Scammers set up a new server at the URL previously used by Ozzy Osbourne's NFT project, stealing thousands

A brown pixel art bat with a toothy smile and a halo, on a teal backgroundCryptoBat #1783 (attribution)
Ozzy Osbourne's NFT project, CryptoBatz, changed to a slightly different Discord URL ("cryptobatz" rather than "cryptobatznft") some time after the new year. However, they forgot to take down at least one tweet mentioning the previous URL, and scammers were able to set up a new server at that location. Users were instructed to "verify", which redirected them to a phishing site where the contents of their wallets were stolen.

McDonald's steals an artist's work to present to Twitter as a proposed NFT profile picture

Screenshot of a tweet by Sarah Burssty, which has a pixel art version of the Twitter logo and says "you've come to the right place, one ponzi scheme coming up"The original tweet (attribution)
Shortly after rolling out their hexagonal NFT profile pictures, @twitter posted "gm, looking for an nft pfp". The next day, McDonald's German language communications account, @McDonaldsDENews, replied "Say no more!" with attached pixel art of the Twitter bird logo holding a McDonald's bag in its beak. After further investigation, the art was found to be nearly identical to an image from a tweet by @SarahBurssty, which ironically was created to criticize Twitter's support of NFTs.

MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"

Security researchers publicly disclosed a critical privacy vulnerability with the popular cryptocurrency wallet Metamask, where a malicious attacker can easily create an NFT and airdrop it to a victim to obtain their IP address (and thus potentially their location). Metamask founder Dan Finlay acknowledged that "this issue has been widely known for a long time", and that the researchers were "right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it."

Twitter launches special hexagonal NFT profile pictures, so now you don't even have to check a username for ".eth" to know who to avoid

Screenshot of a popup announcing Twitter's NFT support, and showing off the hexagonal profile picturesScreenshot of the Twitter NFT announcement (attribution)
Although NFTs-as-profile-pictures on Twitter is nothing new, Twitter launched a new feature in which users can connect their crypto wallets to verify that an NFT belongs to them. Such verified NFTs will display with a hexagon shape, rather than the standard circle, presumably to differentiate these users from the right-clickers.

OpenSea outage dampens Twitter feature launch, highlights centralization among popular web3 services

Popular NFT marketplace OpenSea suffered an outage that had ripple effects throughout several major services using their APIs, including the browser extension crypto wallet MetaMask. The same day, Twitter announced it was rolling out its support for NFT profile pictures, an announcement that was dampened a bit by collection pages failing to load due to the outage. The widespread effects of the outage highlighted points by many web3 critics, that the ecosystem is hardly as decentralized in practice as it claims to be.

Kingfund Finance rug pulls for $141,000

Kingfund Finance suddenly drained more than 300 WBNB (about $141,000) from their project. This happened a few days after users began to report being blocked by the project's Twitter account and kicked from its Telegram channel for reporting issues with unavailable funds, apparently an attempt to buy time as they prepared for their exit. Around the time of the rug pull, they took their Twitter and website offline.

Cryptocurrency exchange Multichain publicly announces a vulnerability, and is quickly hacked by attackers using it

Multichain publicly announced a vulnerability that was affecting their tokens, without first notifying users to ask them to remove vulnerable funds. Several hackers quickly exploited the vulnerability, stealing around $3 million from the platform. Security researchers described the saga as "the worst way to treat a vulnerability".

Mastercard spins a partnership with Coinbase as addressing "accessibility" and "inclusivity"

Apparently the real issue with crypto grifts all along has been that it's just too dang hard to put your money into them. Mastercard has shown up to fix that, announcing a new partnership with Coinbase to allow Mastercard holders to buy NFTs on Coinbase's upcoming NFT platform with credit. With just a jaw-dropping attempt at spin, Mastercard wrote in their announcement tweet, "We're working to make NFTs more accessible because we believe tech should be inclusive."

Once popular play-to-earn game BNB Heroes rug pulls after a period of inactivity from the team

Chart showing the value of the BNB Heroes token suddenly droppingBNBHeroToken value (attribution)
The BNB Heroes play-to-earn game apparently rug pulled after a period of inactivity from the development team. The developer drained almost $200,000 from the token pool, plummeting the token value by 65%.

Creator of "MetaBirkins" NFTs writes that he "won't be intimidated" by a trademark lawsuit from Hermès

A rendering of a fuzzy Birkin-styled bag with rainbow-colored abstract flowers on a black background. The bag is sitting on a white museum pedestal.MetaBirkin (attribution)
Mason Rothschild, the creator of "MetaBirkins" NFTs, was the target of a trademark lawsuit by Birkin bag-maker Hermès. The lawsuit came after he ignored a cease and desist from the company over his his 3D renderings depicting and named after the distinctive bags. In a public statement replying to the lawsuit, Rothschild wrote that "I am not creating or selling fake Birkin bags. I've made art works that depict imaginary, fur-covered Birkin bags... I have the right also to use the term 'MetaBirkins' to describe truthfully what that art depicts, and to comment artistically on those bags and on the Birkin brand." So far, the NFT collection has enjoyed about $1.2 million in trading.

I, for one, am very curious to see how the litigation plays out. In the meantime, the Rarible landing page for the connection displays an error message stating, "This user or item has been temporarily blocked from public access".

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.