Trader loses $510,000 trying to convert funds between two currencies

Reddit post titled "Did I just lose half a million dollars by sending WETH to WETH's contract address?" Text: "Please tell me that I didn't :(

https://etherscan.io/tx/0x96a7155b44b77c173e7c534ae1ceca536ba2ce534012ff844cf8c1737bc54921

Edit: Full story. Sent ETH to WETH contract and got WETH back (after some googling I found this is how the contract works). Assumed it works the same way backwards and sent WETH back to the contract. No ETH back. Apparently you have to use a frontend to get the ETH back. ETH lost forever."Reddit post by the trader (attribution)
A trader learned that, in order to exchange Ethereum tokens (ETH) for Wrapped Ethereum (WETH), they should send their ETH to the WETH token contract and receive the WETH in return. Intending to convert WETH back into ETH, they erroneously assumed that it "works the same way backwards". The trader sent 195 WETH ($510,000) to the WETH contract only to find they received no ETH in return, and their money was lost forever.

Transaction history on Etherscan shows they were the 265th person to make this mistake. Most people did so with far smaller amounts of WETH, although another unfortunate trader lost 115 WETH (at the time valued at $360,000) on August 11, 2021. A total of 432 WETH has been irretrievably lost to this contract this way since July 2018 — currently valued at $1.1 million.

Fake Bored Ape project pulls in $17,500 following high-profile endorsement of Bored Apes

OpenSea collection called "Bored Ape Original" using the same icon and header image as the real account. Description says "BAYC is a collection of 10,000 Bored Ape NFTs. Certified by opensea"Fake Bored Ape collection (attribution)
After Paris Hilton and Jimmy Fallon engaged in a frankly bizarre discussion of their beloved Bored Apes on The Tonight Show, a fake projects imitating the Bored Ape Yacht Club began popping up on OpenSea. OpenSea shut down several projects of this type, which each brought in several hundred dollars an hour. One such project was left up for two weeks, duping investors out of nearly $65,000.

Lazy Lion Ape Club rug pulls for 50 ETH ($125,000)

An ape face with a purple and turquoise lion mane, wearing a fedora styl hat and a wide collared shirt. It's grimacing and bubbles are coming out of its ears.LLAC #33 (attribution)
Lazy Lion Ape Club, an NFT project in somewhat resembling the mega-popular Bored Apes, listed their NFTs on OpenSea on January 26. In addition to the NFTs, the project promised to generate passive income for its holders, as well as give them 3D models of their ape/lions to be used in the metaverse. The project leaders managed to generate 50 ETH (about $125,000) in sales before emptying the project of its funds and deleting their website and social media accounts.

Khan Academy charity auction ends in blatant wash trade, and Khan Academy removing several former employees from alumni Slack channel for raising concerns

An illustration of two people looking at a hologram of a sphere"Inspiring Teacher" NFT auction piece (attribution)
Khan Academy, an otherwise excellent non-profit offering online educational tools, announced they would be participating in an NFT charity auction on January 19. The auction featured an NFT playing card by Parallel, a sci-fi card game that requires players to buy packs of cards (NFTs) to play. Like so many blockchain gaming projects, it appears that the actual gameplay doesn't exist yet — somehow that required a $500 million funding round first.

The auction ended on January 21, with a winning bid of 77 ETH (nearly $200,000) from ParagonsDAO, plus the promise of another 34 ETH ($87,000) donation from the DAO to Khan Academy. However, ParagonsDAO is a DAO created specifically to "play a key role in Parallel's governance" and "support the creation of an ecosystem for Parallel to thrive". Former Khan Academy employee S. M. Lundberg raised their concerns about the wash trading, and "KA elevat[ing] Parallel on its own channels to a largely underage and under-resourced user base" in the Khan Academy Slack, and was removed from the channel by Khan Academy founder Sal Khan. At least three other former employees were removed from the channel for criticizing the decision to engage with the NFT project, as was an additional person who protested the removal of those raising concerns.

Although the auction ended with more than $250,000 going to Khan Academy, it is likely that Parallel got the better deal here — Khan Academy is an enormous name to have promoting one's project. Sal Khan actively hyped the project in various spaces, including in an appearance on CNBC's Squawk Box.

87% of trades on LooksRare NFT platform reported to be wash trades

LooksRare, a new NFT marketplace that launched on January 10, has boasted enormous trading volume since day one. It's no secret that wash trading — that is, a user "selling" an NFT to another wallet they also control — is rife on LooksRare. The platform offers token rewards to any users who buy or sell NFTs, which serves to incentivize wash trades, and has taken no action to disincentivize it — in fact, the platform has retweeted another person who described the incentive system (and the wash trading it generates) as "genius". A new report by NFT analytics company CryptoSlam has put some numbers to the scale of wash trading on the platform: $8.3 billion of the platform's $9.5 billion in trading volume to date (about 87%) appears to be from wash trades.

Wash trading is also a widespread tactic in the NFT space to artificially inflate the "value" of an NFT. Because it's relatively easy to create a pseudonymous cryptocurrency wallet, users will "sell" NFTs to themselves for large amounts to create the appearance of higher demand, and to try to convince other would-be buyers that the NFT is more valuable.

After OpenSea begins reimbursing users who lost money due to listings they didn't realize were still available, user "opensee_​will_​refund_​ask_​them" and others continue to exploit the widespread problem

An OpenSea profile named "opensee_will_refund_ask_them"OpenSea account exploiting the issue (attribution)
OpenSea began reimbursing users who lost money earlier this month through what some have described as a bug with the platform, but which others argue is just a misunderstanding on the users' end. People were able to buy NFTs that had previously been listed at much lower prices, even though those listings didn't appear active to the seller anymore, if the seller had failed to properly remove the listing. The buyers were then able to flip the NFTs for massive profits, and OpenSea ended up reimbursing users to the tune of about $1.8 million. However, there are still many NFTs vulnerable to this, and people taking advantage of it, including one user who named their account "opensee_​will_​refund_​ask_​them".

Padawan DAO loses half its treasury through risky money management

Padawan DAO is a project that aims to provide funding to students under 25 to attend blockchain-related events. In early January, the DAO decided to essentially gamble with project funds on the price of Ethereum staying high: they placed the treasury's $150,000 into a collateralized debt position (CDP) for a decentralized stablecoin called DAI. As the crypto market entered a dip, the project's position went underwater and the protocol had to sell 53 ETH ($117,000) to keep the DAI fully backed. The project had been counting on Ethereum not taking a tumble below $2,200, as it did on January 27, which would have allowed them to keep their 53 ETH and cash out their DAI. Since this didn't happen, the project found itself with their budget halved.

OpenSea announces limits on free NFT minting, then reverses the decision the same day, after revealing that more than 80% of the items created through the feature were plagiarized, fake collections, or spam

On January 27, OpenSea announced a limit of five collections and 50 items per collection, after discovering that "over 80% of the items created with [their free minting tool] tool were plagiarized works, fake collections, and spam". The decision came without warning to creators, some of whom were in the process of minting items for collections that had already promised more than 50 items, and suddenly unable to complete the collections. Later that day, OpenSea announced that they had reversed the decision, saying they "should have previewed this with you before rolling it out".

Attacker exploits a bug in Qubit Finance allowing them to mint unlimited collateral and drain the platform of $80 million

An attacker exploited a bug in Qubit Finance, a decentralized lending platform. The bug allowed them to call the "deposit" function without actually depositing any funds. This enabled the attacker to mint 77,162 xETH collateral, which they exchanged for BNB worth nearly $80 million. The platform has said they have tried to contact the exploiter to offer the "maximum bounty", which is apparently $250,000. Tempting, I'm sure.

People begin creating IP-harvesting NFTs to highlight the vulnerabilities in marketplaces and wallets

IP gathering NFT titled "Random 1". The image data shows text reading: "Latest IP logged: 108.62.52.135 Total visitors logged: 12643"IP gathering NFT on OpenSea (attribution)
MetaMask acknowledged a week ago that they'd failed to address an IP leakage "issue has been widely known for a long time". The issue is present in many NFT marketplaces and wallets, including both MetaMask and OpenSea, and presents potential privacy concerns for anonymous collectors or anyone concerned about potentially having their IP (and as a result, often geolocation information) exposed to any NFT creator. Some researchers and engineers have begun creating NFT projects that gather IPs and display them back to the viewers, as a way to highlight the vulnerability.

This is as good a time as any to remind you to use a VPN! Mullvad is a particularly good pick (#NotAnAd).

Following the Wonderland protocol disaster earlier this week, it is revealed that the pseudonymous chief developer has a long history of financial crimes and shady businesses

Sifu, the pseudonymous chief developer of the Wonderland protocol, was revealed to be Michael Patryn, previously known as Omar Dahani. Patryn was a co-founder of the Canadian exchange, QuadrigaCX, which stole $169 million in customer funds. In the mid-2000s, Patryn admitted to several crimes including credit fraud, theft, bank fraud, and burglary.

Wonderland founder Daniele Sestagalli had also been kept in the dark about the identity of his collaborator until finding out about a month ago. He opted to keep this information to himself, and claims it was because he believes in second chances. After the information became public, Sestagalli began a vote on whether Patryn should be replaced.

Melania Trump apparently wash trades her own NFT

Watercolor painting of a side profile of Melania Trump wearing a white brimmed hatWatercolor associated with the NFT (attribution)
Melania Trump launched a new NFT in January, following her December unveiling of the series. The January NFT involved a white hat that Ms. Trump wore during a state visit, as well as a watercolor painting of her wearing it. The press release announcing it also announced that the opening bid would be "the equivalent of $250,000", or around 1,800 SOL. Ultimately the auction drew only a few bids, all around the starting price. A Vice investigation subsequently found that the winning buyer bought the NFT with funds that came from the same address that had created the NFT to begin with. Pesky public transaction records...

Creators of the play-to-earn game "Mercenary" rug pull for more than $760,000

Mercenary was a short-lived play-to-earn game that promised "innovative tokenomics, to ensure the stability and longevity of the game's economy". The project had invested heavily in advertising on Twitter and in cryptocurrency outlets like BSC News to attract new players. It launched only a week before the developers rug-pulled on January 27, draining more than $760,000 and deleting the project's website and social media.

New Zealand auction house Webb's invites buyers of historic glass negative and associated NFT to "make it permanently digital" by smashing the plate after they buy it

Black and white photograph of artist Charles Goldie standing at an easel"Charles Frederick Goldie at His Easel" (attribution)
New Zealand auction house Webb's is selling the original glass plate negatives of two photographs taken of artist Charles Goldie sometime between 1910 and 1920. The sale also includes an NFT of a print of the photo (although the listing seems more excited about the NFT than the negative: "The purchaser of the NFT will also receive a framed contact print of the image and the original glass plate negative in a custom-built pine box"). In a bizarre move, Webb's decided to sell the glass plate along with a small brass hammer. Head of art at Webbs, Charles Ninow, said, "Perhaps you might want to make it permanently digital. Smash it? Smash it."

Sports fans face losses as IQONIQ platform liquidates and token value plummets

"Fan engagement blockchain platform" IQONIQ went into liquidation late January 2022, taking down its token sale platform and crashing the value of the fan-owned coin by over 90%. The platform had major sponsorship deals with multiple Formula 1 teams, European soccer clubs, and the Spanish La Liga league, which it owes €820,000 ($914,500). The collapse of such a major and highly-visible platform led the Football Supporters' Association to call for more regulations on cryptocurrency platforms.

"Let's Go Brandon" coin suddenly drops 50% in value

Chart showing the sudden drop in price$LGB price drop (attribution)
The "Let's Go Brandon" $LGB coin tied to NASCAR driver Brandon Brown, and created as an apparent way to support "the American dream" and stick it to Joe Biden (somehow), suddenly dropped 50% in value. This appeared to be the death knell of a coin that had been dropping precipitously since the early January announcement by NASCAR that they would be rescinding their approval for LGBcoin to sponsor Brown.

WeGro token plunges in value as its developer apparently drains 1,000 BNB ($378,000)

Widget on WeGro website, reading "WeGro is live WEGRO has launched Thursday 16th December at 5pm EST." and showing an embedded chart of the token price showing it dropping to near zero.Widget on the Wegro website (attribution)
WeGro, a project to allow "everyone to safely participate in the hemp and cannabis industry through the supply chain", saw its token tank in price as the deployer drained 1,000 BNB ($378,000) from the pool in what certainly looked like a rug pull.

"MetaSlave" project tries to sell NFTs of Black people

Meta Slave Twitter account, which features a collage of Black faces. The description reads, "In creating our project, we wanted to show that everyone is a slave to something. A slave to desires, work, money, etc."Meta Slave Twitter account (attribution)
A project called "Meta Slave" launched, offering NFTs made from photographs of Black people (all apparently algorithmically-generated). Backlash was swift and intense, and the project has tried several times to respond: first by claiming that they are trying to support Black Lives Matter and honor George Floyd (much like the "Floydies" project in December), then rebranding to "Meta Humans" and throwing a couple photos of white and Asian people into the collection. The project has, thankfully, not enjoyed much success. I, for one, think it's likely to be a troll project by 4channers, but who's to say.

Investors suffer enormous losses as "cascading liquidations" tank the Wonderland protocol token price below its supposed intrinsic value

Three-day price graph of the $TIME token, showing a precipitous drop and then volatile activity3-day value of $TIME in USD (attribution)
The broader decline in cryptocurrency prices triggered "cascading liquidations" in the Wonderland defi project, which is a fork of the "it might be a ponzi" OlympusDAO project. This dropped the value of the project's $TIME token nearly 50%, from around $780 to about $415 in the span of only two hours. This followed a decline of 91% over the past few months, as the token dropped from its November all-time-highs of around $14,000. According to CryptoBriefing, "Due to the disproportionately high leverage many TIME holders take on, the broader drop in crypto valuations has hit the Wonderland protocol harder than most."

The $TIME tokens are issued against a set of assets that supposedly give the token an intrinsic value, and if the price drops below the backing price, the protocol uses the assets in their treasury to buy back the token to bring it back up to its "fair value". In the day following the crash, the protocol's founders spent several million dollars in buy-backs, which briefly boosted the token back up to trading at around $600.

The project's team reportedly suffered major liquidation losses themselves, with the founder Daniele Sestagalli losing $15 million and the chief developer "0xSifu" losing $1.6 million. Sestagalli briefly caused panic in the community when he set his 300,000+ follower Twitter account to private after tweeting "Dude I just woke up losing 10 m dollars", but set the account back to public shortly after. He retweeted a thread stating that "the internal struggle for growth is cut short by the willingness of some entities to 'eat' all that they'r able to, instead of 'cultivating' and sharing what would be exponential profits in the future."

Promised NFT game "Blockverse" rug pulls 500 ETH ($1.2 million)

A Minecraft character with turquoise skin, four eyes, a hawaiian style shirt, and dark blue pantsBlockverse #8272 (attribution)
Blockverse, a project that promised to build a play-to-earn game on top of Minecraft, rug pulled two days after launch. The initial NFT collection sold out in only eight minutes, even though the project creators hadn't even begun to develop the game they were promising. When the creators rug pulled, they took the 500 ETH ($1.2 million) and deleted the project website and Discord server.

John Lennon's son is delighted to be able to "auction off" items from his private Beatles collection without actually, you know, selling anything

Photograph of John Lennon's yellow and white-fur-trimmed jacket from the Magical Mystery Tour filmJohn Lennon's Magical Mystery Tour jacket (attribution)
Julian Lennon maintains a private collection of Beatles memorabilia, including clothing worn by his late father John Lennon, and other items from other members of the band. He announced plans to sell each item as "an audio/visual collectible, with a personal narration from Julian", but the announcement notes that "the items themselves are not up for auction... Lennon will continue to own the only physical counterpart". Starting prices for each item range from $4,000 to $30,000.

Lennon said, "I've been collecting these personal items for about 30 years, and I was getting a bit fed up with them being locked away in a vault, where I've had to keep them because I didn't want them to get damaged... I actually felt very bad about keeping all that stuff locked away." Apparently photographing the items and displaying them digitally somehow was not possible until NFTs came along?

"Now go back to flip more burgers you lazy fvçk!" Nayib Bukele continues horrify those who come across his tweets and realize he's not just a Bitcoin bro but the president of an entire country

Tweet from Nayib Bukele: "Most people go in when the price is up, but the safest and most profitable moment to buy is when the price is down. It’s not rocket science (Man shrugging emoji) So invest a piece of your McDonald’s paycheck in Bitcoin. Now go back to flip more burgers you lazy fvçk!"Tweet by Nayib Bukele (attribution)
El Salvadoran president Nayib Bukele gives us Americans a painful reminder of having a president who truly cannot be trusted with the reins of a country, much less a Twitter account. On January 24, with Bitcoin prices tanking, Bukele tweeted, "Most people go in when the price is up, but the safest and most profitable moment to buy is when the price is down. It's not rocket science. So invest a piece of your McDonald's paycheck in Bitcoin. Now go back to flip more burgers you lazy fvçk!"

Naturally, he failed to mention the nearly 1,000 Bitcoin that he had purchased with taxpayer money since September 2021 at times that Bitcoin was above $50,000.

OpenSea users lose a collective $1.8 million to an issue allowing people to buy NFTs at low prices from old OpenSea listings the sellers thought they'd deleted

Bored Ape illustration: light brown ape with a laurel crown, coins over its eyes, and an army jacket on a light blue background.Bored Ape #9991 (attribution)
A horrified (former) owner of a Bored Ape tweeted that his NFT had just unexpectedly sold for a measly 0.77 ETH (about $1,700) and that "I cant financially afford that loss". The purchaser netted a handsome profit by quickly reselling the NFT for 84.2 ETH ($190,000). It appears that the buyer took advantage of the fact that they could still purchase NFTs that had previously been listed for sale at a lower price, even once the owner thought they had removed the listing. In about 90 minutes, the person was able to exploit the issue by buying and selling several different NFTs for a total profit of about $880,000.

A software engineer investigating the incident attributed it to OpenSea's choice to do many of their operations off-chain to save on the expensive gas fees required for any Ethereum blockchain transaction, saying this introduced a disparity where updates were not reflected on-chain. Another person investigating the apparent issue reported that this looked to be the same "glitch" as earlier this month, where users tried to avoid paying the gas fees to delist their NFT sales by swapping them out of their wallet and back again, not realizing the listing would still be active when the NFT was returned.

OpenSea added an "Inactive listings" page to allow people to view listings that are still associated with NFTs that have been transferred out of the wallet, though the feature doesn't seem to have been widely publicized and it's not clear when it was released. They also later reimbursed users who suffered losses from this exploit, to the tune of about $1.8 million.

Solfire Finance rug pulls for $4.8 million

The Solana-based asset management protocol Solfire attracted users with its promises of over 500% APY. Partnerships and mentions from other prominent Solana projects helped the project earn legitimacy, and they enjoyed over $12 million TVL at the project's peak.

However, on January 23, the project developers drained around $4.8 million from the project before deleting the project's website and social media accounts.

Co-founder of the team behind CryptoPunks v2 sells all 40 of his v1 Cryptopunks shortly before the team announces they view them as worthless

A pixel art character with pale skin and black hair on a purple backgroundV1 Punk #7276 (attribution)
The enormously popular Cryptopunks project, created by the LarvaLabs group, is actually on its second version. A bug in the original smart contract allowed users to retrieve their money after buying the original NFT, allowing people to "steal" the v1 NFTs, and so the project largely faded into obscurity in favor of the patched version 2. However, recently the NFT marketplace LooksRare allowed a project where people "wrap" their original punks and can trade them properly without encountering the bug. This apparently didn't go over so well with LarvaLabs: on January 31, the project tweeted, "PSA: 'V1 Punks' are not official Cryptopunks. We don't like them, and we've got 1,000 of them... so draw your own conclusions." However, @NFTethics noticed that one of the LarvaLabs founders sold all 40 V1 punks that he owned between January 23 and 25. Trading them shortly before the project released the tweet declaring they viewed them as worthless sure looks a lot like insider trading. The trades earned the founder a handsome total of 260 ETH (about $625,000). Fortunately for buyers of the wrapped V1 punks, LarvaLabs' announcement doesn't appear to have impacted trading price very much.

A surgeon tries to sell an NFT of an x-ray of a terror attack victim without the victim's consent

French surgeon Emmanuel Masmejean minted an NFT of an x-ray image of a bullet embedded in the fractured forearm of a person who was shot in the November 2015 Paris Bataclan attack. The NFT, which was listed on OpenSea for a starting price of around $2,800, was created without the consent of the victim. The doctor quickly took down the listing after it was noticed by media, and the head of Paris's public hospital system announced that the doctor would be facing criminal and professional complaints.

A conservationist and wildlife photographer decides the way to battle people "exploiting nature for personal gain" is by minting NFTs on the Ethereum blockchain

A photograph of a gorilla"Congo" NFT from the collection (attribution)
Conservationist and wildlife photographer George Benjamin tweeted about his new project, "The NFT Conservation Fund". "Over the last decade I've seen first-hand the devastation that our Earth is currently enduring, oftentimes feeling completely helpless," he writes. The project involves minting NFTs of his wildlife photography on the notoriously high-emissions Ethereum blockchain, and then contributing a measly 15% of profits to... get more wildlife photographers to do the same. Good news, though — the paper on which the limited-edition prints will be printed is "Forest Stewardship Council-approved"!

NFT creators announce an NFT collection to "honor" Kurt Cobain

A black and white photo of Cobain singing and playing guitar, with another guitarist next to himOne of the NFTs (attribution)
An NFT group announced that they'd be releasing NFTs created from photographs of a 1991 Nirvana show they performed shortly before Nevermind rose to popularity. The NFTs go on sale on what would have been Kurt Cobain's birthday if he was still alive. The creators say they seek to "honor" Cobain by releasing these NFTs, which makes you wonder if they've ever heard Cobain speak before.

Investors on Solana-based defi platforms experience mass liquidations caused by yet another outage

Tweet from aeyakovenko: "lol" with a screenshot of a spike in network trafficAnatoly Yakovenko's tweet during the outage (attribution)
Solana was so overloaded with bot transactions that users couldn't transact. As the cryptocurrency market in general continued to tank, users rushed to top up the collateral they had provided to keep their loans from being liquidated and found they couldn't get the transfers to go through. One user reported spending eight hours trying unsuccessfully to add collateral, before eventually getting liquidated and losing 500 SOL (about $47,500). It took Solana 24 hours to even identify the cause of the issue, and another 24 before they were able to resolve it. Traders watching their loans get liquidated were not impressed when Solana Labs co-founder tweeted "lol", with a screenshot of a Solana node showing high amounts of duplicate packets.

Scammers set up a new server at the URL previously used by Ozzy Osbourne's NFT project, stealing thousands

A brown pixel art bat with a toothy smile and a halo, on a teal backgroundCryptoBat #1783 (attribution)
Ozzy Osbourne's NFT project, CryptoBatz, changed to a slightly different Discord URL ("cryptobatz" rather than "cryptobatznft") some time after the new year. However, they forgot to take down at least one tweet mentioning the previous URL, and scammers were able to set up a new server at that location. Users were instructed to "verify", which redirected them to a phishing site where the contents of their wallets were stolen.

McDonald's steals an artist's work to present to Twitter as a proposed NFT profile picture

Screenshot of a tweet by Sarah Burssty, which has a pixel art version of the Twitter logo and says "you've come to the right place, one ponzi scheme coming up"The original tweet (attribution)
Shortly after rolling out their hexagonal NFT profile pictures, @twitter posted "gm, looking for an nft pfp". The next day, McDonald's German language communications account, @McDonaldsDENews, replied "Say no more!" with attached pixel art of the Twitter bird logo holding a McDonald's bag in its beak. After further investigation, the art was found to be nearly identical to an image from a tweet by @SarahBurssty, which ironically was created to criticize Twitter's support of NFTs.

MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"

Security researchers publicly disclosed a critical privacy vulnerability with the popular cryptocurrency wallet Metamask, where a malicious attacker can easily create an NFT and airdrop it to a victim to obtain their IP address (and thus potentially their location). Metamask founder Dan Finlay acknowledged that "this issue has been widely known for a long time", and that the researchers were "right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it."

Twitter launches special hexagonal NFT profile pictures, so now you don't even have to check a username for ".eth" to know who to avoid

Screenshot of a popup announcing Twitter's NFT support, and showing off the hexagonal profile picturesScreenshot of the Twitter NFT announcement (attribution)
Although NFTs-as-profile-pictures on Twitter is nothing new, Twitter launched a new feature in which users can connect their crypto wallets to verify that an NFT belongs to them. Such verified NFTs will display with a hexagon shape, rather than the standard circle, presumably to differentiate these users from the right-clickers.

OpenSea outage dampens Twitter feature launch, highlights centralization among popular web3 services

Popular NFT marketplace OpenSea suffered an outage that had ripple effects throughout several major services using their APIs, including the browser extension crypto wallet MetaMask. The same day, Twitter announced it was rolling out its support for NFT profile pictures, an announcement that was dampened a bit by collection pages failing to load due to the outage. The widespread effects of the outage highlighted points by many web3 critics, that the ecosystem is hardly as decentralized in practice as it claims to be.

Kingfund Finance rug pulls for $141,000

Kingfund Finance suddenly drained more than 300 WBNB (about $141,000) from their project. This happened a few days after users began to report being blocked by the project's Twitter account and kicked from its Telegram channel for reporting issues with unavailable funds, apparently an attempt to buy time as they prepared for their exit. Around the time of the rug pull, they took their Twitter and website offline.

Multichain publicly announces a vulnerability, and is quickly hacked by attackers using it

Multichain publicly announced a vulnerability that was affecting their tokens, without first notifying users to ask them to remove vulnerable funds. Several hackers quickly exploited the vulnerability, stealing around $3 million from the platform. Security researchers described the saga as "the worst way to treat a vulnerability".

Mastercard spins a partnership with Coinbase as addressing "accessibility" and "inclusivity"

Apparently the real issue with crypto grifts all along has been that it's just too dang hard to put your money into them. Mastercard has shown up to fix that, announcing a new partnership with Coinbase to allow Mastercard holders to buy NFTs on Coinbase's upcoming NFT platform with credit. With just a jaw-dropping attempt at spin, Mastercard wrote in their announcement tweet, "We're working to make NFTs more accessible because we believe tech should be inclusive."

Once popular play-to-earn game BNB Heroes rug pulls after a period of inactivity from the team

Chart showing the value of the BNB Heroes token suddenly droppingBNBHeroToken value (attribution)
The BNB Heroes play-to-earn game apparently rug pulled after a period of inactivity from the development team. The developer drained almost $200,000 from the token pool, plummeting the token value by 65%.

Creator of "MetaBirkins" NFTs writes that he "won't be intimidated" by a trademark lawsuit from Hermès

A rendering of a fuzzy Birkin-styled bag with rainbow-colored abstract flowers on a black background. The bag is sitting on a white museum pedestal.MetaBirkin (attribution)
Mason Rothschild, the creator of "MetaBirkins" NFTs, was the target of a trademark lawsuit by Birkin bag-maker Hermès. The lawsuit came after he ignored a cease and desist from the company over his his 3D renderings depicting and named after the distinctive bags. In a public statement replying to the lawsuit, Rothschild wrote that "I am not creating or selling fake Birkin bags. I've made art works that depict imaginary, fur-covered Birkin bags... I have the right also to use the term 'MetaBirkins' to describe truthfully what that art depicts, and to comment artistically on those bags and on the Birkin brand." So far, the NFT collection has enjoyed about $1.2 million in trading.

I, for one, am very curious to see how the litigation plays out. In the meantime, the Rarible landing page for the connection displays an error message stating, "This user or item has been temporarily blocked from public access".

At least $34 million is stolen from users of Crypto.com

Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The platform restored trading later that day after pushing an update to require their users to re-authenticate their sessions and reset two-factor authentication.

Although some users reported funds missing from their wallets, including one investor who reported that $16.3 million missing, Crypto.com announced that "All funds are safe". Over the next few days this was revealed to be untrue; as of January 20, the total estimated funds stolen from the platform had reached $30 million. Large amounts of stolen funds were quickly laundered through Tornado Cash, a popular crypto mixer.

Mysterious NFT project NotASecretNFT gets people to authorize a shady contract after leaving clear clues to their intentions

An Opensea landing page for the NFT project, showing a collection of black and white imagesNotASecret's Opensea page (attribution)
Enthusiasts rushed to buy NFTs from a project called NotASecretNFT after seeing NFT mega-whale Pranksy buy in, even though the OpenSea description was simply, "1000 secrets, endless lies... Farming $LIES starts 24 hours from mint." After funds were drained from the project, Pranksy tweeted, "Ok you may have seen me buy some NotASecretNFT's from opensea - it looks like this was a rug pull / scam, please do not buy anymore based on my purchases and revert any permissions you may have given". A note in the project's smart contract read, "Hello world, Nothing was intended to be obscured from you, you simply did not follow the clues." In a tweet thread, one buyer explained how he didn't research the project himself, but bought in after seeing an alert that Pranksy had bought NFTs. He ended the thread by writing, "Never buy into hypes and always #DYOR [do your own research]. Lesson learned once more!"

CryptoBurgers play-to-earn game is hacked shortly after launch

The value of the $BURG token associated with the CryptoBurgers game suddenly plummeted after being hacked shortly after launching earlier that day. The game allowed users to earn cryptocurrency by flipping burgers... yes, really. A bug in the smart contract allowed an attacker to use flash loan attacks to drain $BURG, netting them around $770,000 as of that evening. The CryptoBurgers team announced they would be contacting Binance to try to recover funds, and the team would be creating a new smart contract and token. Hope the next one goes better!

SpiceDAO wins a $3 million auction to buy an extremely rare storyboard book of Dune, only to learn that owning a book doesn't confer them copyright

Photograph of the Dune storyboard bookDune storyboard (attribution)
Somehow, SpiceDAO managed to raise €2.66 million (about $3 million) to buy the storyboard for Alejandro Jodorowsky's never-made Dune adaptation. In a celebratory tweet the group wrote, "We won the auction for €2.66M. Now our mission is to: 1. Make the book public (to the extent permitted by law) 2. Produce an original animated limited series inspired by the book and sell it to a streaming service 3. Support derivative projects from the community". They were quickly informed that buying the physical book did not somehow confer to them copyright or licensing rights (much like how buying an NFT does not automatically confer you the rights to the underlying artwork!). You'd think they might have checked that first.

Developer apparently rug pulls two NFT projects at once

A pixel art face wearing a red, white, and black cap, and smoking a pipeMadHasher #0051 (attribution)
Shortly after it was discovered that the images used for the NFT project "InvertedCulture" were nothing more than unauthorized flipped copies from a different NFT project, DNA Cultura, the creator deleted the project's Twitter account and transferred funds out of the project. Simultaneously, another project called "MadHashers" also deleted their Twitter account and drained funds. It didn't take long for people to realize that the money from both projects was going to the same account, suggesting that that the same person was behind both scams.

Chinese police arrest eight people over a $7.8 million rug pull

Eight people were arrested in China after being connected to a rug pull. One investor lost ¥590,000 ($90,000) he had poured into the token in June, when project owners took the website offline and pulled all of the money out. A total of ¥50 million (a bit below $7.9 million) was lost to the scam.

An attacker pulls about 350 ETH from Float Protocol's Rari Capital pool

Lack of liquidity in the Uniswap V3 FLOAT/USDC oracle allowed an attacker to manipulate the prices within the pool, then deposit it at a much higher rate. The hacker pulled about 350 ETH (equivalent to $1.1 million) out of the pool, though according to PeckShield they later returned around $250,000 for some reason.

Voice actor Troy Baker announces his involvement in "voice NFT" project Voiceverse with an antagonistic tweet, shortly before it's revealed that the project stole work

Troy Baker, the voice actor behind video game characters in The Last of Us, Far Cry, and various Batman games, announced he would be partnering with "voice NFT" company Voiceverse. Voiceverse is pretty vague as to what it's actually offering, but it has something to do "provid[ing] you an ownership to a unique voice in the Metaverse". Baker's announcement tweet ended, "You can hate. Or you can create. What'll it be?", which didn't seem to help with the already-negative reaction to the idea. Things were further soured when it was revealed that Voiceverse had stolen work without crediting it from a computer-generated voice project called 15.ai. Voiceverse subsequently apologized for the theft, and Baker acknowledged that his initial tweet "might have been a bit antagonistic".

Token drop for the aptly named WTF token devolves into chaos

fees.wtf, a platform allowing people to see how much money a given cryptocurrency wallet has spent in gas fees, decided it was time to release their own token, and promised to follow it up with NFTs. They tempted people with an initial airdrop, where people recruited their friends in exchange for more "WTF" tokens. However, with a small initial liquidity pool and trading bots quickly entering the fray, enormous volatility led to absolute chaos. Some traders who were unfamiliar with setting up tolerances for slippage found their orders executed for substantially less than expected, with one user trading 42 ETH ($135,000) for what ended up being less than 1¢ of WTF. Edward Ongweso Jr wrote for Vice, "Like so many other crypto projects, it was so poorly planned, capitalized, and executed, that it's almost indistinguishable from a scam."

Global Game Jam plugs their blockchain company sponsor, then tries to scrub mention of it after backlash

Tweet by GlobalGameJam (@globalgamejam): "#GGJ22 primary headline sponsor @TheSandboxGame is a decentralized, community-driven gaming ecosystem where creators can share and monetise voxel assets and gaming experiences on the Ethereum blockchain. Learn more at sandbox.game/en/ and give them a follow! #gamedev"The original tweet (attribution)
Global Game Jam, an annual event where people collaborate to make video games, proudly plugged The Sandbox as their "primary headline sponsor" on Twitter. The Sandbox is a platform for selling game assets on the Ethereum blockchain. After swift backlash, GGJ deleted the tweet and deleted references to blockchains from The Sandbox's description in their sponsor list. Needless to say this didn't go unnoticed, appearing to many as an attempt to deceive their community. GGJ eventually apologized for this action, and dropped The Sandbox as a sponsor.

NFT developers rugpull for a third time, this time with "Big Daddy Ape Club"

A bored-looking ape with protruding fangs, horns, and red spiked wingsBig Daddy Ape Club NFT (attribution)
The creators of "Big Daddy Ape Club" rug pulled shortly after mint, deleting their social media and website and making off with around $1.2 million. The project's creators were reportedly the same as those who'd pulled off the $2 million "Baller Ape Club" rug pull in October 2021, and a $150,000 one before that.