Although some users reported funds missing from their wallets, including one investor who reported that $16.3 million missing, Crypto.com announced that "All funds are safe". Over the next few days this was revealed to be untrue; as of January 20, the total estimated funds stolen from the platform had reached $30 million. Large amounts of stolen funds were quickly laundered through Tornado Cash, a popular crypto mixer.
Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The platform restored trading later that day after pushing an update to require their users to re-authenticate their sessions and reset two-factor authentication.
Mysterious NFT project NotASecretNFT gets people to authorize a shady contract after leaving clear clues to their intentions
Enthusiasts rushed to buy NFTs from a project called NotASecretNFT after seeing NFT mega-whale Pranksy buy in, even though the OpenSea description was simply, "1000 secrets, endless lies... Farming $LIES starts 24 hours from mint." After funds were drained from the project, Pranksy tweeted, "Ok you may have seen me buy some NotASecretNFT's from opensea - it looks like this was a rug pull / scam, please do not buy anymore based on my purchases and revert any permissions you may have given". A note in the project's smart contract read, "Hello world, Nothing was intended to be obscured from you, you simply did not follow the clues." In a tweet thread, one buyer explained how he didn't research the project himself, but bought in after seeing an alert that Pranksy had bought NFTs. He ended the thread by writing, "Never buy into hypes and always #DYOR [do your own research]. Lesson learned once more!"
The value of the $BURG token associated with the CryptoBurgers game suddenly plummeted after being hacked shortly after launching earlier that day. The game allowed users to earn cryptocurrency by flipping burgers... yes, really. A bug in the smart contract allowed an attacker to use flash loan attacks to drain $BURG, netting them around $770,000 as of that evening. The CryptoBurgers team announced they would be contacting Binance to try to recover funds, and the team would be creating a new smart contract and token. Hope the next one goes better!
SpiceDAO wins a $3 million auction to buy an extremely rare storyboard book of Dune, only to learn that owning a book doesn't confer them copyright
Somehow, SpiceDAO managed to raise €2.66 million (about $3 million) to buy the storyboard for Alejandro Jodorowsky's never-made Dune adaptation. In a celebratory tweet the group wrote, "We won the auction for €2.66M. Now our mission is to: 1. Make the book public (to the extent permitted by law) 2. Produce an original animated limited series inspired by the book and sell it to a streaming service 3. Support derivative projects from the community". They were quickly informed that buying the physical book did not somehow confer to them copyright or licensing rights (much like how buying an NFT does not automatically confer you the rights to the underlying artwork!). You'd think they might have checked that first.
Shortly after it was discovered that the images used for the NFT project "InvertedCulture" were nothing more than unauthorized flipped copies from a different NFT project, DNA Cultura, the creator deleted the project's Twitter account and transferred funds out of the project. Simultaneously, another project called "MadHashers" also deleted their Twitter account and drained funds. It didn't take long for people to realize that the money from both projects was going to the same account, suggesting that that the same person was behind both scams.
Eight people were arrested in China after being connected to a rug pull. One investor lost ¥590,000 ($90,000) he had poured into the token in June, when project owners took the website offline and pulled all of the money out. A total of ¥50 million (a bit below $7.9 million) was lost to the scam.
Lack of liquidity in the Uniswap V3 FLOAT/USDC oracle allowed an attacker to manipulate the prices within the pool, then deposit it at a much higher rate. The hacker pulled about 350 ETH (equivalent to $1.1 million) out of the pool, though according to PeckShield they later returned around $250,000 for some reason.
Voice actor Troy Baker announces his involvement in "voice NFT" project Voiceverse with an antagonistic tweet, shortly before it's revealed that the project stole work
Troy Baker, the voice actor behind video game characters in The Last of Us, Far Cry, and various Batman games, announced he would be partnering with "voice NFT" company Voiceverse. Voiceverse is pretty vague as to what it's actually offering, but it has something to do "provid[ing] you an ownership to a unique voice in the Metaverse". Baker's announcement tweet ended, "You can hate. Or you can create. What'll it be?", which didn't seem to help with the already-negative reaction to the idea. Things were further soured when it was revealed that Voiceverse had stolen work without crediting it from a computer-generated voice project called 15.ai. Voiceverse subsequently apologized for the theft, and Baker acknowledged that his initial tweet "might have been a bit antagonistic".
fees.wtf, a platform allowing people to see how much money a given cryptocurrency wallet has spent in gas fees, decided it was time to release their own token, and promised to follow it up with NFTs. They tempted people with an initial airdrop, where people recruited their friends in exchange for more "WTF" tokens. However, with a small initial liquidity pool and trading bots quickly entering the fray, enormous volatility led to absolute chaos. Some traders who were unfamiliar with setting up tolerances for slippage found their orders executed for substantially less than expected, with one user trading 42 ETH ($135,000) for what ended up being less than 1¢ of WTF. Edward Ongweso Jr wrote for Vice, "Like so many other crypto projects, it was so poorly planned, capitalized, and executed, that it’s almost indistinguishable from a scam."
Global Game Jam plugs their blockchain company sponsor, then tries to scrub mention of it after backlash
Global Game Jam, an annual event where people collaborate to make video games, proudly plugged The Sandbox as their "primary headline sponsor" on Twitter. The Sandbox is a platform for selling game assets on the Ethereum blockchain. After swift backlash, GGJ deleted the tweet and deleted references to blockchains from The Sandbox's description in their sponsor list. Needless to say this didn't go unnoticed, appearing to many as an attempt to deceive their community. GGJ eventually apologized for this action, and dropped The Sandbox as a sponsor.
The creators of "Big Daddy Ape Club" rug pulled shortly after mint, deleting their social media and website and making off with around $1.2 million. The project's creators were reportedly the same as those who'd pulled off the $2 million "Baller Ape Club" rug pull in October 2021, and a $150,000 one before that.
I can safely describe most NFT marketplaces as bizarre, but the AP is really trying to top the bunch. The marketplace will provide a place for trading the NFTs they plan to create out of their journalistic photography. However, people won't be able to move the NFTs they purchase to other marketplaces (so much for decentralized). Dwayne Desaulniers, AP's Director of Blockchain & Data Licensing, attempted to shed some light on their plans via Twitter, only making things worse. "Buying an AP photo registered on the blockchain provides you with a personal license to display, print, resell the image if you wish. But is also helps reduce the economic damage from digital theft, preserves the value of a photograph and will help us fight deep fakes", he said, though basically none of these claims stand up to scrutiny, or particularly require a blockchain.
Crypto investors who bought 40 acres of land in Wyoming in hopes of "building a city on the Ethereum blockchain" lost more than $92,000 to a Discord hack. Some clever social engineering and questionable security measures on Discord's part allowed scammers to gain control of a CityDAO Discord moderator's account, then send out fake announcements about a fake "land drop". The scammer received over 29.67 ETH (about $92,000).
Animoca Brands' subsidiary Lympo, an NFT platform specifically for sports, experienced a breach of several hot wallets. This allowed an attacker to pull 165.2 LMT tokens from the platform, equivalent to about $18.7 million. The tokens were quickly exchanged for Ether on Uniswap and Sushiswap. The hack caused the value of LMT to drop by 92%, to $0.0093.
The Rich Dwarves Tribe was an NFT project announced in December 2021, which minted in January 2022. The project had been heavily promoted by musicians including NeYo, Jason Derulo, BowWow, and Fred Durst. It promised a metaverse "tavern", giveaways, a crypto project incubator, and NFTs that would "mine coins for you". However, shortly after the project minted out, its creators disappeared with the funds and abandoned the project.
An hour after releasing their ice cream-themed NFTs, developers of the Frosties NFT project closed their social media accounts and disappeared with $1.1 million, plunging the token value to nearly zero.
Doodled Dragons takes at least $30,000 after tweeting "our charity will instead now be... my bank account"
A SolSea-verified NFT project on the Solana blockchain, Doodled Dragons, touted that they would distribute all profits "straight to charities protecting animals on the brink of extinction". They announced on Twitter that they would be donating $30,000, "our first donation", to the World Wildlife Fund. Two hours later, they tweeted, "actually. fuck that. our charity will instead now be... my bank account. cya nerds." They deleted the Twitter account shortly after.
The Liechtenstein-based cryptocurrency exchange LCX suffered a $6.8 million loss when one of its hot wallets was compromised. Assets including ETH, USDC, EURe, and LCX were moved to an Ethereum wallet belonging to the attacker, then quickly tumbled using the Tornado Cash mixing service.
Gary V announces his new "NFT restaurant" where you'll still have to pay regular money for your meals
Gary Vaynerchuk announced plans for his New York City "NFT restaurant", Flyfish Club. The cheapest NFT, giving access to only parts of the restaurant, was listed at 2.5 ETH (at the time around $8,000); a full-access membership was listed at 4.25 ETH (around $14,400). However, the NFT only grants access to the restaurant. Patrons will still pay for their food and drink—and in real money, not crypto.
An investor filed a class action lawsuit against Kim Kardashian, Floyd Mayweather, and Paul Pierce, all of whom promoted the EthereumMax currency (not to be confused with the completely unrelated Ethereum project). The lawsuit also names the creators of the coin, who are still unknown, but who the filer hopes to unmask through legal discovery. The filer alleges that the group of defendants were hyping a "pump-and-dump scam" that caused him to suffer investment losses.
Users of Hong Kong crypto exchange Coinsuper reportedly haven't been able to withdraw funds for several months
Users reported not being able to withdraw currency from their accounts with Coinsuper, a Hong Kong-based crypto exchange. Although trading has remained active on the platform to date, some users have said they have spent months trying to withdraw their funds, to no avail. A group have filed a complaint to the police. Communication from Coinsuper has been practically nonexistent, both to users and to their investors.
SEC sues CrowdMachine founder, alleges illegal ICO and operation that secretly diverted funds to gold mining companies
The SEC alleged that Craig Sproule, founder of companies CrowdMachine and Metavine, ran a fraudulent and unregistered ICO when he launched "Crowd Machine Compute Tokens" (CMCTs). Although he claimed that the money raised from the token sale would be used on technical development of the "Crowd Computer", a "global decentralized" peer-to-peer network, he made no effort to create this technology. Instead, he secretly sent more than $5.8 million of the more than $33 million raised in the ICO to South African gold mining companies.
Someone on the Mozilla Foundation's social team inexplicably thought that tweeting "Dabble in @dogecoin? HODLing some #Bitcoin & #Ethereum? We're using @BitPay to accept donations in #cryptocurrency" would go over well with their supporters. Unsurprisingly it did not, and it also earned them scathing replies from the founder of Mozilla and the designer of the Gecko browser engine (upon which Firefox is built). Mozilla tweeted on January 6 that they were "listening, and taking action", and that they would review "if and how our current policy on crypto donations fits with our climate goals", pausing cryptocurrency donations in the meantime.
Internet shutdown in Kazakhstan reveals that 12–18% of all Bitcoin mining is done there, which has alarming energy implications
Fuel shortages and spiking electricity costs in Kazakhstan have contributed to protests and a governmental crisis in the country. The electricity issue is partially thanks to cryptocurrency mining to begin with, with about 8% of electricity generation in the country going towards crypto mining (as of last year—it's likely to be higher now). During the crisis, the Kazakh president ordered the nation's largest telecom provider to shut down Internet service in the country to try to quash communications among his opponents. On doing so, the total amount of Bitcoin mining taking place in the country was revealed: at least 12% of Bitcoin's computational power disappeared, though the numbers could swell closer to 18%. This has extremely concerning implications as far as Bitcoin's environmental impact (which we already knew was bad): Kazakhstan's electricity generation relies heavily on "hard" coal being burned in old and inefficient power plants, producing comparably enormous amounts of CO₂.
Pudgy Penguins, a popular NFT project that somehow warranted a full-length New York Times article by Kevin Roose, apparently is trying something pretty shady. This was revealed by NFT whale 9x9x9, who has invested around 600 ETH (over $2 million) in the project and who said they tried to buy shares in the company a few months ago but ultimately rejected the deal Pudgy Penguins offered. 9x9x9 says the project's founders contacted them on January 4, offering to sell the company, at which point 9x9x9 discovered that they had split the company and were trying to walk away with the full profits and sell the shell of the company with 0 ETH in its wallet to 9x9x9 for 888 ETH.
Artist Aja Trier was shocked to discover that her artwork depicting dogs painted in the style of Van Gogh's Starry Night has been stolen and turned into an NFT collection with 86,000 items. Although NFT theft is sadly nothing new, this was perhaps the largest-scale theft to date. @NFTtheft, a popular Twitter account that draws attention to art theft in NFTs, wrote, "This is absolutely shocking. We’ve never seen anything at this scale before."
Energy shortages and rolling blackouts plagued Kosovo towards the end of 2021, leading the Kosovan government to issue a 60-day state of emergency to address the crisis. The emergency authorization promised to identify and shut down any cryptocurrency mining. Kosovo has attracted cryptocurrency miners because it has some of the cheapest electricity prices in Europe, largely due to government subsidies and the availability of lignite (the lowest grade of coal, which is extremely harmful to the environment). Much of the mining takes place in the northern portions of the country, which do not recognize the Kosovan government and so have not paid for electricity at all in more than 20 years.
ElectionDayMad1 apologizes for shilling an NFT project (that later rug pulled) without adequately disclosing he was being paid
NFT collector and influencer Franklin/@ElectionDayMad1 posted a tweet thread about how he had hyped a project that later rugpulled. He was paid about 18 ETH (about $63,000) to promote the "Expansion Phunks", but did very little to acknowledge that he was being paid to promote the project. He also wrote, "I didn’t do any research of Fly nor try to dox the anon team+devs and for that I’m very sorry and regret not researching." Elsewhere in the thread he mentions that "I’d say 99% of projects that I promote fail", a statement which might prompt some self-reflection if he was as ashamed of fleecing his followers as he claims to be.
Journalist Colin Wu reported that the Solana blockchain had an approximately four-hour-long outage due to a DDoS attack, while many others noticed enormous slowdowns. Solana later claimed there had been no DDoS and no outage, and that there was just "some congestion", a claim several crypto outlets reported at apparent face value. The "congestion" was reported to have been from the launch of the highly-hyped SolChicks NFT project, although you have to wonder how a blockchain that claims to be able to handle 50,000 transactions per second (though averaging around 1,700 in reality) could be affected so majorly by a single project. This was the third apparent network issue suffered by the Solana blockchain over the past few months.
After being hospitalized for digestion issues after selling farts in a jar (really), a former 90 Day Fiancé star turns to NFTs
Stephanie Matto, who starred on season 6 of the reality show 90 Day Fiancé, has turned to some weird moneymaking schemes following her TV career. For a time, she claims she was making more than $50,000 a week selling "farts in a jar" for $1,000 each—until she was hospitalized for a health scare after a particularly fiber-heavy meal. She now is trying to sell her farts as "digital artworks on the blockchain" for a bit under $200 each, sans any physical component. At least you got a jar for your money before.
Sunflower Farm, a play-to-earn farming game on the Polygon network, contributed to massive slowdowns and a spike in gas fees on the Polygon blockchain. Heavy bot usage and a game design where practically every action (including saving the game, using a tool, harvesting something) required a blockchain transaction flooded the Polygon blockchain with more traffic than it could handle, and spiked gas fees for a given transaction from around 30 gwei up to more than 1000. This event casts some doubt on Polygon's claims it can handle up to 65,000 transactions per second—in reality it averages about 85 transactions per second and so presumably should have had a lot of wiggle room for even a pretty major increase in transactions.
Yield farming platform ArbixFinance was drained of at least $10 million, with some reporting amounts up to $32 million. Some optimistic users hoped it was a glitch, but the fact that the formerly-active @ArbixFinance Twitter account disappeared along with their website as the funds were being drained points to a rugpull. The platform had previously been audited and approved by CertiK in November, lending the project credibility in the eyes of prospective users.
If trying to type in the name of a movie on Netflix with a TV remote isn't painful enough for them, now people will be able to try using their TV to do due diligence into whether or not they're about to get scammed.
Although Polymarket was nominally "decentralized", it wasn't so decentralized that the CFTC couldn't fine its New York-based parent company for operating an unregistered market and order them to shut it down. Polymarket previously allowed people to bet cryptocurrency on the outcomes of various events including elections, COVID-19 case spikes, and sports games.
"Fortune favors the brave", said Matt Damon as he walked past images of mountain climbers, the Wright brothers, and astronauts. "History is filled with 'almosts'. With those who almost adventured, who almost achieved, but ultimately for them it proved to be too much. Then, there are others – the ones who embrace the moment and commit." Evidently the point of the ad was that the "brave" people who "commit" to pouring their money into crypto will make history, and granted that will likely be true, though it is also likely it will not be for the reason Mr. Damon would like you to believe.
A Vietnamese play-to-earn game called CryptoBike became popular shortly after its December 25 launch, soaring to around $41.6 million in daily trading volume. However, on January 1, the CryptoBike token CB suddenly plunged in value from $0.81 to $0.019 as 6 million CB were sold, apparently by the project's development team. The team also reportedly blocked people from commenting on the incident in the project's Telegram channel, and took down the project's website.
- "CryptoBike showing signs of scam", Sài Gòn Giải Phóng
- "Dự án game NFT Việt bị nhà đầu tư 'săn lùng' ra cả địa chỉ giả do dùng chiêu cho chiếm đoạt 1,4 tỷ USD rồi bỏ trốn", Diễn đàn Doanh nghiệp
Tinyman, a defi platform that bills itself as "decentralized, secure trading", had all liquidity drained from its goBTC and goETH pools after an attacker found a bug in their smart contracts. Liquidity throughout Tinyman dropped from about $43 million to around $20 million within hours of the attack, though the platform says they believe that most of this money was withdrawn by its rightful owners and not stolen. Tinyman asked users to remove liquidity from all pools while they work to patch their smart contracts, and announced they would reimburse affected users.
Carson Turner accused ACYCapital of "exploiting @BoredApeYC through a glitch in @rarible" after they bought his Bored Ape NFT that he had listed for sale (and which he has apparently dubbed "Joe RogApe", cringe). Evidently, if a person transfers an NFT that is listed for sale on OpenSea out of their wallet and back again, it appears not to be for sale despite still being available to buyers. Some people have mistakenly thought they could use this "hack" to delist NFTs if they change their mind about selling them, in order to avoid the gas fees associated with canceling a sale. This "glitch" resulted in Turner's Bored Ape #2643 being bought even though he thought it was no longer for sale, and he ended up spending 10 ETH (about $38,000) to get it back. Twitter user lexomis wrote, "On the human side this kinda is a bummer but it isn't a hack or theft or an exploit. It's being your own bank level stuff. To be your own bank requires you to understand a lot of these nuances...." It's hard for me to feel too bad for Turner, though, given he found himself with $1.1 million after "winning the NFT lottery" in August.
Digiconomist reports that Bitcoin consumed about as much energy in 2021 as the whole country of Argentina
Digiconomist released numbers for 2021, showing that during 2021, Bitcoin consumed 134 TWh in total—comparable to the energy consumption of Argentina. The report also claims that Bitcoin was responsible for 0.54% of global electricity consumption, and consumed about 89% more energy in 2021 than in the previous year.
Tether, the stablecoin that claims to be fully backed by actual currency, adds $1 billion to their supply
Shortly after midnight on January 1, Tether added another $1 billion to its total supply. Although Tether claims that all of its supply is fully backed by actual currency, many (including legislators) have cast doubt on the veracity of this claim. Large additions to their supply such as this one, which have become quite a regular occurrence for Tether, raise further eyebrows, with commenters online speaking of them "printing" money. Some speculated that this recent move was an attempt to pump the value of Bitcoin, which had declined over the month of December—starting the month at about $57,000 and ending it about $10,000 lower.
Square Enix CEO acknowledges he will be disappointing gamers who "play to have fun" with his announcement that they are getting into web3
In the announcement, Square Enix CEO Yosuke Matsuda apparently wrote with a straight face: "I realize that some people who 'play to have fun' and who currently form the majority of players have voiced their reservations toward these new trends". He also spoke positively of the metaverse and in the announcement. Square Enix is the maker of popular game franchises including Final Fantasy, Dragon Quest, and Kingdom Hearts.
A token called $YEAR invited people to connect their crypto wallets and see a "year in review"-style summary of their 2021 crypto and NFT transactions, with an airdropped token reward based on their activity level. Some community members audited the contract to look for signs of a scam, but missed a few lines of code that enabled the creator to prevent people from selling the token. With people only able to buy the token (on secondary exchanges) but not sell, the price rose, encouraging others to buy in. Only 30 minutes after locking people out of selling, the creator drained the liquidity pool of 59.7 ETH (about $225,000), dropping the coin's value to 0.
- "Airdrop culture could pose integral threat to DeFi industry", Cointelegraph
- "Ethereum Project Airdrops Scam Token, Then Pulls the Rug", Crypto Briefing
Todd Kramer, an NFT collector who had acquired Bored Ape and other pricey NFTs, clicked on a phishing contract that appeared to be a legitimate NFT trader link. Sixteen NFTs from three collections were taken, including eight Bored Ape NFTs. In total, the loss totalled around 593 ETH (equivalent to about $2.2 million). After asking for help on Twitter, OpenSea froze the stolen assets, preventing them from being traded on their platform. Some commenters noted that the redress (asset freezing and flagging of suspicious accounts) was only possible because OpenSea is a centralized platform with a large amount of power in the NFT arena, which some see as antithetical to the supposed ideals of web3. This also raises the question of whether BAYC themselves have a way to determine "legitimate ownership" of their NFTs, which in addition to being expensive status symbols also grant their owners exclusive perks including merchandising rights and access to events.
Blatant copy of Solana's popular "Baby Ape Social Club" rakes in more than $50,000 before being taken down by OpenSea
A clone of Solana's popular "Baby Ape Social Club" project popped up on OpenSea, using the Polygon blockchain. The project enjoyed 14.3 ETH in trading volume (about $52,000) before OpenSea finally took them down.
Founders say they aim to help the LGBTQ+ community with a Spanish cryptocurrency project, "Maricoin". The team plans for the currency to be used for payment in a network of businesses have signed an "equality manifesto" promising to be queer-friendly. Critics of the project feel it's little more than pinkwashing, and many have criticized the name, which is based on a Spanish slur.
"No network can withstand the electricity consumption that is recorded there", says energy company chairman of the effects of cryptocurrency mining in Georgia
Board chairman of Energo-Pro Georgia, an energy company serving the Svaneti region of Georgia, wrote, "This can no longer continue. No network can withstand the electricity consumption that is recorded there." He called out the illegal cryptocurrency mining happening in the region, which has damaged the infrastructure so badly that he predicted it would take four to five years to fix. Miners have been taking advantage of free electricity provided to residents of the region, but the chairman wrote that the company was "approaching the decision" to begin billing residents for electricity to try to thwart the miners. In 2019, the company had been forced to go door-to-door with police to shut down mining operations, and in the process removed about $1.6 million worth of mining equipment.
Scammers took advantage of rumors that MetaMask, a popular Ethereum wallet, would be airdropping governance tokens. The scammers created a fake MetaMask token, $MASK, and managed to inject code into the popular DEXTools trading app to show the token as verified. The token reached over $9 million in traded volume before scammers pulled the liquidity, making off with about $1.8 million worth of Ethereum.
- "Fake MetaMask Governance Token Soars 2600% and Gets Rug-Pulled", CryptoPotato
- "$1.8M Lost to Fake MetaMask Token Honeypot Scam", Crypto Briefing
Waka Flocka Flame posted to Twitter: "@opensea One of me wallets was hacked wtf man". In a video, he showed NFTs in his OpenSea wallet, saying "This is fake, this is fake, this is fake, this is fake. They popped up in my wallet, I clicked on it to delete it, immediately they stole 19 grand. Happily I just started this wallet, they already stole 19,000 out of it. I need fucking help immediately."
1,100 BNB, or around $600,000, were transferred out of the MetaSwap token MGAS, dropping the price of the token nearly 50%. The funds went to a Tornado Cash account, a popular cryptocurrency tumbler. After the transfer, MetaSwap Gas social media accounts were deactivated.
A project that promised to be "the DAO of DAOs" managed to accumulate and then make off with 800 ETH, which was worth around $3.2 million at the time of the scam. The project creators took the invested tokens and quickly tumbled them using Tornado Cash.
- "MetaDAO Makes Off With $3.2M in Rug Pull", Cryptobriefing