn't had more than 200 transactions in a day since its public launch
Although the company claimed to have 3 million users on its waitlist, the public marketplace release has gone shockingly poorly given Coinbase's existing reputation. The platform has yet to see more than 200 transactions in a given day (compared to OpenSea, which regularly sees more than 100,000 transactions a day, or its smaller competitor LooksRare which sees more than 1,000 daily). Furthermore, the platform has only broken $50,000 in volume traded on five of the days it's been publicly available, with some days seeing only a few thousand dollars traded. OpenSea has been doing over $150 million in daily volume in that same time frame, and LooksRare around $100 million (though it should be noted that the prevalence of wash trading, particularly on LooksRare, makes these numbers hard to evaluate).
The U.S. began sanctioning various wallet addresses belonging to the hackers in mid-April, though have faced obstacles given that it is trivial for the hackers to create new wallets. The use of cryptocurrency tumblers (also called "mixers") has also stymied the government's attempts to limit the DPRK's access to the ill-gotten funds. Blender is not the primary tumbler that Lazarus has been using—that would be Tornado Cash, which they have used to tumble more than $213 million from the hack. Tornado has taken perfunctory steps to comply with sanctions, but nothing that would meaningfully impact Lazarus' ability to use the service.
- "U.S. Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats", U.S. Department of the Treasury
Sadly for the scammer, the scam was discovered and shut down when they had only managed to scam one person. The unsuspecting collector sent 0.3 ETH ($800), which the scammer transferred to Tornado Cash.
- "Ferrari subdomain hijacked to push fake Ferrari NFT collection", BleepingComputer
The project's website is one of the most absurd I've seen, promising that "all final holders will get 10,000,000x gains". Their project roadmap includes a "mystery plan" that results in a 1,000,000x price increase. Their FAQ states, "First of all, we promise that the team will not redeem the fund pool." Apparently projects based on pinky swears aren't great investments.
After the funds were drained, the project claimed that they had been compromised by an external actor, and had "reported to Binance and local authorities".
Given OpenSea's prominence, it's surprising that the hacker managed to obtain relatively few NFTs of much value. The wallet appeared to have successfully stolen only 13 NFTs, none of which were from high-value collections, that are worth a collective $20,000 if resold at the collections' floor prices.
OpenSea tweeted several messages acknowledging the hack and urging users not to click any links. They have not yet confirmed that they've conclusively re-secured their server.
"Double your money" scam using an old livestream of Elon Musk, Jack Dorsey, and Cathie Wood earns crypto scammers $1.3 million in 24 hours
McAfee identified 26 scam websites that were linked from the YouTube livestreams, which altogether took in $1.3 million in Bitcoin and Ether in a 24 hour period.
Capuci was charged with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering. If convicted on all counts, he could be sentenced to up to 45 years in prison.
- "CEO of Mining Capital Coin Indicted in $62 Million Cryptocurrency Fraud Scheme", U.S. Department of Justice
The rug pull appeared to have been perpetrated by one team member, although several other team members had to sign off on the transaction in order for it to go through.
The team had had their real-life identities verified by Obsidian, and remaining team members said they were working with Obsidian to try to investigate those behind the theft. Third-party KYC verification like the service Obsidian provides is often used by crypto projects to increase trust, though Pragma is hardly the first project with this kind of verification that stole funds anyway.