Trader loses $510,000 trying to convert funds between two currencies

Reddit post titled "Did I just lose half a million dollars by sending WETH to WETH's contract address?" Text: "Please tell me that I didn't :(

https://etherscan.io/tx/0x96a7155b44b77c173e7c534ae1ceca536ba2ce534012ff844cf8c1737bc54921

Edit: Full story. Sent ETH to WETH contract and got WETH back (after some googling I found this is how the contract works). Assumed it works the same way backwards and sent WETH back to the contract. No ETH back. Apparently you have to use a frontend to get the ETH back. ETH lost forever."Reddit post by the trader (attribution)
A trader learned that, in order to exchange Ethereum tokens (ETH) for Wrapped Ethereum (WETH), they should send their ETH to the WETH token contract and receive the WETH in return. Intending to convert WETH back into ETH, they erroneously assumed that it "works the same way backwards". The trader sent 195 WETH ($510,000) to the WETH contract only to find they received no ETH in return, and their money was lost forever.

Transaction history on Etherscan shows they were the 265th person to make this mistake. Most people did so with far smaller amounts of WETH, although another unfortunate trader lost 115 WETH (at the time valued at $360,000) on August 11, 2021. A total of 432 WETH has been irretrievably lost to this contract this way since July 2018 — currently valued at $1.1 million.

Fake Bored Ape project pulls in $17,500 following high-profile endorsement of Bored Apes

OpenSea collection called "Bored Ape Original" using the same icon and header image as the real account. Description says "BAYC is a collection of 10,000 Bored Ape NFTs. Certified by opensea"Fake Bored Ape collection (attribution)
After Paris Hilton and Jimmy Fallon engaged in a frankly bizarre discussion of their beloved Bored Apes on The Tonight Show, a fake projects imitating the Bored Ape Yacht Club began popping up on OpenSea. OpenSea shut down several projects of this type, which each brought in several hundred dollars an hour. One such project was left up for two weeks, duping investors out of nearly $65,000.

Lazy Lion Ape Club rug pulls for 50 ETH ($125,000)

An ape face with a purple and turquoise lion mane, wearing a fedora styl hat and a wide collared shirt. It's grimacing and bubbles are coming out of its ears.LLAC #33 (attribution)
Lazy Lion Ape Club, an NFT project in somewhat resembling the mega-popular Bored Apes, listed their NFTs on OpenSea on January 26. In addition to the NFTs, the project promised to generate passive income for its holders, as well as give them 3D models of their ape/lions to be used in the metaverse. The project leaders managed to generate 50 ETH (about $125,000) in sales before emptying the project of its funds and deleting their website and social media accounts.

Khan Academy charity auction ends in blatant wash trade, and Khan Academy removing several former employees from alumni Slack channel for raising concerns

An illustration of two people looking at a hologram of a sphere"Inspiring Teacher" NFT auction piece (attribution)
Khan Academy, an otherwise excellent non-profit offering online educational tools, announced they would be participating in an NFT charity auction on January 19. The auction featured an NFT playing card by Parallel, a sci-fi card game that requires players to buy packs of cards (NFTs) to play. Like so many blockchain gaming projects, it appears that the actual gameplay doesn't exist yet — somehow that required a $500 million funding round first.

The auction ended on January 21, with a winning bid of 77 ETH (nearly $200,000) from ParagonsDAO, plus the promise of another 34 ETH ($87,000) donation from the DAO to Khan Academy. However, ParagonsDAO is a DAO created specifically to "play a key role in Parallel's governance" and "support the creation of an ecosystem for Parallel to thrive". Former Khan Academy employee S. M. Lundberg raised their concerns about the wash trading, and "KA elevat[ing] Parallel on its own channels to a largely underage and under-resourced user base" in the Khan Academy Slack, and was removed from the channel by Khan Academy founder Sal Khan. At least three other former employees were removed from the channel for criticizing the decision to engage with the NFT project, as was an additional person who protested the removal of those raising concerns.

Although the auction ended with more than $250,000 going to Khan Academy, it is likely that Parallel got the better deal here — Khan Academy is an enormous name to have promoting one's project. Sal Khan actively hyped the project in various spaces, including in an appearance on CNBC's Squawk Box.

87% of trades on LooksRare NFT platform reported to be wash trades

LooksRare, a new NFT marketplace that launched on January 10, has boasted enormous trading volume since day one. It's no secret that wash trading — that is, a user "selling" an NFT to another wallet they also control — is rife on LooksRare. The platform offers token rewards to any users who buy or sell NFTs, which serves to incentivize wash trades, and has taken no action to disincentivize it — in fact, the platform has retweeted another person who described the incentive system (and the wash trading it generates) as "genius". A new report by NFT analytics company CryptoSlam has put some numbers to the scale of wash trading on the platform: $8.3 billion of the platform's $9.5 billion in trading volume to date (about 87%) appears to be from wash trades.

Wash trading is also a widespread tactic in the NFT space to artificially inflate the "value" of an NFT. Because it's relatively easy to create a pseudonymous cryptocurrency wallet, users will "sell" NFTs to themselves for large amounts to create the appearance of higher demand, and to try to convince other would-be buyers that the NFT is more valuable.

After OpenSea begins reimbursing users who lost money due to listings they didn't realize were still available, user "opensee_​will_​refund_​ask_​them" and others continue to exploit the widespread problem

An OpenSea profile named "opensee_will_refund_ask_them"OpenSea account exploiting the issue (attribution)
OpenSea began reimbursing users who lost money earlier this month through what some have described as a bug with the platform, but which others argue is just a misunderstanding on the users' end. People were able to buy NFTs that had previously been listed at much lower prices, even though those listings didn't appear active to the seller anymore, if the seller had failed to properly remove the listing. The buyers were then able to flip the NFTs for massive profits, and OpenSea ended up reimbursing users to the tune of about $1.8 million. However, there are still many NFTs vulnerable to this, and people taking advantage of it, including one user who named their account "opensee_​will_​refund_​ask_​them".

Padawan DAO loses half its treasury through risky money management

Padawan DAO is a project that aims to provide funding to students under 25 to attend blockchain-related events. In early January, the DAO decided to essentially gamble with project funds on the price of Ethereum staying high: they placed the treasury's $150,000 into a collateralized debt position (CDP) for a decentralized stablecoin called DAI. As the crypto market entered a dip, the project's position went underwater and the protocol had to sell 53 ETH ($117,000) to keep the DAI fully backed. The project had been counting on Ethereum not taking a tumble below $2,200, as it did on January 27, which would have allowed them to keep their 53 ETH and cash out their DAI. Since this didn't happen, the project found itself with their budget halved.

OpenSea announces limits on free NFT minting, then reverses the decision the same day, after revealing that more than 80% of the items created through the feature were plagiarized, fake collections, or spam

On January 27, OpenSea announced a limit of five collections and 50 items per collection, after discovering that "over 80% of the items created with [their free minting tool] tool were plagiarized works, fake collections, and spam". The decision came without warning to creators, some of whom were in the process of minting items for collections that had already promised more than 50 items, and suddenly unable to complete the collections. Later that day, OpenSea announced that they had reversed the decision, saying they "should have previewed this with you before rolling it out".

Attacker exploits a bug in Qubit Finance allowing them to mint unlimited collateral and drain the platform of $80 million

An attacker exploited a bug in Qubit Finance, a decentralized lending platform. The bug allowed them to call the "deposit" function without actually depositing any funds. This enabled the attacker to mint 77,162 xETH collateral, which they exchanged for BNB worth nearly $80 million. The platform has said they have tried to contact the exploiter to offer the "maximum bounty", which is apparently $250,000. Tempting, I'm sure.

People begin creating IP-harvesting NFTs to highlight the vulnerabilities in marketplaces and wallets

IP gathering NFT titled "Random 1". The image data shows text reading: "Latest IP logged: 108.62.52.135 Total visitors logged: 12643"IP gathering NFT on OpenSea (attribution)
MetaMask acknowledged a week ago that they'd failed to address an IP leakage "issue has been widely known for a long time". The issue is present in many NFT marketplaces and wallets, including both MetaMask and OpenSea, and presents potential privacy concerns for anonymous collectors or anyone concerned about potentially having their IP (and as a result, often geolocation information) exposed to any NFT creator. Some researchers and engineers have begun creating NFT projects that gather IPs and display them back to the viewers, as a way to highlight the vulnerability.

This is as good a time as any to remind you to use a VPN! Mullvad is a particularly good pick (#NotAnAd).

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.