Media outlets are duped into believing that Kroger will begin accepting Bitcoin Cash

PR Newswire republished a fake press release which claimed that the Kroger supermarket chain would begin accepting "Bitcoin Cash" (not to be confused with Bitcoin) at its outlets. The fake press release was briefly successful in pumping the value of the currency before it was revealed to be a hoax.

Oracle manipulation attack against Vesper Finance nets hacker over $3 million

By manipulating the price of a low-liquidity, beta-stage stablecoin, an attacker was able to borrow all tokens in a Rari Fuse pool using the initial token as (inflated) collateral. They then swapped the tokens for Ethereum, and made off with more than $3 million.

Creators of a Squid Game-themed token make off with more than $3 million

Creators of a Squid Game-themed token (not affiliated with, or authorized by, those behind the Netflix series) created a token which quickly skyrocketed in value and earned news coverage in outlets like the BBC. Not long after investors began to report they were unable to sell their tokens, creators drained $3.36 million out of the liquidity pool in an apparent rug pull.

NFT collector scammed out of almost $1 million

An illustration of a sad-looking ape with pink fur, blowing a bubble of gum, wearing a black turtleneck and black baseball cap with the logo "BAYC" on it.Bored Ape #2031, one of the stolen NFTs (attribution)
NFT collector Calvin Becerra fell for some social engineering on Discord: "Guys posing as buyers in Discord were helping me troubleshoot a problem we thought was happening... They walked me through language settings in my MetaMask and had me choose an option and took everything." The scammers obtained three of his "Bored Ape Yacht Club" NFTs (one pictured), which collectively valued around $1 million. Becerra successfully lobbied OpenSea, Rarible, and NFT Trader to block sales of the stolen NFTs, though some viewed the NFT exchanges' intervention as a demonstration that these exchanges can indeed interfere with access to the blockchain.

Developer of "Monkey Jizz" cryptocurrency makes off with $270,000

A cartoon of a monkey sitting behind a wooden sign that reads "Monkey Jizz""Monkey Jizz" ogo (attribution)
In a twist absolutely no one could have predicted, the developer of a coin called "Monkey Jizz" ran off with around $270,000. The project promised to share a portion of transactions with all investors, and eventually publish a video game. However, on October 31, the developer set a 94.9% sale fee to discourage people from selling, then transferred out the cash and disappeared.

$60 million disappears in AnubisDAO project within a day of its launch

An illustration of two black Egyptian dog sculptures facing outwards, from a pillar. On the pillar is a circular insignia with a shiba inu wearing a pharoah-like headdress. Bordering the circle is the Greek omega symbol. In front of the pillar is an open treasure chest with stacks of gold coins and jewels.AnubisDAO art (attribution)
A project called AnubisDAO launched a coin called ANKH, and were quickly flooded with cash from investors hoping to find another dog-themed memecoin success like Dogecoin or Shiba Inu. In less than 24 hours, the money vanished from the liquidity pool in what project creators claim was a phishing attack, but more likely was a rug pull. One investor interviewed by CNBC said he had invested nearly $470,000 in the coin before the money was drained.

OpenSea NFT trading platform patches a vulnerability that had allowed hackers to steal from users

Bug bounty hunters helped OpenSea patch a cross-site scripting (XSS) vulnerability in their platform that previously allowed attackers to create an NFT from an SVG image, which contained an iframe that would execute JavaScript. Attackers could create an authorization popup that looks legitimate, and if the victim fell for it, gain access to their wallet. OpenSea quickly patched the vulnerability after disclosure, though it appears it had been used in the wild—the bounty hunters began their research after seeing tweets of users who had fallen victim to attackers using the exploit.

A much-hyped Miss Universe NFT project turns out to be a rugpull

A trading card styled image depicting Miss Universe 2015, Pia WurtzbachPia Wurtzbach NFT (attribution)
Miss Universe and its models, the @nft Instagram, and Steve Harvey all got in on the advertisements for the Miss Universe NFT project, which Miss Universe presenter Paula Shugart said was "going to be the first brand in the NFT space that is about women, about women’s empowerment, and embracing the technology, and moving forward. I love it; this is the first one that is away from other more male-oriented spaces." Buyers were offered signed prints, virtual meetings with the models, exclusive events, and a chance to win $50,000. None of this materialized, the Miss Universe Instagram account was deleted, and NFT owners who asked questions began to be banned from the project's Discord channel.

Rapper Tekashi 6ix9ine releases a series of NFTs, only for the project not to deliver anything it promised

An illustration of a human character on a yellow background, wearing a yellow construction helmet, with blue hair. It has yellow teeth and is holding a bloody machete.One of the Trollz NFTs (attribution)
$100,000 to charity, governance power over the project funds, a boxing game, and weekly competitions and raffles were all promised as a part of the Tekashi 6ix9ine-backed Trollz NFT collection. However, the project crumbled shortly after it began, with creators removing the ability to mint new NFTs before the designated number were released, a takeover of a Discord bot funneling prospective buyers to scam links, and the rapper deleting any trace of his affiliation with the project. One buyer lost $40,000; it's not been reported how much was lost in total to the apparent scam.

DeFi platform C.R.E.A.M. is hacked for a third time, this time for $130 million

Crypto lending service C.R.E.A.M. Finance lost $130 million in a flash loan attack. It was the third hack of the platform this year, following a $37.5 million hack in February and an $18.8 million attack in August.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.