Social token platform Roll hacked for $5.7 million

Private keys for hot wallets on the Roll network were compromised, allowing the theft of around $5.7 million from various "social tokens". "Friends With Benefits", an a16z-backed DAO with an associated token that allows those who are approved by the DAO and can afford the ~$8,000 entrance fee access to exclusive parties, was one of the tokens affected, and it tanked in value by about 96%. Roll apologized and announced a fund to help those affected, though the $500,000 fund was only a small fraction of the money lost.

A headline-making $69 million NFT sale looks an awful lot like a publicity stunt

A collage of 5,000 tiny images"Everydays — The First 5000 Days" by Beeple (attribution)
Vignesh Sundaresan's $69 million purchase of an NFT by artist Beeple made headlines. However, Amy Castor outlined a few days later that Sundaresan is a business partner of Beeple's, and that Beeple himself owns 2% of the B20 tokens created by Sundaresan's cryptocurrency investment firm. She speculates that money may not have exchanged hands at all, but that Sundaresan and Beeple orchestrated the purchase to artificially inflate the value of the work, increase Beeple's popularity, and draw attention to Sundaresan and his company.

Indie Developer sells commissioned pixel art as NFTs without permission from original artists

A pixel art abstract blue and white painting, with a pixel frameTCD #71 --- Rise --- by Kyle Pulver (attribution)
Jason Rohrer, developer of the 2014 indie game The Castle Doctrine announced his plan to auction 155 of the digital paintings that he had commissioned for the game as NFTs on the OpenSea platform, without ever requesting permission from the original artists or informing them of his plan at all. In an email, Rohrer told Kotaku that he hadn't asked for permission from the artists to sell the works as NFTs "mostly because having email conversations with 50+ people would exceed my bandwidth as a solo creator." At least three artists asked for their work to be removed from the collection.

An NFT artist changes all images in their collection to photos of rugs to make a point about the value of NFTs

An OpenSea screenshot showing that all NFTs show photos of rugsNFTs after the "rug pull" (attribution)
NFT artist "neitherconfirm" created a collection of 26 NFTs of stained glass-style computer-generated art. After release, they changed the art for each NFT to a picture of a rug, an apparent reference to "rug pulls". The artist wrote on Twitter, "Nobody got hurt. It is pretty easy to change the jpg, even if it does not belong to me or it is on auction. I am the artist, my decision, right? A thread from somebody making his living with art irl about the value of NFTs... All discussions about the value of NFTs are meaningless as long as the token is not inseparable from the artwork itself... What is the meaning of creating an unforgeable token on a highly secured network if somebody can alter, relink or destroy your possession? As long as the value of your artwork is reliable on a central service you do not own anything."

Hackers take $3.8 million from DODO

DeFi project DODO was relieved of $3.8 million after hackers exploited a bug in their v2 Crowdpools smart contracts. The exchange later recovered $1.89 million of these funds.

An attacker steals $3 million from the PAID Network

A contract exploit allowed a hacker to mint almost 60 million PAID tokens (priced at around $160 million based on the value before the attack) on the PAID Network. The hacker then made off with about $3 million in Ethereum from their efforts. The attack caused the PAID token to crash about 88% in value over the course of a day, from around $2.86 to $0.32.

Meerkat DeFi team briefly rug-pulls $31 million before returning the funds with an odd explanation

The team behind the Meerkat DeFi protocol claimed they had been victims of a hack, but subsequently disappeared from the web after the equivalent of $31 million in Binance Coin (BNB) and BUSD was pulled from the project. Two days later, a developer for the project wrote that the project had been a "test [of] user greed and subjectivity", and aimed to "[help] users realize the potential danger in smart contracts [and] the subjectivity in the audit processes of audit companies." The developer wrote that all victims would be refunded. Some believed that the bizarre "experiment" explanation was to cover that Binance had stepped in to address the scam.

$37.5 million stolen from C.R.E.A.M. lending platform

A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum and stablecoins in what was only the first of several major exploits of the platform in 2021.

Yearn Finance loses $11 million to a hack

An exploit in Yearn Finance's yDAI vault resulted in an $11 million loss to the platform, though "only" $2.8 million of this went to the hacker.

Tether pays $18.5 million in penalties; NY Attorney General alleges they don't have the cash reserves they claim

The stablecoin Tether swears up and down that it's fully backed by actual currency, but the New York Attorney General doesn't agree. Tether paid $18.5 million in penalties, was banned from trading in New York, and agreed to submit transparency reports for two years in exchange for ending the long-running legal dispute.

PopcornSwap rug pulls

PopcornSwap launched on BNB Chain and then immediately drained its liquidity pool, making off with tokens priced at around $2 million.

Binance stated that they had been able to freeze users' assets on the BNB Chain partway through the incident. However, as of June 2023, Binance had not taken any steps to return the frozen funds to their original owners.

Saddle Finance exploited within hours of launch

The Saddle Finance defi project, a fork of the Curve Finance project, launched on January 20. It promised it would "eliminate slippage".

The project was exploited only hours later, by attackers who stole more than 7.9 BTC (~$275,000) by taking advantage of high slippage on the platform.