OpenSea blocks Iranian users

Iranian users were surprised to find that their OpenSea accounts had been deactivated with no warning. One Iranian user wrote, "NOT A gm AT ALL. Woke up to my opensea trading account being deactivated/deleted without notice or any explanation, hearing lots of similar reports from other Iranian artists & collectors. What the hell is going on? Is OS straight up purging its users based on their country now?" At least one user who reported issues said that they are Iranian, but haven't lived there in years, and are based in Italy.

OpenSea said in a statement that "OpenSea blocks users and territories on the U.S. sanctions list from using our services", though it's unclear why this change seems to only have come into effect recently.

MetaMask and Infura block Venezuelan users, at least briefly

Users based in Venezuela suddenly found themselves unable to use the enormously popular crypto wallet, MetaMask, on March 3. MetaMask relies on Infura, a popular API platform for Ethereum, which had apparently blocked access for Venezuelan users. Both MetaMask and Infura are owned by the parent company ConsenSys. An FAQ page on MetaMask's website states that "MetaMask and Infura are unavailable in certain jurisdictions due to compliance with laws", though it does not specify which jurisdictions, or which laws.

Some Venezuelan users were furious with MetaMask, feeling that their choice to prevent them from using the platform was incompatible with the decentralized and deregulated nature of much of crypto. One Twitter user wrote, "MetaMask Do not tell me that you became Centralized, I have this problem and many people in Venezuela have the same".

ConsenSys later appeared to say that the block of Venezuelan users was in error, writing that "In changing some configurations as a result of the new sanctions directives from the United States and other jurisdictions mistakenly configured the settings more broadly than they needed to be".

People joke about being "rugged" by Ukraine as the country cancels its planned airdrop

Ukraine canceled its promised cryptocurrency token airdrop on the day it was expected to happen. Government officials had previously announced that anyone who donated by March 3 would receive an airdropped cryptocurrency token as a reward; this was a promise that spurred a large total number of donations, though relatively few of much size. Protocol reported that 95% of people donated amounts of 0.01 or 0.001 ETH (equivalent to $28 or $2.80), apparently primarily in hopes of getting the promised reward.

Some publications have speculated that the airdrop was canceled because someone tried to spoof the tokens, but it doesn't appear that Ukraine has given a reason for the change in plans. After the cancellation, many commenters on Twitter, all of whom were hopefully joking, wrote that they had been "rugged" by Ukraine — using the common slang for crypto scams in which people are convinced to buy in on a project that then takes the money and doesn't follow through on its promised plans. In the tweet announcing the cancellation, Ukrainian Vice President Mykhailo Fedorov wrote, "After careful consideration we decided to cancel airdrop. Every day there are more and more people willing to help Ukraine to fight back the agression. Instead, we will announce NFTs to support Ukrainian Armed Forces soon. We DO NOT HAVE any plans to issue any fungible tokens". What a world we live in.

Someone tries to spoof promised Ukraine airdrop

After embracing cryptocurrency donations to help fund its resistance to Russian invasion, the Ukrainian government decided to try to solicit even more donations by announcing they would airdrop a token to anyone who donated. There was some excitement on March 3 as it appeared that Ukraine was seeding liquidity pools on Uniswap with $WORLD tokens. However, blockchain analysis tool Etherscan shortly afterwards marked the token as "misleading... and may be spam or phishing". It's not yet clear what the person apparently spoofing the tokens was trying to do.

Conspiracy theorists Brian Rose and David Icke get in on the defi and NFT grift

Brian Rose and David Icke pose next to one another with their arms crossedBrian Rose and David Icke (attribution)
Conspiracy theorists Brian Rose and David Icke are together known for their April 7, 2020 interview where Icke attempted to draw unsubstantiated links between the rollout of 5G cellular technology and the COVID-19 pandemic. Independently, Icke is also known for many other conspiracy theories, including the antisemitic theory that an interdimensional race of reptilian creatures form the Illuminati, and control humans through fear.

Rose, for his part, runs a show called Brian Rose's DeFi Real, where he has published episodes like "Create your Career in Crypto: How to Become a DeFi Influencer, Educator & Fund Manager", and "The Next 100x Coins: How to Pick the Big Crypto Winners". As for the Rose and Icke duo, not only have they teamed up to broadcast COVID-19 conspiracy theories, they've also turned that project into NFTs, with a 100-item collection consisting of several-minute-long portions of their COVID-19 conspiracy TV series. Although all of the NFTs were given away, only a single NFT has experienced any trading so far.

Personally, I'm shocked to see the conspiracy theorists and crypto communities overlapping in this way.

Bug in Treasure NFT marketplace results in listings being sold for free

A pixel art monkey with a large brain, who appears to be made out of goldSmol Brains #5203 (attribution)
The Treasure NFT marketplace on Arbitrum (a layer 2 network built atop Ethereum) apparently experienced a bug that allowed someone to "buy" NFTs in transactions where they sent 0 currency. The attacker particularly seemed to target the "Smol Brains" NFT project, likely because of its relatively high value — the project has a floor price of almost $10,000. Some of the NFTs that were transferred at no cost to the attacker had been listed for several times that floor price, including one gold-colored Smol Brain (pictured) that had been put of for sale for the equivalent of $560,000.

At least 17 Smol Brains NFTs were stolen, which were listed for a combined total of around $1.4 million. PeckShield reported that more than 100 NFTs from multiple collections had been stolen. They reported that the exploit was due to a bug in their contract that allowed an attacker to set a quantity of 0 in a transaction, which when multiplied by the item price resulted in a total price of 0.

TreasureDAO co-founder John Patten wrote in a tweet while the hack was ongoing that "We will cover the costs of the exploit — I will personally give up all of my Smols to repair this."

Waves protocol Vires Finance loses $530 million after questionable withdrawals

An up-and-coming defi lending project called Vires Finance, which was based on the Waves protocol, offered high returns of 30–70% APY on stablecoins placed in the project. As with so many promises of huge returns, this one fell apart when wallets began siphoning millions of dollars from the protocol by putting up the Waves-based algorithmic stablecoin USDN as collateral, and then withdrawing stablecoins like USDC and Tether. When the USDN stablecoin later de-pegged, those with funds on Vires Finance were left with around $530 million in bad debt.

Waves founder Aleksandr Ivanov blamed the withdrawals on outsiders. However, various crypto researchers believe they have identified Ivanov as the one behind wallets involved in the mass withdrawals.

One contracted developer writes malicious code for 32 different NFT projects

Rendering of a spherical planet with dark green trees interspersed with futuristic skyscrapersThestarslab #6333 (attribution)
A developer offering his services on the freelancer marketplace Fiverr was hired by 32 different NFT projects, for which he wrote and deployed the smart contracts. The first project to be compromised via the malicious code was "TheStarsLab" project, when the developer renounced ownership on the mint contract, making it impossible for the project team to access the funds. The developer is the only one who has the ability to move the money out of the project contract, though as of a month after the attack on the project, the 197 ETH stuck in the contract (~$580,000 at the time of the attack; ~$648,000 as of April 10).

About 2/3 of the other affected projects had yet to launch or had no social media presence. Crypto sleuth zachxbt tried to contact the other 1/3, and some of the projects were able to migrate contracts before any malicious actions. zachxbt wrote, "Funny enough when I reached out to all the different projects the ones that responded said they either didn't read over the smart contract beforehand or weren't the most technically inclined teams." On April 7, OpenSea contacted zachxbt to say they had frozen trading for all contracts created by the developer.

Hackers who stole data from Nvidia demand the chipmaker remove cryptomining limitations on GPUs

In late February, the Lapsus$ ransomware group claimed to have breached Nvidia's corporate network and stolen more than a terabyte of data, which they say includes schematics and source code for drivers and firmware, as well as employee credentials. Instead of the typical monetary ransom, Lapsus$ demanded something unusual: that Nvidia remove the "Lite Hash Rate" (LHR) feature from their graphics card. LHR is an artificial limitation that Nvidia has applied to their line of gaming chips, which makes them less attractive to cryptominers who have otherwise been causing shortages in GPUs.

Lapsus$ initially promised that if Nvidia removed LHR from their 30-series line of chips, they would "forget about [the hardware] folder (it's a big folder)". However, they updated their demand on March 1, demanding that Nvidia either make all current and future drivers for all of their cards open source ("while keeping the Verilog and chipset trade secrets... well, secret"), or else they would publish all files for Nvidia chips. They wrote that Nvidia had until March 4 to make a decision. As of March 3, Nvidia had not made a statement around whether they would acquiesce to the hackers' demands.

Former ConsenSys employees demand audit regarding MetaMask and Infura's transfer to a new company

A group of 35 former employees of the startup incubator ConsenSys filed a request for an audit of a transfer of the company's "crown jewel" assets to a new company, which they say "was to the detriment of the minority shareholders". The requested audit relates to an August 2020 deal that saw the cryptocurrency wallet MetaMask and the developer platform Infura be transferred to a brand new entity. The transaction also resulted in the banking giant JPMorgan taking a 10% share in ConsenSys, and in a $39 million loan by ConsenSys founder being offset. The shareholders allege that MetaMask and Infura were massively undervalued in the trade; an allegation that a ConsenSys spokesperson has rebutted, saying that "the group would like to apply a valuation that might be achieved today to a set of projects that were pre-monetization during the darkest days of Covid when the transaction took place".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.