Various commenters replied to Beeple's tweet to say they'd been scammed, and to ask if he could help them recover their funds or NFTs. Some blamed him and his poor security practices for their losses, asking if he would repay those who were scammed. He has not suggested he intends to do so.
Beeple's Twitter account is hacked and used to promote fake NFT mints
Attackers gained control of the Twitter account belonging to Beeple, an artist known for "selling" an NFT for $69 million in March 2021 and for his recent horror-inducing NFT collab with Madonna. They used the account to share two scam mint links—first to a supposed NFT collaboration with Louis Vuitton, then to "extra" artwork Beeple supposedly created but never minted as NFTs. The scam drew in around $272,000 in ETH and stole 45 NFTs worth approximately $166,000 before Beeple regained control of his Twitter account about five hours later.
"Quantum-resistant" blockchain QAN suffers bridge attack
The $QANX token for the QAN project suddenly plummeted in value as an attacker stole at least 325 ETH ($635,000) from the project. In a video posted to Twitter, the project CEO stated that it was "definitely a bridge issue", and that they'd shut down the project's bridge. They also said they had contacted exchanges to freeze the wallets that had been involved in the "issue".
QAN describes itself as a blockchain that helps "resist quantum attacks", though apparently not the types of bridge attacks that have become fairly common in the past year or so.
"Feminist Metaverse" token exploited for $533,000
The "Feminist Metaverse" ($FM) token suddenly plunged in value by 99.7% after an attacker stole 1,838 BNB ($533,000). The hacker quickly transferred the stolen funds to the Tornado Cash tumbler to help hide their tracks.
The project advertised on its website its plans to "Create Feminist economics in the form of a DAO to balance the male-dominated world." The project's whitepaper explains how the metaverse will apparently "greatly reduce the impacts on women’s normal work and inequality in wages brought by their physiological differences and pregnancy. As a consequence, it helps eliminating a number of unresolved problems in the real world like gender discrimination, inequality in wages, sexual harassments, sexual assaults, trafficking of women and child marriage." It's not clear what specifically the "Feminist Metaverse" project was hoping to achieve.
Fake minting links distributed after several large NFT Discord servers are compromised
Members of several large NFT Discord servers began seeing suspicious-looking messages announcing supposed NFT mints that turned out to be fakes. Affected communities appeared to include Moonbirds/PROOF, Axie Infinity, RTFKT, Memeland, Alien Frens, and others. The attack appeared to involve a Discord bot called MEE6, though there was some confusion around whether there was a compromise of MEE6 itself or if it was simply used in the attack. The following day, MEE6 acknowledged that an employee account had been compromised.
Bot compromises have emerged as a wide attack vector in crypto and web3 communities, as widely-used bots can have elevated permissions across Discord channels used as official information sources across many communities.
Four pricey NFTs stolen from actor Seth Green
Actor Seth Green tweeted that he had been targeted with a phishing attack that resulted in the theft of four pricey NFTs: a Bored Ape, two Mutant Apes, and a Doodle. The thief quickly flipped three of the four NFTs for sale, netting 145.5 ETH (about $300,000).
The theft occurred on May 8, though Green only seemed to notice on May 17 when he tweeted, "Well frens it happened to me. Got phished and had 4NFT stolen. @BoredApeYC @opensea @doodles @yugalabs please don’t buy or trade these while I work to resolve".
Flash loan attacks on "Feed Every Gorilla" token take $1.9 million
A flash loan attack on the "Feed Every Gorilla" (FEG) token swap contracts pulled $1.3 million from the project, also tanking the token price by 80%. The project operates on both the Ethereum and BSC chains, and the attacker was able to use the exploit against the contracts on both networks. Shortly after the first attack, FEG was hit with a second flash loan attack that drained another $590,000 from the project.
Prior to these attacks, FEG had earned some notoriety from a May 2021 Vanity Fair article outlining an alleged pump-and-dump scheme, titled "Inside the Rise and Fall (and Rise and Fall) of Shit Coins". Despite the bad press, much of the FEG community maintained that the article was a smear and nothing more than an attempt by the author to create FUD. "You could literally take every token and this would apply to everyone..." wrote a moderator of the official FEG subreddit.
SpiritSwap is the latest victim of a domain hijacking attack
In what is beginning to become a pattern, SpiritSwap was the latest project where attackers gained control of their domain and were able to modify the frontend to divert funds to a wallet under their own control. SpiritSwap tweeted that the "the hacker has managed to exploit Godaddy" (unlikely—it was more likely a case of stolen credentials) and swap out the recipient address.
The hacker only managed to exfiltrate around $18,000 before being discovered, and SpiritSwap shut down their swapping through their router to prevent the attack from continuing.
MM.Finance suffered a similar attack earlier in the month, losing $2 million after an attacker gained control of the domain and swapped in their own address to siphon funds.
Phishing attack targets users of sites including Etherscan and CoinGecko
Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse were showing users a pop-up prompting them to connect their MetaMask wallets. CoinGecko founder Bobby Ong stated that he believed the culprit was a malicious advertising script from a crypto ad network called Coinzilla. The advertisement appeared to be from a site mimicking the popular Bored Apes Yacht Club NFT project, which was taken down after the scam was discovered. It's as yet unclear how many users accepted the prompt, or what malicious actions (if any) were taken.
Unexpected oracle data in the wake of Terra blockchain halt enables multiple attacks on other platforms
Earlier today, Terra halted their blockchain after a devastating few days. Subsequently, Chainlink's oracle paused the price feed, causing it to fall out of sync with the apparent market price of the token. This enabled multiple attacks on various platforms.
$13.5 million was fraudulently borrowed from the Venus protocol on BSC. Blizz Finance on Avalanche reported their protocol had been entirely drained, amounting to around $8.3 million. Blizz subsequently announced in a post-mortem that "Blizz has no treasury or development fund and a significant portion of the stolen assets belonged to our team. As such we regret to announce the protocol has been paused and we do not intend to resume operations."
Attacker steals $3 million from Fortress Protocol
An attacker was able to steal 1,048 ETH (~$2.65 million) and 400,000 DAI from the Fortress Protocol borrowing and lending platform in what appears to have been an oracle manipulation attack. The attacker quickly moved their ~$3 million in stolen funds to the Tornado Cash cryptocurrency tumbler to obscure their tracks.
The exploit caused the $FTS token to drop 42%. The creators of Fortress urged people not to supply any assets to the pool as the attack was ongoing, and tweeted "we need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds!"