Creators of "Turtledex", a project offering decentralized storage, make off with $2.5 million
24 hours after pre-sale, the team behind Turtledex drained $2.5 million from the liquidity pool and disappeared. Turtledex's smart contract had been audited shortly before the sale, with no major issues found, leading some to question the point of such audits.
Social token platform Roll hacked for $5.7 million
Private keys for hot wallets on the Roll network were compromised, allowing the theft of around $5.7 million from various "social tokens". "Friends With Benefits", an a16z-backed DAO with an associated token that allows those who are approved by the DAO and can afford the ~$8,000 entrance fee access to exclusive parties, was one of the tokens affected, and it tanked in value by about 96%. Roll apologized and announced a fund to help those affected, though the $500,000 fund was only a small fraction of the money lost.
A headline-making $69 million NFT sale looks an awful lot like a publicity stunt
Vignesh Sundaresan's $69 million purchase of an NFT by artist Beeple made headlines. However, Amy Castor outlined a few days later that Sundaresan is a business partner of Beeple's, and that Beeple himself owns 2% of the B20 tokens created by Sundaresan's cryptocurrency investment firm. She speculates that money may not have exchanged hands at all, but that Sundaresan and Beeple orchestrated the purchase to artificially inflate the value of the work, increase Beeple's popularity, and draw attention to Sundaresan and his company.
- "Metakovan, the mystery Beeple art buyer, and his NFT/DeFi scheme", Amy Castor
- "JPG File Sells for $69 Million, as 'NFT Mania' Gathers Pace", The New York Times
Indie Developer sells commissioned pixel art as NFTs without permission from original artists
Jason Rohrer, developer of the 2014 indie game The Castle Doctrine announced his plan to auction 155 of the digital paintings that he had commissioned for the game as NFTs on the OpenSea platform, without ever requesting permission from the original artists or informing them of his plan at all. In an email, Rohrer told Kotaku that he hadn't asked for permission from the artists to sell the works as NFTs "mostly because having email conversations with 50+ people would exceed my bandwidth as a solo creator." At least three artists asked for their work to be removed from the collection.
An NFT artist changes all images in their collection to photos of rugs to make a point about the value of NFTs
NFT artist "neitherconfirm" created a collection of 26 NFTs of stained glass-style computer-generated art. After release, they changed the art for each NFT to a picture of a rug, an apparent reference to "rug pulls". The artist wrote on Twitter, "Nobody got hurt. It is pretty easy to change the jpg, even if it does not belong to me or it is on auction. I am the artist, my decision, right? A thread from somebody making his living with art irl about the value of NFTs... All discussions about the value of NFTs are meaningless as long as the token is not inseparable from the artwork itself... What is the meaning of creating an unforgeable token on a highly secured network if somebody can alter, relink or destroy your possession? As long as the value of your artwork is reliable on a central service you do not own anything."
Hackers take $3.8 million from DODO
DeFi project DODO was relieved of $3.8 million after hackers exploited a bug in their v2 Crowdpools smart contracts. The exchange later recovered $1.89 million of these funds.
An attacker steals $3 million from the PAID Network
A contract exploit allowed a hacker to mint almost 60 million PAID tokens (priced at around $160 million based on the value before the attack) on the PAID Network. The hacker then made off with about $3 million in Ethereum from their efforts. The attack caused the PAID token to crash about 88% in value over the course of a day, from around $2.86 to $0.32.
Meerkat DeFi team briefly rug-pulls $31 million before returning the funds with an odd explanation
The team behind the Meerkat DeFi protocol claimed they had been victims of a hack, but subsequently disappeared from the web after the equivalent of $31 million in Binance Coin (BNB) and BUSD was pulled from the project. Two days later, a developer for the project wrote that the project had been a "test [of] user greed and subjectivity", and aimed to "[help] users realize the potential danger in smart contracts [and] the subjectivity in the audit processes of audit companies." The developer wrote that all victims would be refunded. Some believed that the bizarre "experiment" explanation was to cover that Binance had stepped in to address the scam.
$37.5 million stolen from C.R.E.A.M. lending platform
A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum and stablecoins in what was only the first of several major exploits of the platform in 2021.
Yearn Finance loses $11 million to a hack
An exploit in Yearn Finance's yDAI vault resulted in an $11 million loss to the platform, though "only" $2.8 million of this went to the hacker.
- "Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack", Cointelegraph
- "Yearn Finance suffers exploit, says $2.8 million stolen by attacker out of $11 million loss", The Block
- "DeFi platform Yearn moves to restore exploited 'vault' less than a week after $11 million loss", The Block
Tether pays $18.5 million in penalties; NY Attorney General alleges they don't have the cash reserves they claim
The stablecoin Tether swears up and down that it's fully backed by actual currency, but the New York Attorney General doesn't agree. Tether paid $18.5 million in penalties, was banned from trading in New York, and agreed to submit transparency reports for two years in exchange for ending the long-running legal dispute.
- "Tether, Bitfinex to pay $18.5M to NYAG, cease trading in New York", Amy Castor
- "The curious case of Tether: a complete timeline of events", Amy Castor
- "Cryptocurrency firms Tether and Bitfinex agree to pay $18.5 million fine to end New York probe ", CNBC
- Press release from the New York Attorney General
PopcornSwap rug pulls
PopcornSwap launched on BNB Chain and then immediately drained its liquidity pool, making off with tokens priced at around $2 million.
Binance stated that they had been able to freeze users' assets on the BNB Chain partway through the incident. However, as of June 2023, Binance had not taken any steps to return the frozen funds to their original owners.
Saddle Finance exploited within hours of launch
The Saddle Finance defi project, a fork of the Curve Finance project, launched on January 20. It promised it would "eliminate slippage".
The project was exploited only hours later, by attackers who stole more than 7.9 BTC (~$275,000) by taking advantage of high slippage on the platform.
- "Saddle Finance", Rekt