An attempted governance attack aims to defraud 25 million MIR (about $64.2 million) from Terra's Mirror protocol

A slew of polls, titled "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Freeze the community pool in case of scam", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", "Reduce mDOT to .01 and redistribute to newly voted mAssets", "poll 205 is right ! vote yes !"Polls on the Mirror governance page (attribution)
A scammer created a public poll on Mirror's official website, proposing to "Freeze the community pool in case of scam". However, if the poll passed, it would send 25 MIR to the poll creator. Because of the design of the poll system, Mirror can't remove the poll, and so has attempted to inform its community of the potential scam by creating a different poll, as well as tweeting about it. The governance platform shows a slew of polls, including, "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", and "poll 205 is right ! vote yes !"

Steve Bannon touts a "Fuck Joe Biden" coin that looks designed to scam investors

An illustration of an eagle wearing American flag print sunglasses that say "FJB" on each lensFJB coin illustration (attribution)
Around the holidays, Steve Bannon started touting a "Fuck Joe Biden" ($FJB) coin (formerly known as the "Let's Go Brandon" coin, and not to be confused with the other Let's Go Brandon coin) on his podcast. He and his partners have touted investing in the currency as a way to somehow "let your feelings, your primal disapproval, your primal disgust with Biden be heard" (and certainly not just a way to pad Bannon's own pockets). Reviewers inspecting the coin's contracts observed some unusual features, including provisions that allow the currency's operators to manually lock an individual's token balance so they can't sell (how decentralized!), though this of course does not apply to the operators themselves. One reviewer observed how this could easily be exploited for rug pull purposes, if the operators locked token holders from selling as they sold off their own coins, allowing them to get out before others started selling off too.

NFT collector scammed out of Bored Ape NFT: "This was my kids college. My mortgage."

A Bored Ape on a yellow-orange background wearing a captain's hat and sunglasses, with a neutral expression.Bored Ape #8038 (attribution)
An NFT collector lost his Bored Ape NFT to a scammer impersonating the well-known NFT collector Jeffrey Huang, aka "Machi Big Brother". The real Huang did eventually buy the NFT off the scammer for 77 ETH (about $290,000) and agreed to sell it back to its original owner for that price. Although the original owner tweeted on December 30 that they were "trying to launch a project that will help me raise funds to buy back my ape that was stolen", the following day they seemed disillusioned with the whole space. They wrote, "Been trying to put on a good face since I lost my ape but I gotta be honest. This was my kids college. My mortgage. Just absolute shit that some of you out there think it's okay that I got ripped off. Fuck you if you think theft is okay because I wasn't 'smart' enough. I got news for you tool boxes. This space is going to zero and regulators are coming hard because the lay person isn't coming with the attitude of a lot of you. No one is coming to a space where they aren't sure there investments are safe. Good luck in the meta".

Open source contributors and advocates are surprised to find photographs of themselves being sold as NFTs

A black-and-white promo card for the project, with text that reads 'White label; 120+ unique portraits; first NFT offering!; limited edition; collect them all!; $99 each (initial price)' The image features three NFTs, of Kelsey Hightower, Yan Zhu, and Bill Joy."Faces of Open Source" promotional image (attribution)
Some prominent open source advocates and contributors were surprised to find that their likenesses were turned into NFTs by an artist who photographed them in 2018. Kris Nóva tweeted, "What would you do if you woke up and found out somebody made an NFT of you? Because that just happened to me and a lot of other open source contributors and thought leaders." She later wrote that the photographer "ended up reaching out, his heart is totally in the right place." However, it still seems pretty gross to me that the NFT creator didn't check with the subjects before using their likenesses in the NFT project, and that he prominently featured Kelsey Hightower, an outspoken critic of web3 who I suspect would not approve of his image being used in such a way, in the branding for the project.

Funko Pop launches Bob Ross NFTs in apparent disregard of Ross's wishes

A digital rendering of a Bob Ross Funko Pop, sitting in a paint canBob Ross NFT (attribution)
Because apparently the vinyl figurines known as Funko Pops aren't a sufficiently useless collectible, Funko decided to get in on the NFT craze by releasing a Bob Ross "Digital Pop". Ross made major changes to his will just before his death to try to prevent people from merchandising his legacy, and many fans were outraged by the NFT project, which they believe is exactly the sort of thing he was trying to prevent from happening.

Visor Finance is hacked for about $8.2 million

A reentrancy exploit in the Ethereum-based Visor Finance DeFi protocol allowed hackers to pull 8.8 million VISR tokens out of the network, equivalent to about $8.2 million. The VISR token went from trading at around $0.93 to around $0.04, losing more than 95% of its value. The Visor team subsequently announced that they would perform a token migration to compensate affected users. Visor has suffered other hacks since its launch earlier in 2021, despite having undergone several audits.

Another Discord scam earns its perpetrators about $150,000

Another Discord scam netted its perpetrators around 800 SOL, or about $150,000, from 373 individuals. The scammer posted a fake minting link in the official Discord of Fractal, the upcoming NFT and blockchain gaming marketplace co-founded by Twitch co-founder Justin Kan. Fractal said it would be compensating all who fell for the scam. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target members of the Monkey Kingdom NFT collection Discord that same day.

Traders hoping to get in on the "Monkey Kingdom" NFT collection are duped by a scam link in the project's official Discord

A pixel-art monkey on a light yellow background. It is wearing a red turtleneck sweater and Santa hatOne of the Monkey Kingdom NFTs (attribution)
An NFT trader hoping to get in on the "Monkey Kingdom" NFT collection was duped by a scam link in the project's official Discord channel, and sent 650 SOL (about $116,000) to a scammer. "It is important money to my family: my wife, my son", the victim wrote on Twitter. Another person replied to the tweet to say they too had been duped by the Discord scammer, to the tune of about 19.5 SOL (about $3,500). In total, the phishing link netted the attacker about $1.3 million. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target users of the Fractal project's Discord that same day.

Either a rug pull or a hack drains at least $1.8 million from Bent Finance

Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance project's own deployer. Because of this, some speculated that it may have been a rug pull. Bent said in a statement, "There are multiple members on this team and we will make this right. We recommend you withdraw all funds until it is clear." The platform hasn't revealed how much money was lost, though a crypto fraud investigator wrote that 440 ETH (equivalent to about $1.8 million) appeared to have been funneled out of the platform. The attack was discovered on December 20, but appeared to have been ongoing since at least December 12, and possibly longer.

Dozens of users report money disappearing from their El Salvadoran Chivo Wallet accounts

Tweet by @designnvt: "@chivowallet Van hacer algo o no ya es demasiado que clase de suporte tienen, son $16000 que ha sacado su sistema sin autorización, ya es demasiado tendré que llamar a una radio o televisión para que lo publiquen si no dan una respuesta." There is a screenshot of about a dozen transactions, each around $800One of the tweets reporting apparent theft (attribution)
A Twitter thread showed dozens of people reporting amounts from hundreds to tens of thousands of dollars disappearing from their Chivo Wallets, the Bitcoin wallet backed by El Salvadoran President Nayib Bukele. El Salvador adopted Bitcoin as legal tender in September of this year, where it is used alongside the U.S. dollar.

Grim Finance is exploited for $30 million

Grim Finance, the "compounding yield optimizer" DeFi platform, was hacked. According to them, attackers exploited a bug in the platform to perform a reentrancy attack that netted them $30 million. Grim, indeed. A cryptocurrency watchdog group, RugDoc, opined that the exploit was possible because of very basic mistakes in implementation, and wrote, "Hopefully all projects can draw lessons from this incident that there is much knowledge most experienced solidity devs have at hand. If you haven't acquired this yet, don't build multi-million dollar projects. Don't get audits from companies which everyone knows are useless." This was apparently a dig at Solidity Finance, who had performed an audit several months prior to the hack and found that "ReentrancyGuard is used in relevant locations to preent[sic] reentrancy attacks."

Adidas learns the hard way that limiting the number of NFTs one person can buy is hard

Adidas NFT, a monkey wearing a tracksuitAdidas NFT (attribution)
Anticipating that buyers would try to hoard items from a big-name NFT drop, Adidas decided to try to limit their NFT drop to two per buyer. They apparently didn't realize that there is no guarantee that one address = one individual, and a crafty blockchain engineer created a smart contract that generated additional smart contracts, each with their own address. These contracts snapped up NFTs, then transferred them to the engineer's primary wallet and self-destructed. The engineer was able to snag 330 NFTs.

Prominent comics artist says continuous theft of his work for use as NFTs may force him to close his DeviantArt gallery

Screenshot of DeviantArt Protect, software which detects similar artwork being used off-site. In the screenshot, artwork depicting a minotaur has been directly copied with no apparent modifications and posted on an NFT marketplace.DeviantArt Protect software detecting stolen artwork (attribution)
Comics artist Liam Sharp wrote on Twitter that he would likely need to close his DeviantArt gallery, which he has maintained for fourteen years, because his artwork keeps being minted as NFTs without his permission. He wrote, "I can't - and shouldn't have to - report each one and make a case, which is consistently ignored. Sad and frustrating."

Multiple artists report OpenSea automatically closing their support tickets reporting stolen artwork; OpenSea removes ability to report

Artists going through the greuling process of reporting individual NFTs created without permission from their work reported tickets being automatically rejected. Artists were also required to provide personal information to OpenSea, who in some cases forwarded the personal information to the scammer behind the theft, opening the artist up to doxing and other harassment. Eventually, OpenSea disabled their contact form that had previously allowed artists to report stolen work.

S.T.A.L.K.E.R. 2 receives so much fan pushback on planned NFTs that the studio scraps the idea within a day

A gas-masked character from the STALKER 2 gameS.T.A.L.K.E.R. 2 artwork (attribution)
Pushback from fans led S.T.A.L.K.E.R. 2 creators to quickly reverse their decision to add NFTs to the game. The studio announced their NFT plans on December 15, which involved collectible cards, in-game items, having one's name added to walls or other scenery in the game, and even the possibility to have an NPC added to the game that resembled the NFT buyer. In subsequent updates the studio stressed that the NFTs would not be mandatory for gameplay, and later downplayed them further by saying that the NPCs they would add to the game "aren't even involved in the story". Fans were incensed, and the next day the studio scrapped "anything NFT-related" that was planned for the game.

NFT collector who owns the NFT associated with the Bored Ape artwork used in this site header would like me to stop using "their" ape

Screenshot of a Twitter conversation: "Hello Molly Hope you are doing fine I believe you are using my ape on your website without my permission. Can you please prove you own this ape as I believe there is only one looking like this and it is mine"Screenshot of the messages (attribution)
The apparent owner of Bored Ape #5262, of which this site header is a derivative work, contacted me on Twitter to say "I believe you are using my ape on your website without my permission. Can you please prove you own this ape as I believe there is only one looking like this and it is mine" in an event that truly transcended parody. While this would be hilarious even if it was a prank, the Twitter account who DMed me does appear to belong to the person holding the NFT on OpenSea.

Melania Trump announces an NFT collection which will begin with a painting of her "cobalt blue eyes"

A watercolor painting of Melania Trump's eyes and eyebrows"Melania's Vision" NFT (attribution)
Lest it be mistaken for a grift, the press release was quick to say that Mrs. Trump had promised to donate a portion of the proceeds to children leaving foster care. The NFT platform is "powered by Parler", a far-right social network. Trump intends to release multiple NFTs, and the first will have a starting price of 1 SOL (approximately $150). Solana Labs was quick to clarify that the "project is not part of any Solana-led initiative".

Tweet from a crypto miner answers the question of where all the GPUs went

A tweet from Jaxson Davidson: "Here's is look inside building 1/4 of my mining farm. Almost all 3070s in this building. My new building will be all 170hx cards. Hoping to have it finished by EOY. #ETH #RVN #Mining" It includes an embedded video of racks upon racks of GPUs.The now-deleted tweet showing racks upon racks of GPUs (attribution)
Crypto miner Jaxson Davidson posted a video showing one of four buildings in his crypto mining farm, showing racks of thousands of GPUs — GPUs that gamers and other consumer buyers are finding painfully expensive, if available for sale at all. He said the GPUs were bought "under the table", for an average price of $1,200 per unit, and is using the farm to mine Ethereum and Ravencoin. Davidson deleted his Twitter account following some pretty fierce backlash from gamers feeling the GPU shortage, as well as crypto skeptics who were shocked at the display of energy expenditure.

Another typing error proves costly to an NFT collector

A cartoon character in all pastels. Background is orange, the character has green hair, blue skin, and a white sweater and hoop earringDoodle #1961 (attribution)
A misplaced decimal point caused an NFT trader to sell their "beloved" Doodle NFT for 0.37 ETH (about $1,500) instead of their intended 3.7 ETH (about $15,000). The trader tried begging on Twitter to buy back the NFT, then to get back "maybe the ETH i lost.. minus all royalties and such..". Two days later they posted, "well, i don't think i'll ever get back what i lost.. had to take a break yesterday to not go crazy over this. 3.7 ETH is a lot of money to lose for me." This happened two days after a different trader made a similar, $300,000 mistake.

Laurent Correia rug pulls $960,000 with his abandoned "Billionaire Dogs" NFT project

Laurent Correia, a French influencer and the creator of "Billionaire Tips" sports betting app, launched an NFT project called "Billionaire Dogs" in December. Promising perks including large cash giveaways and rare NFTs that would also grant luxury cars to their owners, the project launched on December 12. Buyers were invited to purchase NFTs for 0.1 ETH (~$400) in the presale, or 0.2 ETH (~$800) in the public sale.

The project had an underwhelming reception, and the team quickly decided to reduce the supply of available NFTs from 6,500 to 2,000. Two days after launch, the funds were transferred out of the project wallet and to various addresses, including $400,000 which went to Correia. The project also deleted their website, Discord, and Twitter account that week.

Correia, for his part, has continued to post on his "Laurent BILLIONAIRE" Instagram account, where he shows off his private jet and tropical vacations with no mention of the Billionaire Dogs Club. His "NFT" Instagram story shows his pricey NFT purchases beginning on January 14.

A hacker racks up a $45,000 AWS bill for their victim, only to generate $800 worth of Monero

A tweet from Jonny Platt (@jonnyplatt): "Excited to announce I just received my Christmas present from @awscloud! Horrified to see it's $45,000 in charges due to some scammer hacking my account + mining Crypto for the last few weeks Had no sleep last night. It's now 23 hrs since my support ticket & no reply."Tweet by the owner of the hacked AWS account (attribution)
A hacker gained access to someone's Amazon Web Services account and used it to spin up servers to run Monero miners, ultimately netting 6 Monero (XMR) worth a total of about $800 over the couple of weeks they were running. All this work, however, cost the hacked individual about $45,000 in AWS fees, providing a particularly salient example of why people don't typically use AWS to mine crypto. Fortunately, Amazon waived the bill for the owner of the compromised account.

Bug in major cryptocurrency trackers shows wildly inaccurate data

A graph of Bitcoin price showing an enormous, brief spikeBitcoin price on CoinMarketCap (attribution)
Some people were briefly elated or devastated when they looked at Coinbase or CoinMarketCap, both major cryptocurrency trackers. A glitch caused some cryptocurrency investments to appear to have surged in value by millions or billions of percentage points; others saw their investments appear to tank to nearly nothing. Some DeFi projects relying on data from Coinbase halted trading, and erroneous data from the glitch persisted into the following day. CoinMarketCap made light of the glitch on Twitter, writing, "How did it feel to be a trillionaire for a couple hours? 😂" Hopefully no one quit their job based on their mistaken windfall! At least one person speculated that bots relying on APIs from these services may have traded on the "market movement", and one project relying on their data reported losing around €300,000 (about $340,000) due to the relative value of their assets being inaccurate.

Fans are outraged when the Twitter account of now-deceased Stan Lee shills an NFT

An illustration of Stan Lee wearing a blue superhero costume and sunglassesOne of the NFTs (attribution)
Stan Lee fans were outraged when the Twitter account belonging to Lee, who died in 2018, posted a message to promote an upcoming NFT based on one of his characters. Fans fairly universally felt this was disrespectful to Lee's legacy and contrary to the values he'd held through his career.

Artist Loish searches her name on OpenSea and finds 132 NFTs created from her artwork without permission

Digital artist Loish discovered more than one hundred instances where people had created NFTs from her art without her permission, and had to spend hours reporting each individual NFT as copyright violations. She wrote on Twitter, "NFTs are supposedly about authenticity but these platforms (that's you, @opensea) do less than the bare minimum when it comes to making sure that the images are being uploaded by their ORIGINAL CREATORS."

A collection of NFTs seeks to profit off the murder of George Floyd, with no apparent connection to or approval from his family

Someone released a collection of poorly-made pixel art NFTs depicting the late George Floyd, whose murder by a police officer in May 2020 set off protests around the world. There was no apparent link to his family or any social justice charity; this was just a scam to make money off of the memory of a murder victim. One entry in the collection depicted Floyd as a police officer; another styled him as a Despicable Me minion. "To the people who think I'm super-racist, I would say I'm just an opportunist", said the creator.

Vulcan Forged users lose a collective $135 million in hack

Stolen private keys from the blockchain gaming platform Vulcan Forged enabled attackers to siphon funds out of just shy of 100 user wallets. Rather than users managing their own private keys, this is done by the platform, suggesting the issue was not user error. The project says it plans to reimburse users.

The Seattle Kraken NHL team, whose home stadium is named the Climate Pledge Arena, raise eyebrows with an NFT release

The Seattle Kraken announced that they would be releasing a set of NFTs. Although several sports groups have released NFTs, people were particularly surprised to see it coming from a team that is known for its environmental advocacy. Though the NFT release will be on a proof-of-stake blockchain that claims to be net-zero emissions (Avalanche), many were up in arms about the team engaging in something that they see as antithetical to environmentalism.

Typing error costs NFT trader nearly $300,000

An illustration of a robotic ape with Xs for eyes, over a teal backgroundBored Ape #3547 (attribution)
An NFT trader made a typing error when entering a listing price, accidentally listing his Bored Ape NFT for 0.75 ETH (about $3,000) instead of 75 ETH (about $300,000). The NFT was instantly bought by a bot account. The BBC writes, "In traditional banking transactions, such errors are usually reversed easily if the bank facilitating them is told about the mistake quickly. But in the unregulated crypto-trading market, there is usually no way to reverse such a sale."

Fable creator Peter Molyneux announces an NFT game where you run a company town

Peter Molyneux announced a new game, Legacy, a business management simulator (fun!) where you join by buying an NFT called "Land", and compete to increase your "LegacyCoin" bank account balance. The company in the game effectively is running a company town, a real-world model with a history that is far more fraught than Molyneux acknowledges in his Verge interview.

Cryptocurrency exchange Ascendex hacked for $77 million

Ascendex lost $77 million in a hack targeting hot wallets. The platform said it would reimburse customers for all of their lost funds.

McDonalds NFT project overshadowed by a possible link to a racial slur

A digital rendering of a gold-chromed card with a picture of a McDonald's McRib on itMcRib NFT announcement (attribution)
McDonalds tried to make a splash with a McRib-themed NFT project, but that was quickly outshined by the discovery that an early transaction to the Ethereum address associated with the collection contained a racial slur.

Crowdfunding website Kickstarter announces it will abandon its current platform in favor of a blockchain implementation

Kickstarter announced they have decided to create a decentralized version of their platform, and to create it on the Celo blockchain. This was not entirely well-received, and some major users strongly opposed the idea. Per Gizmodo, "How this will actually work, beyond Kickstarter being able to yell 'blockchain' like a spell to summon investors or maybe getting a cut of every project that runs on the resulting protocol, is unclear."

A "decentralized exchange", dYdX, is taken down in an AWS outage

During a widespread AWS outage, supposedly-decentralized DeFi platform dYdX went down. dYdX is an Ethereum exchange that touts itself as the "world's leading decentralized exchange", and indeed it is estimated to be the fourth largest exchange. Whether it's decentralized or not, however, is much more in question following the outage. Other major platforms (that are more known to run on centralized infrastructure) such as Binance and Coinbase were also affected by the AWS blip.

Ubisoft announces it will be shoehorning NFTs into its Tom Clancy game

A monochrome, dark grey helmet modelUbisoft "Wolf Enhanced Helmet A" NFT (attribution)
Ubisoft announced that it would be adding NFTs to its Tom Clancy's Ghost Recon Breakpoint title, allowing players to buy "Digits": artificially scarce in-game weapons, vehicles, and cosmetics. The announcement video on YouTube sported a 96% dislike ratio shortly after, with the top comment accusing Ubisoft of "milking the Ghost Recon franchise for literally every cent while putting in minimal effort into the actual game itself". Many Ubisoft developers were also caught off guard: some were worried they would be forced to include NFTs in other game titles they were working on, while others raised environmental concerns that come with Ethereum NFTs. The project had a very underwhelming reception — two weeks after its launch, they had sold only fifteen of the more than 2,000 NFTs, for a total of around $400.

8ight Finance completely drained after private key leak

A compromised private key allowed an attacker to remove all funds from 8ight Finance's treasury, amounting to about $1.75 million. The team admitted to sending the key through Facebook chat and Google Drive, writing, "This is our first project, so we must admit our opsec [operational security] was low."

WildWorks angers its fans by announcing it will be moving into crypto gaming

A 3D fairy creature with a bowl of ramen on its headOne of the "Cinder Fae" "playable NFTs" (attribution)
WildWorks, a game company with a reputation for eco-friendliness, angered many of its fans when it announced it would be reusing the technology and assets from its partially-finished title Feral for a new metaverse game called Cinder. Some fans were upset to hear that the developers were apparently leaving Feral unfinished; many were angry about the developers' choice to embrace NFTs and crypto gaming — particularly after the company itself had decried the technology's impact on the environment, but also because of concerns about the unethical nature of many projects in the web3 space. Attempts to reassure fans with the fact that they will be using the Solana proof-of-stake blockchain, and purchasing carbon offsets, apparently did little to mollify fans, some of whom began cancelling subscriptions.

WildWorks later split Cinder into a separate company, Cinder Studios. However, in early 2023, the studio shutdown, giving its employees no advance notice that they would soon be out of a job.

Coindesk writer Andrew Thurman says the quiet part out loud

Tweet from CoinDesk that reads, "Yes, it’s a Ponzi scheme. But who cares? So are the dollars in your pocket.  #Crypto2022" and links to an article titled "Olympus DAO Might Be the Future of Money (or It Might Be a Ponzi)"Tweet featuring the article (attribution)
Thurman began an article by writing, "Yes, it's a Ponzi scheme. But who cares? So are the dollars in your pocket." He was writing about OlympusDAO, a "decentralized finance (DeFi) protocol whose primary use case seems to be 'making people extremely angry.'"

Polygon loses $2 million to a vulnerability

Polygon lost a bit over $2 million after a hacker exploited a bug involving a lack of balance/allowance check in their MRC20 contract. Polygon had been in the process of releasing a patch for the vulnerability, which had been reported by a white-hat hacker, and released an emergency upgrade the following day. The silent, zero-warning hard fork raised some eyebrows, and Polygon didn't release details until several weeks later. Polygon ultimately paid about $3.5 million in bug bounties to two white-hat hackers who submitted reports, which was far less than the total value of Polygon's $MATIC tokens, all 9.2 billion of which (worth around $24 billion) could have been stolen by an attacker using this vulnerability.

Tether mints $3 billion in two weeks

Tether minted more than $3 billion in a two week span. This brings the total amount of USDT (which is pegged to the U.S. dollar) to 76 billion, and much of it was minted this year. If Tether actually had reserves to back this up, as they claim, they would be one of the largest banks. However, as the Financial Times reported, in March 2021 "the stablecoin that used to say it was 100 per cent backed by cash reserves is in fact... 2.9 per cent backed by cash reserves".

Hackers steal about $200 million from BitMart

BitMart, "the most trusted cryptocurrency trading platform", experienced a major breach in which attackers stole approximately $200 million of various cryptocurrencies. The CEO attributed the exploit to a stolen private key, and promised to compensate users who were impacted.

Wikipedia founder Jimmy Wales angers some in the Wikimedia community by announcing he will be auctioning off an NFT representing the first ever edit

A strawberry-colored iMac from 2000The strawberry iMac being auctioned along with the Wikipedia edit NFT (attribution)
Wales announced he would be auctioning an NFT of a website representing the first edit to Wikipedia. This was not taken well by some in the Wikimedia communities — some felt he was misusing Wikipedia to advertise a commercial opportunity for himself that benefits the Wikimedia movement in no way, others felt that NFTs and the artificial scarcity intrinsic to the idea are antithetical to the Wikimedia ideology. Wales is also auctioning off a strawberry-colored iMac (pictured) he used to work on the site, and most people seem to agree that is pretty cool. The NFT ultimately sold for $750,000; the iMac went for $187,500.

SEC charges individual with two fraudulent crypto schemes

The SEC charged Latvian citizen Ivars Auzins with investment schemes he created using fake names and businesses. He allegedly created a fraudulent ICO for a coin that would back "Denaro", what he said was a debit card-like cryptocurrency wallet, but which never actually existed nor had a partnership with a credit card issuer as he claimed. In his second scheme, Auzins allegedly offered unregistered securities of Innovamine, which promised to mine cryptocurrencies on behalf of investors and give them a payout. According to the SEC, Auzins misappropriated nearly all assets he raised through his frauds — at least $7 million.

CODEX, a decentralized publishing platform, aims to artificially constrain access to books

A platform called "CODEX" announced that they intend to "upgrade the digital book market industry to Web3". This, apparently, involves artificially limiting the number of copies of books that can be distributed, using technology that is definitely not just a worse version of DRM.

$120 million is stolen from BadgerDAO

A hacker was able to use a compromised Cloudflare API key to inject malicious code into the BadgerDAO platform via Cloudflare Workers. They then siphoned currency of various kinds, equivalent to approximately $120 million, out of user accounts over approximately two weeks before being discovered.

NFT collecter friesframe has a Bored Ape and several other valuable NFTs stolen

A cream-colored ape with a green army-style hat, an eye patch, a bandolier, and a party horn.Bored Ape #5977 (attribution)
Although friesframe had transferred some of his valuable NFTs to cold storage (a crypto wallet not connected to the Internet), he had been waiting for gas fees to come down before transferring more. In that period, his hot wallet was hacked, and a Bored Ape NFT and several others were stolen.

$31 million stolen from MonoX in smart contract bug

A hacker stole $31 million from the liquidity pool provider MonoX by exploiting a bug in their smart contract software that allowed them to exchange a token for itself and artificially inflate the price. MonoX took the classic approach of those burned by crypto issues, and tried to get the cash back by... asking nicely.

A project called "Unvaxxed Sperm" combines COVID-19 misinformation and memecoins

Developers launched a memecoin called "Unvaxxed Sperm", hoping to make a buck while also recruiting for their anti-vaccine group. The name is based on the belief that in the future, sperm (and eggs) from unvaccinated individuals will have enormous monetary value, which is based on the false belief that COVID-19 vaccines render people infertile. The group also promised to make a "pureblood" version of Tinder for the unvaccinated, and create a DAO to allow investors to crowdsource decisions on which anti-vaccine groups and individuals are worthy of their donations.

Either a rugpull or massive communication failure ends in disaster for most holders of SnowdogDAO's token

A chart of the value of SDOG, showing a huge crashSDOG value crashing after the buyback (attribution)
SnowdogDAO creators say they didn't rugpull, but that the coin plummeting over 90% was a "game-theory experiment" that went wrong. The project was intended to only last for eight days, and when the developers began the planned buyback of SDOG tokens, value crashed. The developers never made it clear to the community that only 7% of tokens could be sold above market price before the buyback, and hundreds of people lost most of their funds. Three addresses made between $3.3 and $10 million from the buyback, and many believe they belong to people who are connected to the development team. In total, about $30 million was lost.

Alleged serial scammer launches "MetaWorld" project for at least the third time

Discord message from "BenG": "I was looking closer at some of the images posted in the creators channel and you can clearly see that he photoshopped some things out of them but did a pretty bad job at it. On some of them, if you look closely, you can make out where the watermark used to be. But this one is just awful, it looks like he used content aware fill to remove the text but left the shadows behind."Discord discussion of apparently stolen assets (attribution)
Dedric Reid has repeatedly stolen art and promotional material, passing off other projects' work as his own, to promote his "MetaWorld" project — a concept he's been promising (and fundraising for) in various forms since as early as 2016. He's recently relaunched it with a web3 spin, including metaverse ideas and NFTs into its newest form, but it appears to be as much vaporware as it was five years ago. Reid has raised at least $14,000 over the years for this idea which still has no tangible result, though Engadget believes the true amount scammed is probably higher.

SEC charges individual with two unregistered securities offerings related to crypto

The SEC filed charges against Ryan Ginster related to two online platforms that he ran, MyMicroProfits.com and Social Profitmatic. He promised investors what the SEC described as "astronomical" rates of return, which he claimed were achieved through various financial activities including cryptocurrency trading. According to the SEC, Ginster misappropriated at least $1 million of the $3.6 million in Bitcoin he raised, using it to pay for his own personal expenses.