Cryptocurrency exchange Multichain publicly announces a vulnerability, and is quickly hacked by attackers using it

Multichain publicly announced a vulnerability that was affecting their tokens, without first notifying users to ask them to remove vulnerable funds. Several hackers quickly exploited the vulnerability, stealing around $3 million from the platform. Security researchers described the saga as "the worst way to treat a vulnerability".

Mastercard spins a partnership with Coinbase as addressing "accessibility" and "inclusivity"

Apparently the real issue with crypto grifts all along has been that it's just too dang hard to put your money into them. Mastercard has shown up to fix that, announcing a new partnership with Coinbase to allow Mastercard holders to buy NFTs on Coinbase's upcoming NFT platform with credit. With just a jaw-dropping attempt at spin, Mastercard wrote in their announcement tweet, "We're working to make NFTs more accessible because we believe tech should be inclusive."

Once popular play-to-earn game BNB Heroes rug pulls after a period of inactivity from the team

Chart showing the value of the BNB Heroes token suddenly droppingBNBHeroToken value (attribution)
The BNB Heroes play-to-earn game apparently rug pulled after a period of inactivity from the development team. The developer drained almost $200,000 from the token pool, plummeting the token value by 65%.

Creator of "MetaBirkins" NFTs writes that he "won't be intimidated" by a trademark lawsuit from Hermès

A rendering of a fuzzy Birkin-styled bag with rainbow-colored abstract flowers on a black background. The bag is sitting on a white museum pedestal.MetaBirkin (attribution)
Mason Rothschild, the creator of "MetaBirkins" NFTs, was the target of a trademark lawsuit by Birkin bag-maker Hermès. The lawsuit came after he ignored a cease and desist from the company over his his 3D renderings depicting and named after the distinctive bags. In a public statement replying to the lawsuit, Rothschild wrote that "I am not creating or selling fake Birkin bags. I've made art works that depict imaginary, fur-covered Birkin bags... I have the right also to use the term 'MetaBirkins' to describe truthfully what that art depicts, and to comment artistically on those bags and on the Birkin brand." So far, the NFT collection has enjoyed about $1.2 million in trading.

I, for one, am very curious to see how the litigation plays out. In the meantime, the Rarible landing page for the connection displays an error message stating, "This user or item has been temporarily blocked from public access".

At least $34 million is stolen from users of Crypto.com

Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The platform restored trading later that day after pushing an update to require their users to re-authenticate their sessions and reset two-factor authentication.

Although some users reported funds missing from their wallets, including one investor who reported that $16.3 million missing, Crypto.com announced that "All funds are safe". Over the next few days this was revealed to be untrue; as of January 20, the total estimated funds stolen from the platform had reached $30 million. Large amounts of stolen funds were quickly laundered through Tornado Cash, a popular crypto mixer.

Mysterious NFT project NotASecretNFT gets people to authorize a shady contract after leaving clear clues to their intentions

An Opensea landing page for the NFT project, showing a collection of black and white imagesNotASecret's Opensea page (attribution)
Enthusiasts rushed to buy NFTs from a project called NotASecretNFT after seeing NFT mega-whale Pranksy buy in, even though the OpenSea description was simply, "1000 secrets, endless lies... Farming $LIES starts 24 hours from mint." After funds were drained from the project, Pranksy tweeted, "Ok you may have seen me buy some NotASecretNFT's from opensea - it looks like this was a rug pull / scam, please do not buy anymore based on my purchases and revert any permissions you may have given". A note in the project's smart contract read, "Hello world, Nothing was intended to be obscured from you, you simply did not follow the clues." In a tweet thread, one buyer explained how he didn't research the project himself, but bought in after seeing an alert that Pranksy had bought NFTs. He ended the thread by writing, "Never buy into hypes and always #DYOR [do your own research]. Lesson learned once more!"

CryptoBurgers play-to-earn game is hacked shortly after launch

The value of the $BURG token associated with the CryptoBurgers game suddenly plummeted after being hacked shortly after launching earlier that day. The game allowed users to earn cryptocurrency by flipping burgers... yes, really. A bug in the smart contract allowed an attacker to use flash loan attacks to drain $BURG, netting them around $770,000 as of that evening. The CryptoBurgers team announced they would be contacting Binance to try to recover funds, and the team would be creating a new smart contract and token. Hope the next one goes better!

SpiceDAO wins a $3 million auction to buy an extremely rare storyboard book of Dune, only to learn that owning a book doesn't confer them copyright

Photograph of the Dune storyboard bookDune storyboard (attribution)
Somehow, SpiceDAO managed to raise €2.66 million (about $3 million) to buy the storyboard for Alejandro Jodorowsky's never-made Dune adaptation. In a celebratory tweet the group wrote, "We won the auction for €2.66M. Now our mission is to: 1. Make the book public (to the extent permitted by law) 2. Produce an original animated limited series inspired by the book and sell it to a streaming service 3. Support derivative projects from the community". They were quickly informed that buying the physical book did not somehow confer to them copyright or licensing rights (much like how buying an NFT does not automatically confer you the rights to the underlying artwork!). You'd think they might have checked that first.

Developer apparently rug pulls two NFT projects at once

A pixel art face wearing a red, white, and black cap, and smoking a pipeMadHasher #0051 (attribution)
Shortly after it was discovered that the images used for the NFT project "InvertedCulture" were nothing more than unauthorized flipped copies from a different NFT project, DNA Cultura, the creator deleted the project's Twitter account and transferred funds out of the project. Simultaneously, another project called "MadHashers" also deleted their Twitter account and drained funds. It didn't take long for people to realize that the money from both projects was going to the same account, suggesting that that the same person was behind both scams.

Chinese police arrest eight people over a $7.8 million rug pull

Eight people were arrested in China after being connected to a rug pull. One investor lost ¥590,000 ($90,000) he had poured into the token in June, when project owners took the website offline and pulled all of the money out. A total of ¥50 million (a bit below $7.9 million) was lost to the scam.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.