Sports NFT platform Lympo loses $18.7 million to a breach

Animoca Brands' subsidiary Lympo, an NFT platform specifically for sports, experienced a breach of several hot wallets. This allowed an attacker to pull 165.2 LMT tokens from the platform, equivalent to about $18.7 million. The tokens were quickly exchanged for Ether on Uniswap and Sushiswap. The hack caused the value of LMT to drop by 92%, to $0.0093.

Celebrity-promoted Rich Dwarves Tribe NFT project rug pulls for around $3 million

A 3D rendering of a dwarf figure with brown hair and a beard, wearing a gold chain and a shirt with gold shells printed on it. There is some sort of gold weapon slung on his back.Rich Dwarf #3453 (attribution)
The Rich Dwarves Tribe was an NFT project announced in December 2021, which minted in January 2022. The project had been heavily promoted by musicians including NeYo, Jason Derulo, BowWow, and Fred Durst. It promised a metaverse "tavern", giveaways, a crypto project incubator, and NFTs that would "mine coins for you". However, shortly after the project minted out, its creators disappeared with the funds and abandoned the project.

Developers of the Frosties NFT project make off with about $1.1 million

A green, vaguely human-shaped blob with a strawberry on its head and hearts for eyes, holds a flag that says "Frosties"Frostie #7105 (attribution)
An hour after releasing their ice cream-themed NFTs, developers of the Frosties NFT project closed their social media accounts and disappeared with $1.1 million, plunging the token value to nearly zero.

Doodled Dragons takes at least $30,000 after tweeting "our charity will instead now be... my bank account"

A pink dragon blowing smoke out its nostrils, wearing a blue hoodie.Doodled Dragon #322 (attribution)
A SolSea-verified NFT project on the Solana blockchain, Doodled Dragons, touted that they would distribute all profits "straight to charities protecting animals on the brink of extinction". They announced on Twitter that they would be donating $30,000, "our first donation", to the World Wildlife Fund. Two hours later, they tweeted, "actually. fuck that. our charity will instead now be... my bank account. cya nerds." They deleted the Twitter account shortly after.

$6.8 million emptied from crypto exchange LCX

The Liechtenstein-based cryptocurrency exchange LCX suffered a $6.8 million loss when one of its hot wallets was compromised. Assets including ETH, USDC, EURe, and LCX were moved to an Ethereum wallet belonging to the attacker, then quickly tumbled using the Tornado Cash mixing service.

Gary V announces his new "NFT restaurant" where you'll still have to pay regular money for your meals

An illustration of a flyfish on a pastel backgroundFlyfish Club Member NFT (attribution)
Gary Vaynerchuk announced plans for his New York City "NFT restaurant", Flyfish Club. The cheapest NFT, giving access to only parts of the restaurant, was listed at 2.5 ETH (at the time around $8,000); a full-access membership was listed at 4.25 ETH (around $14,400). However, the NFT only grants access to the restaurant. Patrons will still pay for their food and drink — and in real money, not crypto.

Class action lawsuit names Kim Kardashian and other celebrities who hyped Ethereum Max

Instagram story post from Kim Kardashian, which reads "Are you guys into crypto???? This is not financial advice but sharing what my friends just told me about the Ethereum Max token! A few minutes ago Ethereum Max burned 400 trillion tokens—literally 50% of their admin wallet giving back to the entire E-Max community. SWIPE UP"Kim Kardashian's Instagram post (attribution)
An investor filed a class action lawsuit against Kim Kardashian, Floyd Mayweather, and Paul Pierce, all of whom promoted the EthereumMax currency (not to be confused with the completely unrelated Ethereum project). The lawsuit also names the creators of the coin, who are still unknown, but who the filer hopes to unmask through legal discovery. The filer alleges that the group of defendants were hyping a "pump-and-dump scam" that caused him to suffer investment losses.

Users of Hong Kong crypto exchange Coinsuper reportedly haven't been able to withdraw funds for several months

Users reported not being able to withdraw currency from their accounts with Coinsuper, a Hong Kong-based crypto exchange. Although trading has remained active on the platform to date, some users have said they have spent months trying to withdraw their funds, to no avail. A group have filed a complaint to the police. Communication from Coinsuper has been practically nonexistent, both to users and to their investors.

SEC sues CrowdMachine founder, alleges illegal ICO and operation that secretly diverted funds to gold mining companies

The SEC alleged that Craig Sproule, founder of companies CrowdMachine and Metavine, ran a fraudulent and unregistered ICO when he launched "Crowd Machine Compute Tokens" (CMCTs). Although he claimed that the money raised from the token sale would be used on technical development of the "Crowd Computer", a "global decentralized" peer-to-peer network, he made no effort to create this technology. Instead, he secretly sent more than $5.8 million of the more than $33 million raised in the ICO to South African gold mining companies.

Mozilla pauses cryptocurrency donations after backlash

Tweet by Mozilla: "Dabble in 
@dogecoin
? HODLing some #Bitcoin & #Ethereum?

We’re using 
@BitPay
 to accept donations in #cryptocurrency 

https://bitpay.com/100257/donate?utm_source=twitter&utm_medium=social&utm_content=1640967540"Original Mozilla tweet (attribution)
Someone on the Mozilla Foundation's social team inexplicably thought that tweeting "Dabble in @dogecoin? HODLing some #Bitcoin & #Ethereum? We're using @BitPay to accept donations in #cryptocurrency" would go over well with their supporters. Unsurprisingly it did not, and it also earned them scathing replies from the founder of Mozilla and the designer of the Gecko browser engine (upon which Firefox is built). Mozilla tweeted on January 6 that they were "listening, and taking action", and that they would review "if and how our current policy on crypto donations fits with our climate goals", pausing cryptocurrency donations in the meantime.

Internet shutdown in Kazakhstan reveals that 12–18% of all Bitcoin mining is done there, which has alarming energy implications

Fuel shortages and spiking electricity costs in Kazakhstan have contributed to protests and a governmental crisis in the country. The electricity issue is partially thanks to cryptocurrency mining to begin with, with about 8% of electricity generation in the country going towards crypto mining (as of last year — it's likely to be higher now). During the crisis, the Kazakh president ordered the nation's largest telecom provider to shut down Internet service in the country to try to quash communications among his opponents. On doing so, the total amount of Bitcoin mining taking place in the country was revealed: at least 12% of Bitcoin's computational power disappeared, though the numbers could swell closer to 18%. This has extremely concerning implications as far as Bitcoin's environmental impact (which we already knew was bad): Kazakhstan's electricity generation relies heavily on "hard" coal being burned in old and inefficient power plants, producing comparably enormous amounts of CO₂.

Pudgy Penguins NFT project founders apparently try to make off with all the money they've raised

An illustration of a smiling penguin wearing a pink scarf with a blue dead fish on its head.Pudgy Penguin #6827 (attribution)
Pudgy Penguins, a popular NFT project that somehow warranted a full-length New York Times article by Kevin Roose, apparently is trying something pretty shady. This was revealed by NFT whale 9x9x9, who has invested around 600 ETH (over $2 million) in the project and who said they tried to buy shares in the company a few months ago but ultimately rejected the deal Pudgy Penguins offered. 9x9x9 says the project's founders contacted them on January 4, offering to sell the company, at which point 9x9x9 discovered that they had split the company and were trying to walk away with the full profits and sell the shell of the company with 0 ETH in its wallet to 9x9x9 for 888 ETH.

Artist discovers her work has been stolen and published as 86,000 NFTs

Tweet by Aja Trier: "86 thousand times people have stolen my art and listed them on opensea and they even had the gall to make a collection like a giant middle finger to my IP rights. Wtf?"Tweet by Aja Trier (attribution)
Artist Aja Trier was shocked to discover that her artwork depicting dogs painted in the style of Van Gogh's Starry Night has been stolen and turned into an NFT collection with 86,000 items. Although NFT theft is sadly nothing new, this was perhaps the largest-scale theft to date. @NFTtheft, a popular Twitter account that draws attention to art theft in NFTs, wrote, "This is absolutely shocking. We've never seen anything at this scale before."

Kosovo issues an emergency ban on cryptocurrency mining in efforts to ease electricity shortages

Energy shortages and rolling blackouts plagued Kosovo towards the end of 2021, leading the Kosovan government to issue a 60-day state of emergency to address the crisis. The emergency authorization promised to identify and shut down any cryptocurrency mining. Kosovo has attracted cryptocurrency miners because it has some of the cheapest electricity prices in Europe, largely due to government subsidies and the availability of lignite (the lowest grade of coal, which is extremely harmful to the environment). Much of the mining takes place in the northern portions of the country, which do not recognize the Kosovan government and so have not paid for electricity at all in more than 20 years.

Franklin apologizes for shilling an NFT project (that later rug pulled) without adequately disclosing he was being paid

A pixel art person with yellow hair smokes a vapeExpansionPhunks #15091 (attribution)
NFT collector and influencer Franklin posted a tweet thread about how he had hyped a project that later rugpulled. He was paid about 18 ETH (about $63,000) to promote the "Expansion Phunks", but did very little to acknowledge that he was being paid to promote the project. He also wrote, "I didn't do any research of Fly nor try to dox the anon team+devs and for that I'm very sorry and regret not researching." Elsewhere in the thread he mentions that "I'd say 99% of projects that I promote fail", a statement which might prompt some self-reflection if he was as ashamed of fleecing his followers as he claims to be.

Solana experiences outage or "congestion", depending on who you believe

An illustration of a yellow chick with a large brown afro, bruised eyes, and black dress shoesSolChick #535 (attribution)
Journalist Colin Wu reported that the Solana blockchain had an approximately four-hour-long outage due to a DDoS attack, while many others noticed enormous slowdowns. Solana later claimed there had been no DDoS and no outage, and that there was just "some congestion", a claim several crypto outlets reported at apparent face value. The "congestion" was reported to have been from the launch of the highly-hyped SolChicks NFT project, although you have to wonder how a blockchain that claims to be able to handle 50,000 transactions per second (though averaging around 1,700 in reality) could be affected so majorly by a single project. This was the third apparent network issue suffered by the Solana blockchain over the past few months.

After being hospitalized for digestion issues after selling farts in a jar (really), a former 90 Day Fiancé star turns to NFTs

An illustration of a green jar with a top hat and flowers inside on an orange background.Fart jar NFT (attribution)
Stephanie Matto, who starred on season 6 of the reality show 90 Day Fiancé, has turned to some weird moneymaking schemes following her TV career. For a time, she claims she was making more than $50,000 a week selling "farts in a jar" for $1,000 each — until she was hospitalized for a health scare after a particularly fiber-heavy meal. She now is trying to sell her farts as "digital artworks on the blockchain" for a bit under $200 each, sans any physical component. At least you got a jar for your money before.

The Sunflower Farmers blockchain game DDoSes the Polygon blockchain for several days

A pixel art game screenshot where a character is watering sunflowersSunflower Farmers (attribution)
Sunflower Farm, a play-to-earn farming game on the Polygon network, contributed to massive slowdowns and a spike in gas fees on the Polygon blockchain. Heavy bot usage and a game design where practically every action (including saving the game, using a tool, harvesting something) required a blockchain transaction flooded the Polygon blockchain with more traffic than it could handle, and spiked gas fees for a given transaction from around 30 gwei up to more than 1000. This event casts some doubt on Polygon's claims it can handle up to 65,000 transactions per second — in reality it averages about 85 transactions per second and so presumably should have had a lot of wiggle room for even a pretty major increase in transactions.

ArbixFinance appears to rug pull, making off with at least $10 million

Yield farming platform ArbixFinance was drained of at least $10 million, with some reporting amounts up to $32 million. Some optimistic users hoped it was a glitch, but the fact that the formerly-active @ArbixFinance Twitter account disappeared along with their website as the funds were being drained points to a rugpull. The platform had previously been audited and approved by CertiK in November, lending the project credibility in the eyes of prospective users.

Samsung announces its new smart TVs will include an NFT marketplace

If trying to type in the name of a movie on Netflix with a TV remote isn't painful enough for them, now people will be able to try using their TV to do due diligence into whether or not they're about to get scammed.

Crypto gambling service Polymarket shut down and fined $1.4 million by the U.S. CFTC

Polymarket bet: "Will Joe Biden be President of the USA on January 6, 2022? Volume: $119,389"Polymarket bet (attribution)
Although Polymarket was nominally "decentralized", it wasn't so decentralized that the CFTC couldn't fine its New York-based parent company for operating an unregistered market and order them to shut it down. Polymarket previously allowed people to bet cryptocurrency on the outcomes of various events including elections, COVID-19 case spikes, and sports games.

Matt Damon stars in a truly cringeworthy ad for Crypto.com

Matt Damon stands staring at a CGI wooden ship, with a Christopher Columbus-like figure in front of itIs that supposed to be Christopher Columbus? (attribution)
"Fortune favors the brave", said Matt Damon as he walked past images of mountain climbers, the Wright brothers, and astronauts. "History is filled with 'almosts'. With those who almost adventured, who almost achieved, but ultimately for them it proved to be too much. Then, there are others — the ones who embrace the moment and commit." Evidently the point of the ad was that the "brave" people who "commit" to pouring their money into crypto will make history, and granted that will likely be true, though it is also likely it will not be for the reason Mr. Damon would like you to believe.

Blockchain game CryptoBike apparently rugpulls only days after launch

A Vietnamese play-to-earn game called CryptoBike became popular shortly after its December 25 launch, soaring to around $41.6 million in daily trading volume. However, on January 1, the CryptoBike token CB suddenly plunged in value from $0.81 to $0.019 as 6 million CB were sold, apparently by the project's development team. The team also reportedly blocked people from commenting on the incident in the project's Telegram channel, and took down the project's website.

Some of Tinyman's liquidity pools are drained of around $3 million

Tinyman, a defi platform that bills itself as "decentralized, secure trading", had all liquidity drained from its goBTC and goETH pools after an attacker found a bug in their smart contracts. Liquidity throughout Tinyman dropped from about $43 million to around $20 million within hours of the attack, though the platform says they believe that most of this money was withdrawn by its rightful owners and not stolen. Tinyman asked users to remove liquidity from all pools while they work to patch their smart contracts, and announced they would reimburse affected users.

NFT collector loses $38,000 in what he believes is an OpenSea or Rarible glitch

A Bored Ape NFT on a grey-purple background. It has a black hat with a visor, and is wearing a deep v-neck collared shirt with an American flag print. It has bloodshot, half-closed eyes and is baring a mouth full of gold teeth.Bored Ape #2643 (attribution)
Carson Turner accused ACYCapital of "exploiting @BoredApeYC through a glitch in @rarible" after they bought his Bored Ape NFT that he had listed for sale (and which he has apparently dubbed "Joe RogApe", cringe). Evidently, if a person transfers an NFT that is listed for sale on OpenSea out of their wallet and back again, it appears not to be for sale despite still being available to buyers. Some people have mistakenly thought they could use this "hack" to delist NFTs if they change their mind about selling them, in order to avoid the gas fees associated with canceling a sale. This "glitch" resulted in Turner's Bored Ape #2643 being bought even though he thought it was no longer for sale, and he ended up spending 10 ETH (about $38,000) to get it back. Twitter user lexomis wrote, "On the human side this kinda is a bummer but it isn't a hack or theft or an exploit. It's being your own bank level stuff. To be your own bank requires you to understand a lot of these nuances...." It's hard for me to feel too bad for Turner, though, given he found himself with $1.1 million after "winning the NFT lottery" in August.

Digiconomist reports that Bitcoin consumed about as much energy in 2021 as the whole country of Argentina

Digiconomist released numbers for 2021, showing that during 2021, Bitcoin consumed 134 TWh in total — comparable to the energy consumption of Argentina. The report also claims that Bitcoin was responsible for 0.54% of global electricity consumption, and consumed about 89% more energy in 2021 than in the previous year.

Tether, the stablecoin that claims to be fully backed by actual currency, adds $1 billion to their supply

Shortly after midnight on January 1, Tether added another $1 billion to its total supply. Although Tether claims that all of its supply is fully backed by actual currency, many (including legislators) have cast doubt on the veracity of this claim. Large additions to their supply such as this one, which have become quite a regular occurrence for Tether, raise further eyebrows, with commenters online speaking of them "printing" money. Some speculated that this recent move was an attempt to pump the value of Bitcoin, which had declined over the month of December — starting the month at about $57,000 and ending it about $10,000 lower.

Square Enix CEO acknowledges he will be disappointing gamers who "play to have fun" with his announcement that they are getting into web3

A video game character reaches one hand up in the air while speaking. Caption says, "Barret: You gonna stand there and pretend you can't hear the planet crying out in pain?"Final Fantasy screenshot (attribution)
In the announcement, Square Enix CEO Yosuke Matsuda apparently wrote with a straight face: "I realize that some people who 'play to have fun' and who currently form the majority of players have voiced their reservations toward these new trends". He also spoke positively of the metaverse and in the announcement. Square Enix is the maker of popular game franchises including Final Fantasy, Dragon Quest, and Kingdom Hearts.

$YEAR creator rings in the New Year by rugpulling about $225,000

A screenshot of the EtherWrapped "year in review" pageAn EtherWrapped "year in review" page (attribution)
A token called $YEAR invited people to connect their crypto wallets and see a "year in review"-style summary of their 2021 crypto and NFT transactions, with an airdropped token reward based on their activity level. Some community members audited the contract to look for signs of a scam, but missed a few lines of code that enabled the creator to prevent people from selling the token. With people only able to buy the token (on secondary exchanges) but not sell, the price rose, encouraging others to buy in. Only 30 minutes after locking people out of selling, the creator drained the liquidity pool of 59.7 ETH (about $225,000), dropping the coin's value to 0.

NFT collector scammed out of $2.2 million in a phishing attack

A Bored Ape NFT: a teal background, with an ape wearing an astronaut suit and a crash helmet with an American flag print. It's biting its lower lip.BAYC #9410, one of the stolen NFTs (attribution)
Todd Kramer, an NFT collector who had acquired Bored Ape and other pricey NFTs, clicked on a phishing contract that appeared to be a legitimate NFT trader link. Sixteen NFTs from three collections were taken, including eight Bored Ape NFTs. In total, the loss totalled around 593 ETH (equivalent to about $2.2 million).

"I been hacked. all my apes gone." tweeted Kramer, in a phrase that ultimately became a catchphrase of the NFT world (and its critics).

After asking for help on Twitter, OpenSea froze the stolen assets, preventing them from being traded on their platform. Some commenters noted that the redress (asset freezing and flagging of suspicious accounts) was only possible because OpenSea is a centralized platform with a large amount of power in the NFT arena, which some see as antithetical to the supposed ideals of web3. This also raises the question of whether BAYC themselves have a way to determine "legitimate ownership" of their NFTs, which in addition to being expensive status symbols also grant their owners exclusive perks including merchandising rights and access to events.

p>

Blatant copy of Solana's popular "Baby Ape Social Club" rakes in more than $50,000 before being taken down by OpenSea

A screenshot of an OpenSea profile called "Lil Baby Ape Social Club"Clone project on OpenSea (attribution)
A clone of Solana's popular "Baby Ape Social Club" project popped up on OpenSea, using the Polygon blockchain. The project enjoyed 14.3 ETH in trading volume (about $52,000) before OpenSea finally took them down.

"1st LGBTQ+ Cryptocurrency" brings pinkwashing to crypto

Founders say they aim to help the LGBTQ+ community with a Spanish cryptocurrency project, "Maricoin". The team plans for the currency to be used for payment in a network of businesses have signed an "equality manifesto" promising to be queer-friendly. Critics of the project feel it's little more than pinkwashing, and many have criticized the name, which is based on a Spanish slur.

"No network can withstand the electricity consumption that is recorded there", says energy company chairman of the effects of cryptocurrency mining in Georgia

A man in blue snow gear stands next to a blue helicopter in a snowy regionEnergo-Pro Georgia workers arrive by helicopter to fix damaged electrical equipemnt (attribution)
Board chairman of Energo-Pro Georgia, an energy company serving the Svaneti region of Georgia, wrote, "This can no longer continue. No network can withstand the electricity consumption that is recorded there." He called out the illegal cryptocurrency mining happening in the region, which has damaged the infrastructure so badly that he predicted it would take four to five years to fix. Miners have been taking advantage of free electricity provided to residents of the region, but the chairman wrote that the company was "approaching the decision" to begin billing residents for electricity to try to thwart the miners. In 2019, the company had been forced to go door-to-door with police to shut down mining operations, and in the process removed about $1.6 million worth of mining equipment.

Traders duped out of $1.8 million in a fake MetaMask governance token scheme

A listing for MASK on DEXTools, showing a blue checkmark by the nameSpoofed verification badge on DEXTools (attribution)
Scammers took advantage of rumors that MetaMask, a popular Ethereum wallet, would be airdropping governance tokens. The scammers created a fake MetaMask token, $MASK, and managed to inject code into the popular DEXTools trading app to show the token as verified. The token reached over $9 million in traded volume before scammers pulled the liquidity, making off with about $1.8 million worth of Ethereum.

Rapper Waka Flocka Flame has an OpenSea account hacked to the tune of $19,000

A still frame from a video, of a finger pointing to an NFT on a computer screen.Waka Flocka pointing out one of the fake NFTs (attribution)
Waka Flocka Flame posted to Twitter: "@opensea One of me wallets was hacked wtf man". In a video, he showed NFTs in his OpenSea wallet, saying "This is fake, this is fake, this is fake, this is fake. They popped up in my wallet, I clicked on it to delete it, immediately they stole 19 grand. Happily I just started this wallet, they already stole 19,000 out of it. I need fucking help immediately."

MetaSwap Gas project rugpulls about $600,000

1,100 BNB, or around $600,000, were transferred out of the MetaSwap token MGAS, dropping the price of the token nearly 50%. The funds went to a Tornado Cash account, a popular cryptocurrency tumbler. After the transfer, MetaSwap Gas social media accounts were deactivated.

MetaDAO project rugpulls for more than $3.2 million

A project that promised to be "the DAO of DAOs" managed to accumulate and then make off with 800 ETH, which was worth around $3.2 million at the time of the scam. The project creators took the invested tokens and quickly tumbled them using Tornado Cash.

Another NFT project sells NFTs depicting real people without their consent

A CipherPunk trading card, illustrated with the face of Marc AndreessenNFT depicting Marc Andreessen (attribution)

The "Cipher Punks" NFT project tried to sell NFTs with illustrations of various cypherpunks, or at least the ones that were listed on Wikipedia. The project said that it intended to "[honor] everyone involved in the CypherPunk movement. They are our heroes, and we need to recognize them". Apparently honoring them did not also involve asking for their consent to be used in the project, as Jillian York tweeted on December 26, "I don't approve of this whatsoever and would like it removed."

ItsBlockchain, the group behind the project, subsequently announced that they would scrap the project and apologized. This apology rang a little hollow, to me, after they retweeted a tweet saying "never meet your heroes" in reference to the individuals asking that the project stop using their likeness without their consent, for their own profit.

JungleFreaks and Sandbox NFTs are stolen from a collector

A shiny chrome robot, with a captain's hat, Bitcoin symbols for eyes, smoking a cigarette on a blue-green background.Jungle Freak #6028 (attribution)
bergpay.eth checked his MetaMask wallet on the day after Christmas only to discover that all his NFTs had been stolen, including five from the popular "Jungle Freaks" collection and 2 from "Sandbox". Jungle Freaks average about 0.9 ETH ($3,700) each; Sandbox NFTs average around 2.75 ETH ($11,300) each.

A DAO forms with the goal of "liberating" Blockbuster, hoping to raise $5 million from NFTs

Tweet from BlockbusterDAO (@BlockbusterDAO): "Our mission is to liberate Blockbuster and form a DAO to collectively govern the brand as we turn Blockbuster into the first-ever DeFilm streaming platform and a mainstay of both the Web3 brands and products, but a powerhouse in the future of the film industry. Read the 🧵👇"BlockbusterDAO's announcement tweet (attribution)
A group called "BlockbusterDAO" emerged, with the stated goal of "liberat[ing] Blockbuster and form[ing] a DAO to collectively govern the brand as we turn Blockbuster into the first-ever DeFilm streaming platform". Ideas for the DAO's plans after buying the corporation included creating original films and also getting into crypto gaming, for some reason. Some outlets noted that it's unlikely Dish, the current owner of Blockbuster, would sell the corporation for any amount (and particularly for an amount $315 million less than what it bought them for ten years ago), but I suspect that minor detail is unlikely to slow the group down much.

Elon Musk tweeting a photograph of his dog in a Santa suit somehow pumps a memecoin

A tweet from Elon Musk reading "Floki Santa" and containing a photo: A shiba inu wearing a Santa suit stands in front of a fireplace. The text "Merry Christmas" has been superimposed atop it.Floki Santa tweet (attribution)
On Christmas, Elon Musk tweeted a very cute photograph of his pet dog, Floki, wearing a Santa suit with the caption "Floki Santa". Creators of a memecoin called "Santa Floki" ($HOHOHO, of course) capitalized on this with a claim that he'd been tweeting about their coin, and the token surged by 18,840% in about 48 hours (from $0.000000012935 to a whopping $0.00000245). The value quickly fell back below this new high, and settled back to around the pre-tweet price not long after.

An attempted governance attack aims to defraud 25 million MIR (about $64.2 million) from Terra's Mirror protocol

A slew of polls, titled "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Freeze the community pool in case of scam", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", "Reduce mDOT to .01 and redistribute to newly voted mAssets", "poll 205 is right ! vote yes !"Polls on the Mirror governance page (attribution)
A scammer created a public poll on Mirror's official website, proposing to "Freeze the community pool in case of scam". However, if the poll passed, it would send 25 MIR to the poll creator. Because of the design of the poll system, Mirror can't remove the poll, and so has attempted to inform its community of the potential scam by creating a different poll, as well as tweeting about it. The governance platform shows a slew of polls, including, "Alert: Poll 211 is SCAM -- sending 25,000,000 MIR to itself", "Vote NO on fraudulent pools #185, ..., #208", "VOTE NO ON POLL 185 IT IS A SCAM", and "poll 205 is right ! vote yes !"

Steve Bannon touts a "Fuck Joe Biden" coin that looks designed to scam investors

An illustration of an eagle wearing American flag print sunglasses that say "FJB" on each lensFJB coin illustration (attribution)
Around the holidays, Steve Bannon started touting a "Fuck Joe Biden" ($FJB) coin (formerly known as the "Let's Go Brandon" coin, and not to be confused with the other Let's Go Brandon coin) on his podcast. He and his partners have touted investing in the currency as a way to somehow "let your feelings, your primal disapproval, your primal disgust with Biden be heard" (and certainly not just a way to pad Bannon's own pockets). Reviewers inspecting the coin's contracts observed some unusual features, including provisions that allow the currency's operators to manually lock an individual's token balance so they can't sell (how decentralized!), though this of course does not apply to the operators themselves. One reviewer observed how this could easily be exploited for rug pull purposes, if the operators locked token holders from selling as they sold off their own coins, allowing them to get out before others started selling off too.

NFT collector scammed out of Bored Ape NFT: "This was my kids college. My mortgage."

A Bored Ape on a yellow-orange background wearing a captain's hat and sunglasses, with a neutral expression.Bored Ape #8038 (attribution)
An NFT collector lost his Bored Ape NFT to a scammer impersonating the well-known NFT collector Jeffrey Huang, aka "Machi Big Brother". The real Huang did eventually buy the NFT off the scammer for 77 ETH (about $290,000) and agreed to sell it back to its original owner for that price. Although the original owner tweeted on December 30 that they were "trying to launch a project that will help me raise funds to buy back my ape that was stolen", the following day they seemed disillusioned with the whole space. They wrote, "Been trying to put on a good face since I lost my ape but I gotta be honest. This was my kids college. My mortgage. Just absolute shit that some of you out there think it's okay that I got ripped off. Fuck you if you think theft is okay because I wasn't 'smart' enough. I got news for you tool boxes. This space is going to zero and regulators are coming hard because the lay person isn't coming with the attitude of a lot of you. No one is coming to a space where they aren't sure there investments are safe. Good luck in the meta".

Open source contributors and advocates are surprised to find photographs of themselves being sold as NFTs

A black-and-white promo card for the project, with text that reads 'White label; 120+ unique portraits; first NFT offering!; limited edition; collect them all!; $99 each (initial price)' The image features three NFTs, of Kelsey Hightower, Yan Zhu, and Bill Joy."Faces of Open Source" promotional image (attribution)
Some prominent open source advocates and contributors were surprised to find that their likenesses were turned into NFTs by an artist who photographed them in 2018. Kris Nóva tweeted, "What would you do if you woke up and found out somebody made an NFT of you? Because that just happened to me and a lot of other open source contributors and thought leaders." She later wrote that the photographer "ended up reaching out, his heart is totally in the right place." However, it still seems pretty gross to me that the NFT creator didn't check with the subjects before using their likenesses in the NFT project, and that he prominently featured Kelsey Hightower, an outspoken critic of web3 who I suspect would not approve of his image being used in such a way, in the branding for the project.

Funko Pop launches Bob Ross NFTs in apparent disregard of Ross's wishes

A digital rendering of a Bob Ross Funko Pop, sitting in a paint canBob Ross NFT (attribution)
Because apparently the vinyl figurines known as Funko Pops aren't a sufficiently useless collectible, Funko decided to get in on the NFT craze by releasing a Bob Ross "Digital Pop". Ross made major changes to his will just before his death to try to prevent people from merchandising his legacy, and many fans were outraged by the NFT project, which they believe is exactly the sort of thing he was trying to prevent from happening.

Visor Finance is hacked for about $8.2 million

A reentrancy exploit in the Ethereum-based Visor Finance DeFi protocol allowed hackers to pull 8.8 million VISR tokens out of the network, equivalent to about $8.2 million. The VISR token went from trading at around $0.93 to around $0.04, losing more than 95% of its value. The Visor team subsequently announced that they would perform a token migration to compensate affected users. Visor has suffered other hacks since its launch earlier in 2021, despite having undergone several audits.

Another Discord scam earns its perpetrators about $150,000

Another Discord scam netted its perpetrators around 800 SOL, or about $150,000, from 373 individuals. The scammer posted a fake minting link in the official Discord of Fractal, the upcoming NFT and blockchain gaming marketplace co-founded by Twitch co-founder Justin Kan. Fractal said it would be compensating all who fell for the scam. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target members of the Monkey Kingdom NFT collection Discord that same day.

Traders hoping to get in on the "Monkey Kingdom" NFT collection are duped by a scam link in the project's official Discord

A pixel-art monkey on a light yellow background. It is wearing a red turtleneck sweater and Santa hatOne of the Monkey Kingdom NFTs (attribution)
An NFT trader hoping to get in on the "Monkey Kingdom" NFT collection was duped by a scam link in the project's official Discord channel, and sent 650 SOL (about $116,000) to a scammer. "It is important money to my family: my wife, my son", the victim wrote on Twitter. Another person replied to the tweet to say they too had been duped by the Discord scammer, to the tune of about 19.5 SOL (about $3,500). In total, the phishing link netted the attacker about $1.3 million. The scam was apparently made possible by a compromise of the "Grape Protocol" Discord tools, a hack that was also used to target users of the Fractal project's Discord that same day.

Either a rug pull or a hack drains at least $1.8 million from Bent Finance

Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance project's own deployer. Because of this, some speculated that it may have been a rug pull. Bent said in a statement, "There are multiple members on this team and we will make this right. We recommend you withdraw all funds until it is clear." The platform hasn't revealed how much money was lost, though a crypto fraud investigator wrote that 440 ETH (equivalent to about $1.8 million) appeared to have been funneled out of the platform. The attack was discovered on December 20, but appeared to have been ongoing since at least December 12, and possibly longer.