Ubisoft announces it will be shoehorning NFTs into its Tom Clancy game

A monochrome, dark grey helmet modelUbisoft "Wolf Enhanced Helmet A" NFT (attribution)
Ubisoft announced that it would be adding NFTs to its Tom Clancy's Ghost Recon Breakpoint title, allowing players to buy "Digits": artificially scarce in-game weapons, vehicles, and cosmetics. The announcement video on YouTube sported a 96% dislike ratio shortly after, with the top comment accusing Ubisoft of "milking the Ghost Recon franchise for literally every cent while putting in minimal effort into the actual game itself". Many Ubisoft developers were also caught off guard: some were worried they would be forced to include NFTs in other game titles they were working on, while others raised environmental concerns that come with Ethereum NFTs. The project had a very underwhelming reception — two weeks after its launch, they had sold only fifteen of the more than 2,000 NFTs, for a total of around $400.

8ight Finance completely drained after private key leak

A compromised private key allowed an attacker to remove all funds from 8ight Finance's treasury, amounting to about $1.75 million. The team admitted to sending the key through Facebook chat and Google Drive, writing, "This is our first project, so we must admit our opsec [operational security] was low."

WildWorks angers its fans by announcing it will be moving into crypto gaming

A 3D fairy creature with a bowl of ramen on its headOne of the "Cinder Fae" "playable NFTs" (attribution)
WildWorks, a game company with a reputation for eco-friendliness, angered many of its fans when it announced it would be reusing the technology and assets from its partially-finished title Feral for a new metaverse game called Cinder. Some fans were upset to hear that the developers were apparently leaving Feral unfinished; many were angry about the developers' choice to embrace NFTs and crypto gaming — particularly after the company itself had decried the technology's impact on the environment, but also because of concerns about the unethical nature of many projects in the web3 space. Attempts to reassure fans with the fact that they will be using the Solana proof-of-stake blockchain, and purchasing carbon offsets, apparently did little to mollify fans, some of whom began cancelling subscriptions.

WildWorks later split Cinder into a separate company, Cinder Studios. However, in early 2023, the studio shutdown, giving its employees no advance notice that they would soon be out of a job.

Coindesk writer Andrew Thurman says the quiet part out loud

Tweet from CoinDesk that reads, "Yes, it’s a Ponzi scheme. But who cares? So are the dollars in your pocket.  #Crypto2022" and links to an article titled "Olympus DAO Might Be the Future of Money (or It Might Be a Ponzi)"Tweet featuring the article (attribution)
Thurman began an article by writing, "Yes, it's a Ponzi scheme. But who cares? So are the dollars in your pocket." He was writing about OlympusDAO, a "decentralized finance (DeFi) protocol whose primary use case seems to be 'making people extremely angry.'"

Polygon loses $2 million to a vulnerability

Polygon lost a bit over $2 million after a hacker exploited a bug involving a lack of balance/allowance check in their MRC20 contract. Polygon had been in the process of releasing a patch for the vulnerability, which had been reported by a white-hat hacker, and released an emergency upgrade the following day. The silent, zero-warning hard fork raised some eyebrows, and Polygon didn't release details until several weeks later. Polygon ultimately paid about $3.5 million in bug bounties to two white-hat hackers who submitted reports, which was far less than the total value of Polygon's $MATIC tokens, all 9.2 billion of which (worth around $24 billion) could have been stolen by an attacker using this vulnerability.

Tether mints $3 billion in two weeks

Tether minted more than $3 billion in a two week span. This brings the total amount of USDT (which is pegged to the U.S. dollar) to 76 billion, and much of it was minted this year. If Tether actually had reserves to back this up, as they claim, they would be one of the largest banks. However, as the Financial Times reported, in March 2021 "the stablecoin that used to say it was 100 per cent backed by cash reserves is in fact... 2.9 per cent backed by cash reserves".

Hackers steal about $200 million from BitMart

BitMart, "the most trusted cryptocurrency trading platform", experienced a major breach in which attackers stole approximately $200 million of various cryptocurrencies. The CEO attributed the exploit to a stolen private key, and promised to compensate users who were impacted.

Wikipedia founder Jimmy Wales angers some in the Wikimedia community by announcing he will be auctioning off an NFT representing the first ever edit

A strawberry-colored iMac from 2000The strawberry iMac being auctioned along with the Wikipedia edit NFT (attribution)
Wales announced he would be auctioning an NFT of a website representing the first edit to Wikipedia. This was not taken well by some in the Wikimedia communities — some felt he was misusing Wikipedia to advertise a commercial opportunity for himself that benefits the Wikimedia movement in no way, others felt that NFTs and the artificial scarcity intrinsic to the idea are antithetical to the Wikimedia ideology. Wales is also auctioning off a strawberry-colored iMac (pictured) he used to work on the site, and most people seem to agree that is pretty cool. The NFT ultimately sold for $750,000; the iMac went for $187,500.

SEC charges individual with two fraudulent crypto schemes

The SEC charged Latvian citizen Ivars Auzins with investment schemes he created using fake names and businesses. He allegedly created a fraudulent ICO for a coin that would back "Denaro", what he said was a debit card-like cryptocurrency wallet, but which never actually existed nor had a partnership with a credit card issuer as he claimed. In his second scheme, Auzins allegedly offered unregistered securities of Innovamine, which promised to mine cryptocurrencies on behalf of investors and give them a payout. According to the SEC, Auzins misappropriated nearly all assets he raised through his frauds — at least $7 million.

CODEX, a decentralized publishing platform, aims to artificially constrain access to books

A platform called "CODEX" announced that they intend to "upgrade the digital book market industry to Web3". This, apparently, involves artificially limiting the number of copies of books that can be distributed, using technology that is definitely not just a worse version of DRM.

$120 million is stolen from BadgerDAO

A hacker was able to use a compromised Cloudflare API key to inject malicious code into the BadgerDAO platform via Cloudflare Workers. They then siphoned currency of various kinds, equivalent to approximately $120 million, out of user accounts over approximately two weeks before being discovered.

NFT collecter friesframe has a Bored Ape and several other valuable NFTs stolen

A cream-colored ape with a green army-style hat, an eye patch, a bandolier, and a party horn.Bored Ape #5977 (attribution)
Although friesframe had transferred some of his valuable NFTs to cold storage (a crypto wallet not connected to the Internet), he had been waiting for gas fees to come down before transferring more. In that period, his hot wallet was hacked, and a Bored Ape NFT and several others were stolen.

$31 million stolen from MonoX in smart contract bug

A hacker stole $31 million from the liquidity pool provider MonoX by exploiting a bug in their smart contract software that allowed them to exchange a token for itself and artificially inflate the price. MonoX took the classic approach of those burned by crypto issues, and tried to get the cash back by... asking nicely.

A project called "Unvaxxed Sperm" combines COVID-19 misinformation and memecoins

Developers launched a memecoin called "Unvaxxed Sperm", hoping to make a buck while also recruiting for their anti-vaccine group. The name is based on the belief that in the future, sperm (and eggs) from unvaccinated individuals will have enormous monetary value, which is based on the false belief that COVID-19 vaccines render people infertile. The group also promised to make a "pureblood" version of Tinder for the unvaccinated, and create a DAO to allow investors to crowdsource decisions on which anti-vaccine groups and individuals are worthy of their donations.

Either a rugpull or massive communication failure ends in disaster for most holders of SnowdogDAO's token

A chart of the value of SDOG, showing a huge crashSDOG value crashing after the buyback (attribution)
SnowdogDAO creators say they didn't rugpull, but that the coin plummeting over 90% was a "game-theory experiment" that went wrong. The project was intended to only last for eight days, and when the developers began the planned buyback of SDOG tokens, value crashed. The developers never made it clear to the community that only 7% of tokens could be sold above market price before the buyback, and hundreds of people lost most of their funds. Three addresses made between $3.3 and $10 million from the buyback, and many believe they belong to people who are connected to the development team. In total, about $30 million was lost.

Alleged serial scammer launches "MetaWorld" project for at least the third time

Discord message from "BenG": "I was looking closer at some of the images posted in the creators channel and you can clearly see that he photoshopped some things out of them but did a pretty bad job at it. On some of them, if you look closely, you can make out where the watermark used to be. But this one is just awful, it looks like he used content aware fill to remove the text but left the shadows behind."Discord discussion of apparently stolen assets (attribution)
Dedric Reid has repeatedly stolen art and promotional material, passing off other projects' work as his own, to promote his "MetaWorld" project — a concept he's been promising (and fundraising for) in various forms since as early as 2016. He's recently relaunched it with a web3 spin, including metaverse ideas and NFTs into its newest form, but it appears to be as much vaporware as it was five years ago. Reid has raised at least $14,000 over the years for this idea which still has no tangible result, though Engadget believes the true amount scammed is probably higher.

SEC charges individual with two unregistered securities offerings related to crypto

The SEC filed charges against Ryan Ginster related to two online platforms that he ran, MyMicroProfits.com and Social Profitmatic. He promised investors what the SEC described as "astronomical" rates of return, which he claimed were achieved through various financial activities including cryptocurrency trading. According to the SEC, Ginster misappropriated at least $1 million of the $3.6 million in Bitcoin he raised, using it to pay for his own personal expenses.

Senate committee demands answers from stablecoins including Tether

The U.S. Senate Committee on Banking, Housing, and Urban sent letters to various stablecoin operators including Tether, Coinbase, and Binance, asking for more details on how the companies operate, and how they mint their currencies. In the letter, senators write, "stablecoins present investor protection risks and raise several market integrity concerns". Some worry that if Tether fails, it will collapse various cryptocurrencies and potentially disrupt traditional finance.

NFT creator makes more than $7.5 million from artwork he doesn't own

A stormtrooper helmet, painted blue and intricately decorated with flowers and butterflies.One of the original Stormtrooper helmets, created by artist Unskilled Worker (attribution)
An art curator created NFTs from photographs of Stormtrooper helmet artwork, but failed to actually ask permission from the artists. The NFTs sold for a collective $7.5 million before various marketplaces removed them from trading. Several of the artists responsible for the works are reportedly considering legal action. The NFT creator, meanwhile, has posted a video of himself on social media "wearing a Stormtrooper helmet, shooting a gun in the air and bragging about making 'two mil on NFT[s]'".

Game developers are forced to recreate their entire game after a bug is discovered

Because Wolf Game put their entire source code into the blockchain, they were unable to patch an exploit once it was discovered. They had to completely recreate the game, reissuing all new tokens to players, because of the immutable nature of the blockchain. They've created a bug bounty program for any future bugs, though given their storage technique any patch would likely require a similarly extreme remedy.

A DAO raised more than $40 million to try to buy a copy of the United States Constitution, failed, and then stumbled chaotically to its end

ConstitutionDAO emerged out of a Twitter joke, but ultimately raised more than $40 million to bid on an auction for a rare first printing of the U.S. Constitution. After being outbid by a hedge fund CEO, the group refunded all donations. However, there was enormous infighting over things like the possible value of the governance token (named $PEOPLE), and enormous gas fees taking up much of the money that people were supposed to be refunded. Ultimately, the DAO closed down without a single vote being cast.

Someone mints an NFT of 100 stolen furry profile pictures and sells it for $100,000

A large Pepe the Frog dressed in a tuxedo with a tall top-hat, overlaid on a collage of furry profile pictures"Right Click Save This" NFT (attribution)
In an apparent "fuck you" to members of the furry community who have been critical of NFTs, and to those who have pointed out that you can right-click and save files that people are paying enormous amounts for pointers to, someone minted an NFT titled "Right Click Save This". It features an image of Pepe the Frog overlaid on a collage of 100 stolen furry Twitter profile photos. The NFT sold for around $100,000, though after mass DMCA requests it was delisted from the OpenSea and Foundation marketplaces. The creator later promised to pay any owner of an image used in the collage $5,000, but only if the owner minted a token of their artwork and sent it to the collage creator.

A group pitches the idea of a "Cryptoland" crypto-themed private island with a video that is nearly indistinguishable from satire

A 3D-animated coin drives a yellow Lamborghini with a male passenger."Connie" drives one of the promised Lamborghinis (attribution)
Signs unfortunately point to this being an actual, real project rather than satire, but the video purporting to advertise it dunks on cryptobros harder than most satirists have managed to. A campy 3D-animated video with strong Fyre Festival vibes is complete with scenes of its cryptobro main character uncomfortably hitting on a female employee of "Cryptoland", and walking around with an anthropomorphized coin who is apparently named "Connie" (so like... con?), and performing in a terrible musical number. The project's founders say they've already spent more than a year and employed 30 digital artists to produce their 3D-animated pitch, but it doesn't appear that they've put the same effort into making their ideas a tangible reality. They own no land on which to have started construction on their various attractions, or to park the Lamborghinis they promise to provide. One thing they have done, though, is list parcels of land on this apparently as-yet-imaginary island in Fiji for sale — for the low, low price of 319 ETH (about $1.2 million).

Hacker steals around $55 million from bZx

An attacker fooled a developer of the bZx decentralized finance platform into opening a Word document with a malicious macro, which ran a script that gave the attackers access to the developer's crypto wallet private keys. They were able to gain access not only the developer's personal wallet keys, but to two keys to bZx wallets. The attacker made off with approximately $55 million. bZx subsequently tried to offer the attacker a bounty to return the funds, though they were not successful.

Media outlets are duped into believing that Kroger will begin accepting Bitcoin Cash

PR Newswire republished a fake press release which claimed that the Kroger supermarket chain would begin accepting "Bitcoin Cash" (not to be confused with Bitcoin) at its outlets. The fake press release was briefly successful in pumping the value of the currency before it was revealed to be a hoax.

Blockchain Global enters liquidation

Blockchain Global, the parent company of a cryptocurrency exchange called ACX.io, entered voluntary administration after its protracted collapse. Customers had been unable to access funds on the exchange since late 2019.

Creditor claims are likely to exceed $50 million. The operators of the company allegedly commingled customer, investor, and company funds, and used this pool of money on personal expenses and investments in other companies. The liquidator has recommended that the Australian Securities & Investments Commission (ASIC) investigate the company's directors, Sam Lee, Zijing "Ryan" Xu, and Liang "Allan" Guo.

Oracle manipulation attack against Vesper Finance nets hacker over $3 million

By manipulating the price of a low-liquidity, beta-stage stablecoin, an attacker was able to borrow all tokens in a Rari Fuse pool using the initial token as (inflated) collateral. They then swapped the tokens for Ethereum, and made off with more than $3 million.

BXH exchange exploited for $139 million

The decentralized exchange BXH was exploited for $139 million. BXH CEO Neo Wang attributed the exploit to a compromised administrator key, which he said suggested either a staff member's computer was breached, or a staff member themselves was behind the theft. BXH offered a reward to the hacker if they returned the funds, and offered a $1 million bounty to any person who could help retrieve the funds, but was ultimately not successful in having the money returned.

Creators of a Squid Game-themed token make off with more than $3 million

Creators of a Squid Game-themed token (not affiliated with, or authorized by, those behind the Netflix series) created a token which quickly skyrocketed in value and earned news coverage in outlets like the BBC. Not long after investors began to report they were unable to sell their tokens, creators drained $3.36 million out of the liquidity pool in an apparent rug pull.

NFT collector scammed out of almost $1 million

An illustration of a sad-looking ape with pink fur, blowing a bubble of gum, wearing a black turtleneck and black baseball cap with the logo "BAYC" on it.Bored Ape #2031, one of the stolen NFTs (attribution)
NFT collector Calvin Becerra fell for some social engineering on Discord: "Guys posing as buyers in Discord were helping me troubleshoot a problem we thought was happening... They walked me through language settings in my MetaMask and had me choose an option and took everything." The scammers obtained three of his "Bored Ape Yacht Club" NFTs (one pictured), which collectively valued around $1 million. Becerra successfully lobbied OpenSea, Rarible, and NFT Trader to block sales of the stolen NFTs, though some viewed the NFT exchanges' intervention as a demonstration that these exchanges can indeed interfere with access to the blockchain.

Developer of "Monkey Jizz" cryptocurrency makes off with $270,000

A cartoon of a monkey sitting behind a wooden sign that reads "Monkey Jizz""Monkey Jizz" ogo (attribution)
In a twist absolutely no one could have predicted, the developer of a coin called "Monkey Jizz" ran off with around $270,000. The project promised to share a portion of transactions with all investors, and eventually publish a video game. However, on October 31, the developer set a 94.9% sale fee to discourage people from selling, then transferred out the cash and disappeared.

$60 million disappears in AnubisDAO project within a day of its launch

An illustration of two black Egyptian dog sculptures facing outwards, from a pillar. On the pillar is a circular insignia with a shiba inu wearing a pharoah-like headdress. Bordering the circle is the Greek omega symbol. In front of the pillar is an open treasure chest with stacks of gold coins and jewels.AnubisDAO art (attribution)
A project called AnubisDAO launched a coin called ANKH, and were quickly flooded with cash from investors hoping to find another dog-themed memecoin success like Dogecoin or Shiba Inu. In less than 24 hours, the money vanished from the liquidity pool in what project creators claim was a phishing attack, but more likely was a rug pull. One investor interviewed by CNBC said he had invested nearly $470,000 in the coin before the money was drained.

OpenSea NFT trading platform patches a vulnerability that had allowed hackers to steal from users

Bug bounty hunters helped OpenSea patch a cross-site scripting (XSS) vulnerability in their platform that previously allowed attackers to create an NFT from an SVG image, which contained an iframe that would execute JavaScript. Attackers could create an authorization popup that looks legitimate, and if the victim fell for it, gain access to their wallet. OpenSea quickly patched the vulnerability after disclosure, though it appears it had been used in the wild — the bounty hunters began their research after seeing tweets of users who had fallen victim to attackers using the exploit.

A much-hyped Miss Universe NFT project turns out to be a rugpull

A trading card styled image depicting Miss Universe 2015, Pia WurtzbachPia Wurtzbach NFT (attribution)
Miss Universe and its models, the @nft Instagram, and Steve Harvey all got in on the advertisements for the Miss Universe NFT project, which Miss Universe presenter Paula Shugart said was "going to be the first brand in the NFT space that is about women, about women's empowerment, and embracing the technology, and moving forward. I love it; this is the first one that is away from other more male-oriented spaces." Buyers were offered signed prints, virtual meetings with the models, exclusive events, and a chance to win $50,000. None of this materialized, the Miss Universe Instagram account was deleted, and NFT owners who asked questions began to be banned from the project's Discord channel.

Rapper Tekashi 6ix9ine releases a series of NFTs, only for the project not to deliver anything it promised

An illustration of a human character on a yellow background, wearing a yellow construction helmet, with blue hair. It has yellow teeth and is holding a bloody machete.One of the Trollz NFTs (attribution)
$100,000 to charity, governance power over the project funds, a boxing game, and weekly competitions and raffles were all promised as a part of the Tekashi 6ix9ine-backed Trollz NFT collection. However, the project crumbled shortly after it began, with creators removing the ability to mint new NFTs before the designated number were released, a takeover of a Discord bot funneling prospective buyers to scam links, and the rapper deleting any trace of his affiliation with the project. One buyer lost $40,000; around $4 million in total was poured into the apparent scam.

DeFi platform C.R.E.A.M. is hacked for a third time, this time for $130 million

Crypto lending service C.R.E.A.M. Finance lost $130 million in a flash loan attack. It was the third hack of the platform this year, following a $37.5 million hack in February and an $18.8 million attack in August.

A tech startup aims to solve the real problem with the U.S. justice system: the lack of gambling involved

Tech startup "Ryval", which is formally launching in 2022, announced its plans to allow "everyday Americans" to bet on the outcomes of civil lawsuits, potentially raising funds for the parties. While the company is spinning this as "mak[ing] access to justice more affordable", I have considerably less faith that allowing crypto investors to decide on who and what is worthy of a lawsuit (or at least which lawsuits are likely to be "profitable" to them) will somehow introduce more equality into the American legal system.

"Realms of Ruin", a YA storytelling NFT project, collapses hours after launch

Six popular young-adult fiction writers attempted to launch an NFT project where they created a base universe, and participants would contribute their own stories (which they would mint as NFTs) that would be added to the official storyline if the authors liked them enough. Questions around who would own copyright, how teenagers (the target audience) would obtain cryptocurrency and mint NFTs, and environmental impact led the creators to shutter the project only five hours after the launch announcement went out.

Successful exploit of the CreatureToadz NFT project briefly nets a poorly-disguised hacker 88 ETH (almost $350,000)

A CreatureToadz NFT: an illustration of a red lumpy toad with hearts on its cheeks, with rain superimposed overCreatureToad #3813 (attribution)
A 17-year-old hacker was able to use a phishing webhook to make himself an admin in the CreatureToadz Discord server. Users who minted NFTs unknowingly sent cash to him, netting him a total of around 88 ETH (almost $350,000). However, after the hacker's real identity was uncovered shortly after the attack, the hacker returned the funds, claiming he'd intended to return it all along.

Hacker steals $16 million from Indexed Finance

A hacker drained $16 million from Indexed Finance, a defi protocol built on the Ethereum blockchain. The stolen funds represented nearly half of the total value locked on the platform. The hacker was later revealed to allegedly be an 18-year-old Canadian named Andy Medjedovic, who continued to refuse to return the funds even when his identity was revealed. The hacker argues that he simply took advantage of an arbitrage opportunity, and swore to "fight to the death" in court over his right to keep the money. However, the hacker never showed up to a December court appearance, and a warrant was issued for his arrest.

Four NFT projects on the Solana blockchain rug-pull in one day

A rendering of a small room, with a desk with a large monitor and computer tower, an L-shaped couch, and a large TV on one wall.One of the Solana Towers NFTs (attribution)
Developers behind Solana Towers, an NFT project allowing investors to buy rooms in a metaverse virtual condo as NFTs, disappeared with around $280,000 a day after the project's launch. It was only one of the projects to do so that day, joining the developers behind three other Solana NFT projects: "Interstellar Bots", "Cheesy Dizzy", and "Technidroids".

The creator of the "Evolved Apes" NFT project makes off with $2.7 million a week after launch

A cartoon man wearing a mesh tank top, with a beard and facial stubble, a hot pink earring, and a brown mohawk, drinks a can of beer.EvolvedApe NFT (attribution)
A week after the launch of the "Evolved Apes" NFT project, which consisted of 10,000 NFTs and a promised fighting game, the anonymous developer behind the project disappeared after pulling the equivalent of $2.7 million out of the project's funds.

Baller Ape Club NFT developers rug pull for $2.6 million

Illustration of a purple neon themed bar scene with crypto price charts on the wallsBaller Ape Club website (attribution)
A blatant clone of the extremely popular Bored Ape Yacht Club project, called "Baller Ape Club" and on the Solana blockchain, went live after much anticipation. Shortly afterwards, its creators made off with $2.6 million and deleted their websites and social media. The same group had pulled off one rug pull already, stealing around $150,000, and later went on to do a third rug pull in January 2022.

Founder of DeFi platform Compound threatens users who received mistaken payments with the IRS

Robert Leshner, the founder of Compound Labs, took an unusual approach when trying to recoup funds that were mistakenly distributed through a $160 million bug in the protocol. He tweeted, "Please return [the funds]. Keep 10% as a white-hat. Otherwise, it's being reported as income to the IRS". The threats were not received particularly well, with some questioning what assumptions Leshner was making about his typical user's tax status, and Leshner subsequently apologized for his "bone-headed" tweet.

An NFT project developer steals $138,000, sending images of random emojis to buyers

A 3D-rendered bust, with a futuristic helmet and cowl, and a red and white neck covering.Sample Iconics artwork (attribution)
NFT collectors eagerly bought thousands of presales of an NFT project called "Iconics" after viewing sample artwork from a supposedly 17-year-old 3D artist. When they viewed their NFTs, instead of the 3D busts they had expected, they were brought to images of random collections of emojis. It was later discovered that the artwork had been stolen from an artist unaffiliated with the NFT project.

German government's blockchain-based ID wallet removed from app stores shortly after launch due to major issues

Shortly before the federal election, the German government launched the app "ID Wallet". It was supposed to store driver's licenses and other identification documents, and allow them to be shared with authorized parties (like the police, or during hotel check-ins). Because the distributed ledger back-end met neither basic EU security standards, nor handled more than a few thousand users (in total, not per second), the launch failed and private data stored in the app would have been exposed to identity theft. FOIA requests revealed that the project developers had known about the shortcomings of their design months in advance. The German Federal Office for Information Security wrote in a report, "[the use of the blockchain-based solution] significantly increases the complexity and, as a result, the fundamental susceptibility to security gaps in the entire system if the benefits are unclear".

Vee Finance platform emptied of $35 million a week after its launch

The Vee Finance decentralized finance platform was hacked for $35 million worth of Ethereum and Bitcoin. The platform suspended trading after the hack was discovered, and also tried to tempt the hackers with promises of a bug bounty if they'd just be so kind as to return the funds. The platform had only launched a week earlier, though boasted of having $300 million worth of assets locked on their exchange.

pNetwork loses $12 million to a bug

A hacker stole $12 million from the DeFi platform pNetwork after exploiting a bug in the codebase. The network offered a $1.5 million bounty to the attacker to return the funds.

Supply chain attack drains $3 million from SushiSwap

A retro-looking website titled "JAY PEGS AUTO MART". There are buttons for "MINT' DONA" and "BIG OCEAN", and gifs of wacky inflatable tubes at the bottom.Jay Pegs Auto Mart website (attribution)
SushiSwap's token platform, Miso, was hit with a supply chain attack that landed the attacker more than $3 million worth of Ethereum. Malicious code was injected into the platform's frontend by a contractor who submitted a pull request. The attacker was able to target a car-themed NFT auction called "Jay Pegs Auto Mart". However, the team discovered the identity of the attacker and the funds were returned after some legal threats.

Head of Product for major NFT platform, OpenSea, is asked to resign following allegations of NFT insider trading

A Twitter sleuth discovers that OpenSea's Head of Product, Nate Chastain, had apparently been engaging in a form of insider trading by buying NFTs that he knew would later be featured on the front page of OpenSea, then selling them once their value increased from the spotlight. The Twitter user identified a chain of transactions show Chastain laundering the transactions through several anonymous accounts. OpenSea posted a statement confirming the shady trades had taken place, and that they had requested and received the employee's resignation, though they didn't specifically name Chastain as the culprit. Chastain's Twitter profile was updated shortly after, identifying him as a former OpenSea employee. OpenSea announced the next day that they had implemented policies preventing employees from trading on confidential information, which I guess they just hadn't bothered to think about previously.