Ichi token plummets 90% after Rari liquidity pool is emptied

Ichi, a defi project that allows other projects to create their own stablecoins suffered cascading liquidations in its Rari pool, leading to a token price crash. Rari is a protocol that allows users earn yields on liquidity pools for various assets. Ichi's liquidity pool on Rari was set up with an extremely high collateral factor (85%) and no supply caps, which allowed borrowers to borrow more $ICHI to use as collateral than actually existed in the liquidity pool, with many borrowing $ICHI to buy more $ICHI. As borrowers did this, the price briefly spiked from the token's early April price of around $70 to $139 before plummeting to below $2.

One Rari developer blamed Ichi for the disaster, writing, "Fuse is a permissionless protocol. Pool operators are responsible for following best practices to avoid situations like this one". Rari Capital's official Twitter account also blamed Ichi, stating, "This is a permissionless pool that is owned and operated by Ichi. We hope to see an announcement from Ichi regarding redemption strategies and next steps to make users whole."

In the FAQ about the incident, Ichi wrote that they had allowed such a high LTV ratio in the pool because they expected "users would make responsible decisions that would benefit the community". There is currently around $30 million of bad debt in the liquidity pool.

NFT collector suffers wallet compromise and loses over 100 NFTs, priced at over $600,000

A computer-generated image of blue and orange wave-like structures on a striated yellow and orange backgroundOne of Casper's stolen NFTs, Jiometory No Compute - ジオメトリ ハ ケイサンサレマセン #1021 (attribution)
NFT collector "Casper" discovered their wallet had been compromised, and an attacker had stolen around 114 NFTs worth around $600,000. The collector took to Twitter to urge people not to transact with his compromised wallet, and to ask OpenSea and other marketplaces to freeze the address. As of April 12, it was unclear how the wallet had been compromised. However, other wallets besides Casper's had transferred NFTs to the same exploiter address, so they may not have been the only user affected.

Attacker drains Creat Future tokens through flaw that allows anyone to transfer the contents of another person's wallet

A chart showing the value of $CF/$USDT. The price was steady before briefly spiking and then crashing to near 0CF/USDT pair (attribution)
An attacker stole about $1.9 million after exploiting a bug in the smart contract for the Creat Future token. The contract's transfer function was defined as public, with no validation on the caller, allowing anyone to transfer tokens from any wallet. An attacker quickly exploited this flaw to drain millions of $CF tokens from various wallets, then exchange and tumble them to cover their tracks. The attacker made off with about $1.9 million, and the value of $CF crashed.

$CF was an asset belonging to Creat Future, an early-stage defi project. Some have speculated that the hack was an inside job, and the vulnerable function was added intentionally.

First crypto burger purchase at Bored Ape restaurant illustrates why people don't widely do this

A packaged fast food meal with a Bored Ape and two Mutant Apes printed on the packagingBored & Hungry packaging (attribution)
A restaurateur opened "Bored & Hungry", a Bored Ape-themed restaurant in Long Beach, California that offers a simple menu of hamburgers or plant-based burgers (with or without onions), french fries, and soda. Prices are listed in plain ol' cash, but the restaurant published a celebratory Instagram post on April 9 showing their first ever meal purchased with $APE, the Bored Ape-associated crypto token.

A customer ordered two combo meals, which he purchased by using his mobile crypto wallet to transfer 2 $APE. I was able to track down the transaction, and at the exact time of transfer, 2 $APE were priced at $21.92. The value of $APE has increased by 20% since then, so the purchaser lost out on those earnings by spending them at that time (compared to cash, which is worth roughly the same as it was 10 days ago). This is a (very small) example of why people don't tend to use as currency the same assets they are expecting to increase substantially in value. Furthermore, the purchaser had to agree to an estimated $10 in gas fees when he confirmed the transaction—half as much again as the price of the meal. The transaction ultimately cost the purchaser $4.66 in gas due to fortunately low rates that day, but it was a transaction fee that wouldn't exist if they used cash, or would be substantially smaller and typically absorbed by the restaurant if using a credit card.

Painful financial implications aside, a public transaction record means it's now trivial for anyone to see who is purchasing food at the restaurant using crypto in real time—something that has concerning implications for victims of stalking and other abuse if implemented more widely, as well as just for average people who enjoy having some degree of privacy.

Anyway, hopefully the food's good—assuming the person had any appetite left after looking at their food containers depicting an ape with green skin sloughing off its face.

Gripnr seeks to financialize your Dungeons & Dragons games

An illustration of a dwarf with a long grey beard and short cropped hair with some braids in it. He is hunched over holding a glaive and is wearing a chainmail shirtGripnr dwarf NFT illustration (attribution)
Because, really, what is even the point of playing Dungeons & Dragons if you're not buying a premade character from a limited set of options, playing premade adventures with it, getting "Gripnr certified" as a dungeonmaster (or finding someone who is), paying transaction fees every time you level up or get new equipment, or reselling your characters after the campaign ends (to someone who apparently wants a "used" D&D character)?

A company called Gripnr is already working to line up NFT pre-sales, despite acknowledging that they have no idea how they will prevent fraudulent data input—an issue commonly known as the oracle problem. It's also unclear how they intend to change the game so that it's sufficiently different from the Wizards of the Coasts game that they will not face legal action (an issue that ended another crypto project planned to be based around a WotC game). We can only hope that none of this may last long enough to become an issue, given that Gripnr have come up with an idea that I can't imagine appealing to a single person who's ever played D&D.

Legal action begins against developer who solicited investments to build an OpenSea competitor, then used it to fund his NFT trading

Attorney Kevin Homiak tweeted that his firm would be representing several individuals who contributed money to a developer, Tyler Gaye, who promised to be working on an NFT platform called 0peNFT. After pulling in donations totaling 227 ETH (then around $400,000), the project was plagued with delays. Despite promises that the team was hard at work, people observing the public Github noticed it showed almost no commits to the project code.

Meanwhile, Gaye used the project Twitter account to promote his own NFT collection. He also took the donated funds and used them to buy NFTs. When pressed on this in the project's Telegram chat, he wrote, "Im buying NFTs because its my ETH and thats what I wanted to do." After crypto scam investigator zachxbt wrote about Gaye's scams, Gaye threatened to "put him in the ground if we ever meet in person".

Gaye has spent almost 400 ETH on NFTs since beginning to collect donations for his project—equivalent to over $1 million. He has also sold NFTs for a total of around 315 ETH (roughly breaking even with the amount he spent on NFTs, if looking at the ETH prices at time of trade), and amassed a substantial number of NFTs he still holds.

Blockchain bridge for the WonderHero play-to-earn game is exploited

WonderHero is a mobile play-to-earn turn-based strategy game. Attackers were able to mint 80 million $WND after successfully exploiting the bridge linking the WonderHero play-to-earn sidechain and the BNB chain. The attacker was able to swap their stolen $WND for 750 BNB ($325,000), tanking the price of $WND to near zero in the process.

Starstream treasury drained of $4 million

Starstream, a defi project built on the Andromeda layer 2 Ethereum protocol, had its treasury drained. Blockchain security company CertiK reported that the treasury appeared to have contained around $4 million in STARS, all of which was stolen. Shortly after the hack, the attacker transferred 900 ETH ($2.9 million) to a crypto tumbler. Starstream had been audited by two security firms prior to the exploit.

Scammer creates a fake site to revoke wallet permissions, then pretends there is an OpenSea vulnerability to trick people into using it

Tweet by grantith.eth, reading "HUGE OPENSEA ISSUE You MUST go check on revote.site if you have the OpenSea API allowance, if yes you should revoke for your NFTs! I just lost a $100k Azuki so ALWAYS check and don't make the same mistake. Share it to save someone NFTs.A tweet falsely claiming an OpenSea vulnerability, linking to a scam permission revocation website (attribution)
It's not exactly straightforward to revoke wallet permissions once they've been granted, and so many users use a site called revoke.cash to remove permissions in the case of malicious contracts or as a precautionary measure. A clever scammer created a fake website that mimics revoke.cash, called revoke.site, and then used a verified Twitter account to tweet about a "huge OpenSea issue" that they claimed resulted in the loss of a pricey NFT. Hoping that people would panic and try to use the site to revoke permissions, in reality the website runs a script to determine the highest value assets, and then prompts the user to "revoke" permissions for those assets—when in reality, it sets approval for those assets to be transferred to the scammer's wallet. As of the evening of April 7, the wallet had received 13 NFTs, and flipped eight of them for a total profit of 4.9 ETH (~$16,000).

Star Trek gets into NFTs

A rendering of a spaceship resembling the Starship EnterpriseSample Star Trek NFT (attribution)
Star Trek announced the creation of "Star Trek Continuum", a part of Paramount's new NFT platform. They state that the project is "accessible to everyone [with $250 to throw around] and allows another expression of fandom [by giving us their money]". The press release attempts to drum up FOMO by writing, "there will never be more of these designs created and the minting window will only be open for 24 hours"—however, it also talks about how this is "Season 0" and the platform will be used for "future seasons of Star Trek™ NFTs."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.