Phishing sites appearing to be the "Otherside" Bored Ape land project steal NFTs valued at $6 million

In what should surprise nobody, some of the historically phishing-prone fans of the pricey Bored Apes project fell for scams that pretended to be the Bored Apes' new land project, called "Otherside". In collectors' hurry to mint the metaverse land NFTs, some fell for phishing sites pretending to be the real deal.

Blockchain sleuth zachxbt found one such address that had netted around $1 million in NFTs just today, and tracing its transactions led to two other scammer wallets containing $5.1 million of other stolen NFTs.

Popular NFT mint spikes Ethereum gas prices; OpenSea transaction fees exceed $3,500

A pixel-art image of a blue goat sitting in a red bowlGoat Soup #3672: $275 for the NFT, $3,850 for the fee (attribution)
The much-awaited Bored Ape Yacht Club "Otherside" metaverse land sale began, and its popularity just about wrecked Ethereum for everyone else. Gas fees, which increase based on network congestion, spiked to shocking levels, with an average OpenSea sale costing more than 1.25 ETH ($3,500) in gas.

Most trading on OpenSea during this period was for the much-anticipated Otherside land deeds, which sell for around 5 ETH ($13,500) plus gas. However, some people oddly continued to buy and sell cheaper NFTs, including one person who bought a 0.1 ETH ($275) NFT and paid $3,850 in transaction fees.

Solana goes down again

On April 30, NFT minting bots began flooding the Solana network with 4 million transactions per second, causing the network to lose consensus. The project tweeted that "Engineers are still investigating why the network was unable to recover, and validator operators prepare for a restart." The network was offline for seven hours.

This is hardly the first instability the network has demonstrated, much to the chagrin of its users. Transaction flooding is an issue on Solana in part because of the low transaction fees compared to networks like Bitcoin and Ethereum, which have relatively high gas fees that would make flooding extremely expensive.

"Official" Teenage Mutant Ninja Turtles NFT project buys a fake IP rights contract

Illustration of a Teenage Mutant Ninja Turtle holding a boombox to its earTMNT NFT Twitter profile picture (attribution)
A project to create Teenage Mutant Ninja Turtles NFTs stirred up a lot of excitement, garnering more than 100,000 Twitter followers on a verified Twitter account that described itself as "The Official TMNT NFT". Crypto research project "Rug Pull Finder" wrote on March 29 that they didn't believe the project owned the IP rights they needed. The TMNT project posted later that day same day, "Let's make it clear: we own the NFT digital rights of the Original Teenage Mutant Ninja Turtles 1987". Rug Pull Finder followed up with a detailed thread in late March outlining their belief that the project didn't own the proper rights to create the NFTs, writing that, "unless they can get cooperation from Viacom for the release of their collection, it will absolutely be a rugpull".

In late April, the Twitter account was suddenly suspended. On April 30, the TMNT project announced in their Discord that they had discovered that they had been sold a "fake IP rights contract", which they learned after communication from Paramount. They, probably overly optimistically, wrote that they would be pausing the project but they were hoping to "continue the project hand in hand" with Paramount.

Saddle Finance loses more than $11 million to hack

An exploiter used a flash loan attack to pull 3,933 ETH (~$11 million) from the "decentralized automated market maker" Saddle Finance. Shortly after the attack, the hacker began moving the stolen funds through the Tornado Cash tumbler to launder the money.

Saddle Finance had lost money once before, right after it launched in January 2021. An individual was able to arbitrage Saddle Finance pools for a profit of around $275,000.

$80 million stolen from Fei Protocol and Rari

A hacker attacked multiple Rari liquidity pools relating to the Fei Protocol, exploiting a known re-entrancy vulnerability that exists on forks of the Compound protocol. The attacker stole more than $80 million from the projects.

Fei Protocol tweeted that they had paused borrowing to avoid further thefts, and offered a $10 million bug bounty if the hacker returned the money.

SEC files fraud complaint against NASGO organizers

The SEC charged four individuals with fraud violations in relation to their actions with NASGO, a company that created various tokens that the SEC has since described as unregistered securities. The defendants allegedly made claims that one of the tokens would increase in value by 10¢ every week, plus another 10¢ each time a new business joined their platform. The defendants also engaged in various other shady business, including hiring traders to trade the tokens amongst themselves to give the appearance of investor demand. This worked only until investors actually decided they wanted to cash out, causing the whole thing to fall apart because the market demand was faked. According to the SEC, NASGO misappropriated almost $4 million in investor funds.

Deus Finance exploited for $13.4 million in the second hack in two months

The defi project Deus Finance was hit with a flash loan attack that netted the hacker $13.4 million. The loss to the protocol was likely larger than what the hacker was able to withdraw, though Deus announced that no users had been liquidated and that "the loss is on the protocol".

Deus had suffered a similar attack in March, with an attacker using a flash loan attack to steal more than $3.1 million. Deus reimbursed users who were liquidated in the incident.

According to Deus' CEO, the exploit in this incident was not the same one used in the previous attack. He wrote on Twitter that the exploit was "the first of its kind, a zero-day exploit on Solidly [decentralized crypto exchange] swaps".

Central African Republic adopts Bitcoin as legal tender

The Central African Republic became the second country to adopt Bitcoin as legal tender, after El Salvador did the same in September 2021. It's a strange move, in a country where only 4% of people have Internet access, whose currency (the Central African CFA franc) is fairly stable, and which already has access to digital currencies via services like Orange Money.

The Bank of Central African States (BEAC) has expressed surprise at the CAR's choice, saying that they only learned about it along with the rest of the public. Two former prime ministers of the CAR co-authored a letter stating that adopting Bitcoin as legal tender without guidance from the BEAC was a "serious offence".

Scammers create fake Louis Vuitton NFT project

OpenSea page of a Louis Vuitton branded collection, showing a profile photo with a blue checkmark on the image itselfLouis Vuitton scam page (attribution)
Scammers created a project on OpenSea with Louis Vuitton branding, which invited individuals to visit an external site to mint exclusive NFTs. They placed a blue checkmark on the project profile image to try to trick people into believing the project was verified, and they were able to manipulate the floor price to make it appear at a glance as though the NFTs could be traded for tens of thousands of dollars more than they cost to mint.

The project airdropped these NFTs to NFT whales, causing some trackers used by people who follow and imitate whales' behavior to believe the whales themselves had minted the NFTs. The site then used a random counter to make it appear that the NFTs were quickly selling out, causing people to quickly mint their NFTs in fear of missing out. One NFT collector recounted her experience falling for the scam, buying five of the NFTs for a total of 0.6 ETH (~$1700) in hopes of striking it rich on a newly-launched project before it became widely known.

An examination of the website source code shows that the project is reusing code from a different scam based around World Cup themed NFTs.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.