Hackers steal $1.9 million from KLAYswap crypto exchange

Some sophisticated hackers managed a BGP hijack on the servers powering KakaoTalk, a marketing and customer service application used by the South Korean KLAYswap cryptocurrency exchange. The hijacking enabled the hackers to serve malicious JavaScript that allowed hackers to intercept funds as a user initiated a transaction. Over a two-hour period, the hackers stole cryptocurrency totaling ₩2.2 million (about $1.9 million) from 325 customer wallets. The exchange acknowledged the hack the same day, and promised to compensate affected users.

Nike sues StockX for selling unauthorized NFTs of their shoes

A rendering of a card, showing a photograph of a red high-top sneaker. The card has the branding "StockX" on it, as well as "Vault NFT ERC-1155"NFT of a Nike Jordan 1 sneaker (attribution)
Nike filed a lawsuit in New York federal court against StockX, an online reseller that decided to get in on NFTs in January. StockX started selling "NFTs tied to physical products", and say that buyers are also purchasing the "opportunity to take possession of [the corresponding physical item]" at any time". Nike has objected to this, stating that the NFTs infringe their copyright, are likely to cause confusion among customers, and have hurt their reputation. According to the complaint, StockX has already sold more than 500 NFTs of Nike products. The StockX site shows that some Nike NFTs have traded for thousands of dollars. Amusingly, although the NFTs exist on the Ethereum blockchain, "cryptocurrencies are not an acceptable payment method for NFTs at this time" and NFTs can't be transferred or traded outside of the StockX platform. According to their FAQ, "StockX maintains custodial authority of all NFTs traded on the platform".

This lawsuit is somewhat similar to the January lawsuit by Hermés against artist Mason Rothschild, who has been selling "MetaBirkin" NFTs (though MetaBirkins describes itself as an art project, and promises no physical items).

Miami mayor Francis Suarez's MiamiCoin gambit lands the city $5.2 million, investors not so lucky

Miami mayor Francis Suarez eagerly hyped "MiamiCoin" ($MIA), a cryptocurrency created by a private company and not actually controlled by Miami. Suarez appeared on CoinDesk TV to say that MiamiCoin has "been mainstreaming significantly faster than bitcoin", despite trading for pennies, and not being listed on any exchange aside from the Singaporean OKCoin.

On February 2, Suarez excitedly announced that they had received their "first-ever disbursement... totaling $5.25M". He didn't mention that the coin is trading at 90% below its all-time-high and 35% less than its initial price of $0.01. Both the OKCoin exchange and the coin creator previously advertised that buyers could earn "430% APY" by participating in some sort of staking program with the coin. All current holders of the coin, such as the Miamians Suarez encouraged to invest, have lost money even when factoring in staking rewards, says Protos.

Wormhole, a cross-blockchain bridge, is hacked for more than $320 million in one of the largest hacks to date

The Wormhole Network is a blockchain bridge between Solana and various other blockchains, allowing assets to be traded across the different and not otherwise interoperable chains. After an attacker was able to spoof a guardian account, Wormhole was exploited on February 2 for 120,000 wETH, or about $326 million. The network was taken down for maintenance, and Wormhole promised that "ETH will be added over the next hours to ensure wETH is backed 1:1". The parent company of Wormhole, Jump Trading, replaced the funds that had been drained; meanwhile, Wormhole offered a $10 million bounty to try to tempt the attacker into returning the funds. The hack was the fourth-largest cryptocurrency theft of all time, trailing behind the $480 million Mt. Gox theft in 2014, the $547 million Coincheck theft in 2018, and the $611 million Poly Network theft (that was later returned) in 2021.

Game studio behind Worms games series does a quick U-turn on their NFT project after massive backlash

A glittery rainbow worms character, holding some sort of spherical object, on a base that says 'Colonel'MetaWorms NFT (attribution)
Team17, the studio behind the many Worms games, announced their plans for "MetaWorms": NFTs based on the characters from the games. The announcement on January 31 apparently blindsided development teams who've published with Team17 — shortly after the announcement, three teams published statements condemning NFTs. One team, Aggro Crab, also announced they wouldn't be working with Team17 going forward. The three statements also all urged fans not to harass Team17 staff and community managers, with one announcement by Playtonic saying they were "unwittingly affected by NFT announcements". Backlash from fans had been swift and fierce, and in some cases extreme. The following day, Team17 wrote that they were ending the project and "step[ping] back from the NFT space".

HitPiece catches heat for selling song and album NFTs without seeking consent from the artists

Two listings for sale on the HitPiece website: "Tokyo DisneySea Theme Song" and a German-language Star Wars song, "Die Belagerung von Lothal - Teil 2 - Kapitel 6"You have to admit they have guts for so prominently listing stolen IP from the notoriously-litigious Disney (attribution)
The industrial band Choke Chain tweeted, "Yo a bunch of industrial scene acts (including me) have NFTs for sale on the site hitpiece.com I did not put it online and I assume you probably didn't either, fucked up". A look through the site shows that it is chock full of almost certainly unauthorized NFTs of music not just from industrial bands, but from contemporary pop music artists, k-pop groups, Disney, and many others. The group appears to be simply scraping Spotify and publishing everything as NFT auctions.

The project's website writes, "Each time an artist's NFT is purchased or sold, a royalty from each transaction is accounted to the rights holders account." They do not write about how this is supposed to work when the artists have had zero involvement in the NFT being created to begin with, or have no cryptocurrency wallets at all. The FAQ also includes a hilariously handwavy answer to the question most people learning about NFTs have: "What utility does owning an NFT give me?" HitPiece writes, "Artists provide NFT owners access and experiences."

Someone sends COVID-19 NFTs to all ~100,000 active users of the HEN NFT marketplace, whether they want them or not

Screenshot of the SARS-CoV-2 NFT, showing a microscope image of the virus. The description text reads, "SARS-COV-2Ω
Your wallet has been infected by SARS-CoV-2, the virus responsible for COVID-19.

All tezos wallets holding at least 1 non-fungible token from Hic et Nunc have been air-dropped SARS-CoV-2, in an act symbolic of the invasive and ubiquitous nature of the virus and its psychological effects. A total of 96,186 viral copies have been sent to as many wallets.

Whether you believe horse paste is the cure or gas masks are the new normal, everyone has been affected by COVID-19. Now, even the blockchain itself is infected. It is still early in the disease process. Will you cure yourself of SARS-CoV-2 by burning this viral token in an act of communal catharsis? Will you choose to infect others? Or, will you risk the consequences of superinfection with an increasing viral load?

Life is a terminal condition. Act appropriately."SARS-CoV-2 NFT (attribution)
Artist bayneko created and airdropped NFTs of microscope pictures of SARS-COV-2 (the virus that causes COVID-19) to all 96,186 users of Hic et Nunc (HEN) who hold at least one NFT. HEN is an NFT marketplace built atop the Tezos blockchain. The NFT description read, "Your wallet has been infected by SARS-CoV-2, the virus responsible for COVID-19... in an act symbolic of the invasive and ubiquitous nature of the virus and its psychological effects." It cost the creator 1,623 ꜩ (about $5,900) to accomplish — a chunk of change, though considerably less than it would cost on higher-fee blockchains like Ethereum. Users reacting to the airdrop expressed a mixture of interest, confusion, annoyance, fear — some were scared to burn or transfer the NFT because of past NFTs that executed malicious contracts upon being destroyed. Others were unhappy with receiving an unsolicited NFT, which they felt was spammy. Others spoke about how, although this particular project appeared to be a good-faith art project, it illustrated the susceptibility of these systems to spam and abuse, especially on blockhains with lower transaction fees.

About 30 posts in a subreddit about gambling addiction mention crypto in the month of January

Reddit post titled "Crypto casinos have destroyed me": "I’ve struggled with gambling problems for most of my 20s , lost countless pay cheques, got in all kinds of debt, lies etc

I’m in the UK and something called Gamstop was introduced a few years ago which was great, all you had to do was sign up and you would instantly be banned from making an account with any UK governed gambling company. It helped for a long time

THEN I found crypto casinos where there is just no real way of self excluding because of how anonymous it is, and I’m back to square one today after losing all my saving 5k in the space of a few hours

Devastated"Reddit post about crypto casinos (attribution)
Crypto trading and crypto casinos have presented a new challenge to those battling gambling addiction. There are options for problem gamblers who are struggling to stop gambling in the traditional format: many states and countries require traditional casinos to allow individuals to "self-exclude" — that is, ban themselves from gambling at an establishment. Online gambling is more challenging, but there is software like Gamban and GAMSTOP that attempts to restrict access. However, posters in r/problemgambling have discussed the relative ease of finding online and crypto casinos not restricted by the software — particularly easy with cryptocurrency-based platforms because of the anonymity afforded by crypto.

Regardless of whether they are trying to use blocking software or not, some people in the subreddit appear to be struggling with the challenges presented to them by cryptocurrencies. Some speak about gambling in cryptocurrency casinos, while others have realized that the behaviors that many people involved with cryptocurrencies simply refer to as "investing" are actually manifestations of their gambling addiction. One poster wrote, "Realised yesterday whilst out walking my dog that i'd used crypto as a way to satisfy my gambling urges. I've self excluded from gambling sites for a few years now and managed to taper off. Crypto pulled me back in with trading. I was lying to myself that I was 'investing' so its fine which eventually turned into 24/7 chart watching and leverage trades."

The World Wildlife Fund announces their upcoming NFT project... for nature!

The UK branch of the World Wildlife Fund (WWF) announced their upcoming "Tokens For Nature" NFT project, which is meant to support endangered species. The WWF was quick to tout that its project would be eco-friendly because it uses the Polygon blockchain, though commenters were skeptical. One commenter wrote, "This is like if David Attenborough did a piece to camera about his environmental activism while politely snapping swans' necks throughout." Other commenters expressed that it was irresponsible of the WWF to engage with NFTs at all, given the overall environmental damage of the concept, and because it brings more people into a space full of predatory projects. The WWF ended up shuttering the project on February 4, after all the negative feedback.

This was not the WWF's first foray into NFTs — the German arm of the WWF released a "Non-Fungible Animals" NFT project in November 2021, which has enjoyed less than $10,000 in trading volume. It also did't appear to be the only project the WWF UK had planned — their NFT website advertised upcoming collaborations with CyberKongz (built on the Ethereum blockchain) and World of Women (also built on the Ethereum blockchain).

Realux, a project promising to "democratize" and "resolve the wealth gap" in real estate, rug pulls $23,000 only hours after launch

Value of RLX token over time, showing a steady climb and then a sudden crash as liquidity was removed$RLX value over time (attribution)
On January 31, a cryptocurrency project called Realux launched after fanfare from viral tweets and influencer YouTube videos. The project promised to make "real estate open to everyone, at a very low cost in a very easy way" and "resolve, once and for all, the wealth gap by removing all barriers, costs, middlemen, social background, and other limitations". The token enjoyed a fairly steady climb in value over the four or so hours it was active, increasing in value 400% from about $0.00065 to a peak of around $0.0027. The price suddenly crashed to around $0.0003 when the developer sold off 70 million of the RLX tokens, earning a profit of around $23,000. The project also deleted their website, Twitter account, and Telegram channel.

After backlash, Troy Baker announces he will no longer be partnering with the "voice NFT" project Voiceverse

Voice actor Troy Baker faced some backlash in mid-January when he announced that he would be partnering with "voice NFT" project Voiceverse. His antagonistic tweet, that "You can hate. Or you can create." didn't go over so well at the time, and things worsened when it was discovered that Voiceverse had stolen work from another project and used it without credit. On January 31 he apologized again for the antagonistic tweet, and wrote that "After careful consideration, I've decided to not continue the partnership with VoiceVerseNFT". Voiceverse wrote in their own statement that the company had "mutually decided to end [their] partnership with Troy Baker".

All "iloveponzi"'s apes gone! Veteran hacker makes $700,000 stealing and flipping big name NFTs

A brown ape with Xs over its eyes and rainbow-colored teeth, wearing an orange slouchy beanie and a purple and orange fur coat.Bored Ape #7985 (attribution)
NFT collecter "iloveponzi", aka Larry Lawliet, apparently authorized what he thought was a legitimate application to access his NFT wallet. Unfortunately for him, he had actually authorized another person to transfer all his NFTs: one Bored Ape, five Mutant Apes, and one Doodle. The hack, which affected iloveponzi and several others, was made possible after the Discord for the "Moshi Mochi" NFT project was compromised, and the attacker sent out an "official announcement" for a final round of NFT minting that actually enabled them to steal NFTs. The attacker then flipped the NFTs for a total profit of a little less than $700,000. Iloveponzi said they believed that the attacker could've sold the NFTs for millions (though they admittedly have a vested interest in the NFTs sounding valuable). Iloveponzi also said they believe the hacker just sold quickly and cheaply to try to beat OpenSea freezing the NFTs, which OpenSea did later do. The hacker appears to be an old hand at shady NFT dealings — although they netted "only" $700,000 from this scam, the wallet used has moved around 600 ETH in total (worth around $1.5 million) through the cryptocurrency tumbler Tornado Cash. Slightly over a month earlier, iloveponzi reported that another of their Bored Apes had been stolen, "because of some coincidences and my carelessness".

Tax season begins to hit crypto Reddit hard

With so many newcomers to cryptocurrencies this year, and the often complex tax situations cryptocurrency trading can create (assuming it's reported at all), some traders are beginning to receive unpleasant surprises in the mail. One Redditor has posted in horror after receiving a letter showing they owe upwards of $100,000 to the IRS.

Questions like "How can crypto be a viable currency if every transaction is taxed?" are beginning to pop up as well, and more than a few commenters have described their plans to not report any of their crypto activity — certainly a wise thing to be discussing on a public Internet forum.

Streamer Ice Poseidon admits to scamming his followers out of $500,000 with his "Cxcoin" made for streamers

Paul Denino, also known as "Ice Poseidon", is a livestreamer, Internet personality, and cryptocurrency enthusiast. In July 2021 he launched Cxcoin, a forked project he said was intended specifically to allow streamers and other content creators to earn money. Denino had said in an earlier video that "the reason why I'm not going to start a cryptocoin is because someone is gonna get fucked, because dude if I see a million dollars, I'm selling, I don't give a fuck. I'm not going to be like 'I'll hold for you guys', bro I see a million dollars in my portfolio, I'm out". He later claimed that he was just joking, though unfortunately this turned out to be exactly what he did (though with somewhat less than a million). Although Denino claimed he was "locked in" for five months, he started draining hundreds of thousands of dollars from the project only two weeks in, which served to tank the token price for remaining holders.

On January 31, 2022, a YouTuber named Coffeezilla released a video in which he confronted Denino about his actions and urged him to return the money to his fans who'd bought in on the project. Denino replied, "I could give the money back, it is within my power, but I am going to look out for myself and not do that." According to Coffeezilla, Denino took a total of $200,000 from the token's presale, $250,000 that was earmarked for marketing, and $300,000 from the liquidity pool. In the end, Denino pocketed around $300,000 and his developers took around $200,000. After realizing that Coffeezilla would be releasing the interview, Denino promised to "use the buyback function to put 155k into the liquidity" — which turned out to mean 155,000 BNB rather than dollars, roughly equivalent to around $40,000.

Someone starts selling colors on the blockchain, because why the hell not I guess

Color swatch of a light cream color, with hex code #F1EECE (spelling "fleece")I wonder if this color is taken (attribution)
As the NFT gold rush continues and people attempt to slap price tags on everything in sight, Omar Farooq detailed his plans to sell colors on the blockchain. He said he will then build a platform where the "owner" of a color gets a cut of platform fees for any NFT using the color (or one close to it). He's offering 10,000 colors for sale at starting prices of $350 a pop, and then building an NFT platform where portions of the platform fees for any NFT sold will go to the "owners" of the closest colors in proportion to how much of the color is used in the image. Why artists would actually choose to buy or sell their artwork on the color-based platform is unclear — novelty value maybe? Its promised platform fee of 2.5% is the same as its popular competitors OpenSea and Rarible.

Qubit continues to try to tempt the attackers who stole $80 million to return it, with increasingly-desperate messages

After a bug in their code allowed an attacker to make off with $80 million, Qubit immediately began trying to contact the exploiter and convince them to return the money. First they wrote that they were "prepared to offer the maximum bounty", which was $250,000, or 0.3% of the amount the attacker had just stolen. The exploiter presumably felt that $80 million was truly the maximum bounty, and didn't take them up on the offer. The next day, Qubit wrote a message asking the exploiter to "negotiate directly with us... if the maximum bounty offer is not what you are looking for". The day after that, Qubit bumped the reward to $1 million (a whole 1.25% of the $80M!) and begged the exploiters to "please consider the big amount of people, families, stories involved in this". On January 30, Qubit announced they would be offering "the highest bounty in history", $2 million (2.5% of $80M), continuing to underscore that they wouldn't seek prosecution if the attacker returned the funds. A number of hours later, Qubit apparently decided to change tactics, writing that they were "developing a website that users can easily search their losses related to the exploit... users can connect their wallets to get documents to report to the police".

Wonderland protocol founder writes that the "Wonderland experiment is coming to an end", despite vote ongoing and majority of participants voting to continue

Charts showing "yes and yes - value of votes" and "yes and no - number of individual votes", showing large amounts of value supporting "yes" whereas total number of votes supporting "no"Comparison of vote value supporting each proposal, vs. individual number of votes (attribution)
The Wonderland protocol had a rough week, first experiencing massive losses in "cascading liquidations" and then the unmasking of the previously pseudonymous lead developer as Michael Patryn, a shady operator with a long history of financial crimes. The project team decided to hold a vote on whether the project should wind down: "giving every wMEMO holder back the funds from the treasury that they are entitled to and declar[ing] the OHM Fork experiment closed". The project leaders wrote that they "strongly believe that this would be the cleanest way of moving forward". The vote began on January 29 and was slated to end on January 31.

By raw numbers it appeared most investors opposed the idea, as many will receive miniscule amounts compared to their initial investments. However, the larger holders (most of whom bought in at low prices) stand to make money from the liquidation and some have supported winding down. Because the DAO voting operates in a plutocratic model, where people can vote based on how many tokens they hold, at one point votes from a relatively small number of whales were trending the vote towards supporting winding down even though 90% of individuals wanted the project to continue. The votes to continue had begun to beat out the votes to wind down when Daniele Sestagalli announced on Twitter on January 30, before the vote's scheduled end, that the "Wonderland experiment is coming to an end."

Ultimately, Sestagalli ended up respecting the wishes of the community, who decided to continue the project despite having lost 90% of their money, presumably in hopes of regaining some of the losses.

Justin Bieber "buys" a Bored Ape for $1.3 million in a deal that is shady in one of two possible ways

A sad bored ape in a black t-shirt on a blue backgroundBAYC #3001 (attribution)
The media went a bit nuts when Justin Bieber reportedly bought a Bored Ape (for several times what it was "worth", for some reason). This served to generate hype for several NFT projects, including Bored Apes, that Bieber has reportedly bought. However, some investigation by @interlunations and Dirty Bubble Media showed that something shady is going on, and neither possibility looks great for Bieber. Either Bieber does own the wallet that spent millions on the Bored Ape NFT and hundreds of others, in which case he was paid more than $2 million by the inBetweeners project — this would mean that inBetweeners lied about not paying influencers to promote their projects, and it would mean that Bieber never disclosed the financial relationship (in violation of FTC rules). If Bieber doesn't own the wallet, then Bieber has lied about owning the Bored Ape he supposedly "bought", as have the projects (though possibly unknowingly) who are generating hype by telling everyone Bieber owns one of their NFTs. The full investigation by Dirty Bubble Media is worth a read.

Trader loses $510,000 trying to convert funds between two currencies

Reddit post titled "Did I just lose half a million dollars by sending WETH to WETH's contract address?" Text: "Please tell me that I didn't :(

https://etherscan.io/tx/0x96a7155b44b77c173e7c534ae1ceca536ba2ce534012ff844cf8c1737bc54921

Edit: Full story. Sent ETH to WETH contract and got WETH back (after some googling I found this is how the contract works). Assumed it works the same way backwards and sent WETH back to the contract. No ETH back. Apparently you have to use a frontend to get the ETH back. ETH lost forever."Reddit post by the trader (attribution)
A trader learned that, in order to exchange Ethereum tokens (ETH) for Wrapped Ethereum (WETH), they should send their ETH to the WETH token contract and receive the WETH in return. Intending to convert WETH back into ETH, they erroneously assumed that it "works the same way backwards". The trader sent 195 WETH ($510,000) to the WETH contract only to find they received no ETH in return, and their money was lost forever.

Transaction history on Etherscan shows they were the 265th person to make this mistake. Most people did so with far smaller amounts of WETH, although another unfortunate trader lost 115 WETH (at the time valued at $360,000) on August 11, 2021. A total of 432 WETH has been irretrievably lost to this contract this way since July 2018 — currently valued at $1.1 million.

Fake Bored Ape project pulls in $17,500 following high-profile endorsement of Bored Apes

OpenSea collection called "Bored Ape Original" using the same icon and header image as the real account. Description says "BAYC is a collection of 10,000 Bored Ape NFTs. Certified by opensea"Fake Bored Ape collection (attribution)
After Paris Hilton and Jimmy Fallon engaged in a frankly bizarre discussion of their beloved Bored Apes on The Tonight Show, a fake projects imitating the Bored Ape Yacht Club began popping up on OpenSea. OpenSea shut down several projects of this type, which each brought in several hundred dollars an hour. One such project was left up for two weeks, duping investors out of nearly $65,000.

Lazy Lion Ape Club rug pulls for 50 ETH ($125,000)

An ape face with a purple and turquoise lion mane, wearing a fedora styl hat and a wide collared shirt. It's grimacing and bubbles are coming out of its ears.LLAC #33 (attribution)
Lazy Lion Ape Club, an NFT project in somewhat resembling the mega-popular Bored Apes, listed their NFTs on OpenSea on January 26. In addition to the NFTs, the project promised to generate passive income for its holders, as well as give them 3D models of their ape/lions to be used in the metaverse. The project leaders managed to generate 50 ETH (about $125,000) in sales before emptying the project of its funds and deleting their website and social media accounts.

Khan Academy charity auction ends in blatant wash trade, and Khan Academy removing several former employees from alumni Slack channel for raising concerns

An illustration of two people looking at a hologram of a sphere"Inspiring Teacher" NFT auction piece (attribution)
Khan Academy, an otherwise excellent non-profit offering online educational tools, announced they would be participating in an NFT charity auction on January 19. The auction featured an NFT playing card by Parallel, a sci-fi card game that requires players to buy packs of cards (NFTs) to play. Like so many blockchain gaming projects, it appears that the actual gameplay doesn't exist yet — somehow that required a $500 million funding round first.

The auction ended on January 21, with a winning bid of 77 ETH (nearly $200,000) from ParagonsDAO, plus the promise of another 34 ETH ($87,000) donation from the DAO to Khan Academy. However, ParagonsDAO is a DAO created specifically to "play a key role in Parallel's governance" and "support the creation of an ecosystem for Parallel to thrive". Former Khan Academy employee S. M. Lundberg raised their concerns about the wash trading, and "KA elevat[ing] Parallel on its own channels to a largely underage and under-resourced user base" in the Khan Academy Slack, and was removed from the channel by Khan Academy founder Sal Khan. At least three other former employees were removed from the channel for criticizing the decision to engage with the NFT project, as was an additional person who protested the removal of those raising concerns.

Although the auction ended with more than $250,000 going to Khan Academy, it is likely that Parallel got the better deal here — Khan Academy is an enormous name to have promoting one's project. Sal Khan actively hyped the project in various spaces, including in an appearance on CNBC's Squawk Box.

87% of trades on LooksRare NFT platform reported to be wash trades

LooksRare, a new NFT marketplace that launched on January 10, has boasted enormous trading volume since day one. It's no secret that wash trading — that is, a user "selling" an NFT to another wallet they also control — is rife on LooksRare. The platform offers token rewards to any users who buy or sell NFTs, which serves to incentivize wash trades, and has taken no action to disincentivize it — in fact, the platform has retweeted another person who described the incentive system (and the wash trading it generates) as "genius". A new report by NFT analytics company CryptoSlam has put some numbers to the scale of wash trading on the platform: $8.3 billion of the platform's $9.5 billion in trading volume to date (about 87%) appears to be from wash trades.

Wash trading is also a widespread tactic in the NFT space to artificially inflate the "value" of an NFT. Because it's relatively easy to create a pseudonymous cryptocurrency wallet, users will "sell" NFTs to themselves for large amounts to create the appearance of higher demand, and to try to convince other would-be buyers that the NFT is more valuable.

After OpenSea begins reimbursing users who lost money due to listings they didn't realize were still available, user "opensee_​will_​refund_​ask_​them" and others continue to exploit the widespread problem

An OpenSea profile named "opensee_will_refund_ask_them"OpenSea account exploiting the issue (attribution)
OpenSea began reimbursing users who lost money earlier this month through what some have described as a bug with the platform, but which others argue is just a misunderstanding on the users' end. People were able to buy NFTs that had previously been listed at much lower prices, even though those listings didn't appear active to the seller anymore, if the seller had failed to properly remove the listing. The buyers were then able to flip the NFTs for massive profits, and OpenSea ended up reimbursing users to the tune of about $1.8 million. However, there are still many NFTs vulnerable to this, and people taking advantage of it, including one user who named their account "opensee_​will_​refund_​ask_​them".

Padawan DAO loses half its treasury through risky money management

Padawan DAO is a project that aims to provide funding to students under 25 to attend blockchain-related events. In early January, the DAO decided to essentially gamble with project funds on the price of Ethereum staying high: they placed the treasury's $150,000 into a collateralized debt position (CDP) for a decentralized stablecoin called DAI. As the crypto market entered a dip, the project's position went underwater and the protocol had to sell 53 ETH ($117,000) to keep the DAI fully backed. The project had been counting on Ethereum not taking a tumble below $2,200, as it did on January 27, which would have allowed them to keep their 53 ETH and cash out their DAI. Since this didn't happen, the project found itself with their budget halved.

OpenSea announces limits on free NFT minting, then reverses the decision the same day, after revealing that more than 80% of the items created through the feature were plagiarized, fake collections, or spam

On January 27, OpenSea announced a limit of five collections and 50 items per collection, after discovering that "over 80% of the items created with [their free minting tool] tool were plagiarized works, fake collections, and spam". The decision came without warning to creators, some of whom were in the process of minting items for collections that had already promised more than 50 items, and suddenly unable to complete the collections. Later that day, OpenSea announced that they had reversed the decision, saying they "should have previewed this with you before rolling it out".

Attacker exploits a bug in Qubit Finance allowing them to mint unlimited collateral and drain the platform of $80 million

An attacker exploited a bug in Qubit Finance, a decentralized lending platform. The bug allowed them to call the "deposit" function without actually depositing any funds. This enabled the attacker to mint 77,162 xETH collateral, which they exchanged for BNB worth nearly $80 million. The platform has said they have tried to contact the exploiter to offer the "maximum bounty", which is apparently $250,000. Tempting, I'm sure.

People begin creating IP-harvesting NFTs to highlight the vulnerabilities in marketplaces and wallets

IP gathering NFT titled "Random 1". The image data shows text reading: "Latest IP logged: 108.62.52.135 Total visitors logged: 12643"IP gathering NFT on OpenSea (attribution)
MetaMask acknowledged a week ago that they'd failed to address an IP leakage "issue has been widely known for a long time". The issue is present in many NFT marketplaces and wallets, including both MetaMask and OpenSea, and presents potential privacy concerns for anonymous collectors or anyone concerned about potentially having their IP (and as a result, often geolocation information) exposed to any NFT creator. Some researchers and engineers have begun creating NFT projects that gather IPs and display them back to the viewers, as a way to highlight the vulnerability.

This is as good a time as any to remind you to use a VPN! Mullvad is a particularly good pick (#NotAnAd).

Following the Wonderland protocol disaster earlier this week, it is revealed that the pseudonymous chief developer has a long history of financial crimes and shady businesses

Sifu, the pseudonymous chief developer of the Wonderland protocol, was revealed to be Michael Patryn, previously known as Omar Dahani. Patryn was a co-founder of the Canadian exchange, QuadrigaCX, which stole $169 million in customer funds. In the mid-2000s, Patryn admitted to several crimes including credit fraud, theft, bank fraud, and burglary.

Wonderland founder Daniele Sestagalli had also been kept in the dark about the identity of his collaborator until finding out about a month ago. He opted to keep this information to himself, and claims it was because he believes in second chances. After the information became public, Sestagalli began a vote on whether Patryn should be replaced.

Melania Trump apparently wash trades her own NFT

Watercolor painting of a side profile of Melania Trump wearing a white brimmed hatWatercolor associated with the NFT (attribution)
Melania Trump launched a new NFT in January, following her December unveiling of the series. The January NFT involved a white hat that Ms. Trump wore during a state visit, as well as a watercolor painting of her wearing it. The press release announcing it also announced that the opening bid would be "the equivalent of $250,000", or around 1,800 SOL. Ultimately the auction drew only a few bids, all around the starting price. A Vice investigation subsequently found that the winning buyer bought the NFT with funds that came from the same address that had created the NFT to begin with. Pesky public transaction records...

Creators of the play-to-earn game "Mercenary" rug pull for more than $760,000

Mercenary was a short-lived play-to-earn game that promised "innovative tokenomics, to ensure the stability and longevity of the game's economy". The project had invested heavily in advertising on Twitter and in cryptocurrency outlets like BSC News to attract new players. It launched only a week before the developers rug-pulled on January 27, draining more than $760,000 and deleting the project's website and social media.

New Zealand auction house Webb's invites buyers of historic glass negative and associated NFT to "make it permanently digital" by smashing the plate after they buy it

Black and white photograph of artist Charles Goldie standing at an easel"Charles Frederick Goldie at His Easel" (attribution)
New Zealand auction house Webb's is selling the original glass plate negatives of two photographs taken of artist Charles Goldie sometime between 1910 and 1920. The sale also includes an NFT of a print of the photo (although the listing seems more excited about the NFT than the negative: "The purchaser of the NFT will also receive a framed contact print of the image and the original glass plate negative in a custom-built pine box"). In a bizarre move, Webb's decided to sell the glass plate along with a small brass hammer. Head of art at Webbs, Charles Ninow, said, "Perhaps you might want to make it permanently digital. Smash it? Smash it."

Sports fans face losses as IQONIQ platform liquidates and token value plummets

"Fan engagement blockchain platform" IQONIQ went into liquidation late January 2022, taking down its token sale platform and crashing the value of the fan-owned coin by over 90%. The platform had major sponsorship deals with multiple Formula 1 teams, European soccer clubs, and the Spanish La Liga league, which it owes €820,000 ($914,500). The collapse of such a major and highly-visible platform led the Football Supporters' Association to call for more regulations on cryptocurrency platforms.

"Let's Go Brandon" coin suddenly drops 50% in value

Chart showing the sudden drop in price$LGB price drop (attribution)
The "Let's Go Brandon" $LGB coin tied to NASCAR driver Brandon Brown, and created as an apparent way to support "the American dream" and stick it to Joe Biden (somehow), suddenly dropped 50% in value. This appeared to be the death knell of a coin that had been dropping precipitously since the early January announcement by NASCAR that they would be rescinding their approval for LGBcoin to sponsor Brown.

WeGro token plunges in value as its developer apparently drains 1,000 BNB ($378,000)

Widget on WeGro website, reading "WeGro is live WEGRO has launched Thursday 16th December at 5pm EST." and showing an embedded chart of the token price showing it dropping to near zero.Widget on the Wegro website (attribution)
WeGro, a project to allow "everyone to safely participate in the hemp and cannabis industry through the supply chain", saw its token tank in price as the deployer drained 1,000 BNB ($378,000) from the pool in what certainly looked like a rug pull.

"MetaSlave" project tries to sell NFTs of Black people

Meta Slave Twitter account, which features a collage of Black faces. The description reads, "In creating our project, we wanted to show that everyone is a slave to something. A slave to desires, work, money, etc."Meta Slave Twitter account (attribution)
A project called "Meta Slave" launched, offering NFTs made from photographs of Black people (all apparently algorithmically-generated). Backlash was swift and intense, and the project has tried several times to respond: first by claiming that they are trying to support Black Lives Matter and honor George Floyd (much like the "Floydies" project in December), then rebranding to "Meta Humans" and throwing a couple photos of white and Asian people into the collection. The project has, thankfully, not enjoyed much success. I, for one, think it's likely to be a troll project by 4channers, but who's to say.

Investors suffer enormous losses as "cascading liquidations" tank the Wonderland protocol token price below its supposed intrinsic value

Three-day price graph of the $TIME token, showing a precipitous drop and then volatile activity3-day value of $TIME in USD (attribution)
The broader decline in cryptocurrency prices triggered "cascading liquidations" in the Wonderland defi project, which is a fork of the "it might be a ponzi" OlympusDAO project. This dropped the value of the project's $TIME token nearly 50%, from around $780 to about $415 in the span of only two hours. This followed a decline of 91% over the past few months, as the token dropped from its November all-time-highs of around $14,000. According to CryptoBriefing, "Due to the disproportionately high leverage many TIME holders take on, the broader drop in crypto valuations has hit the Wonderland protocol harder than most."

The $TIME tokens are issued against a set of assets that supposedly give the token an intrinsic value, and if the price drops below the backing price, the protocol uses the assets in their treasury to buy back the token to bring it back up to its "fair value". In the day following the crash, the protocol's founders spent several million dollars in buy-backs, which briefly boosted the token back up to trading at around $600.

The project's team reportedly suffered major liquidation losses themselves, with the founder Daniele Sestagalli losing $15 million and the chief developer "0xSifu" losing $1.6 million. Sestagalli briefly caused panic in the community when he set his 300,000+ follower Twitter account to private after tweeting "Dude I just woke up losing 10 m dollars", but set the account back to public shortly after. He retweeted a thread stating that "the internal struggle for growth is cut short by the willingness of some entities to 'eat' all that they'r able to, instead of 'cultivating' and sharing what would be exponential profits in the future."

Promised NFT game "Blockverse" rug pulls 500 ETH ($1.2 million)

A Minecraft character with turquoise skin, four eyes, a hawaiian style shirt, and dark blue pantsBlockverse #8272 (attribution)
Blockverse, a project that promised to build a play-to-earn game on top of Minecraft, rug pulled two days after launch. The initial NFT collection sold out in only eight minutes, even though the project creators hadn't even begun to develop the game they were promising. When the creators rug pulled, they took the 500 ETH ($1.2 million) and deleted the project website and Discord server.

John Lennon's son is delighted to be able to "auction off" items from his private Beatles collection without actually, you know, selling anything

Photograph of John Lennon's yellow and white-fur-trimmed jacket from the Magical Mystery Tour filmJohn Lennon's Magical Mystery Tour jacket (attribution)
Julian Lennon maintains a private collection of Beatles memorabilia, including clothing worn by his late father John Lennon, and other items from other members of the band. He announced plans to sell each item as "an audio/visual collectible, with a personal narration from Julian", but the announcement notes that "the items themselves are not up for auction... Lennon will continue to own the only physical counterpart". Starting prices for each item range from $4,000 to $30,000.

Lennon said, "I've been collecting these personal items for about 30 years, and I was getting a bit fed up with them being locked away in a vault, where I've had to keep them because I didn't want them to get damaged... I actually felt very bad about keeping all that stuff locked away." Apparently photographing the items and displaying them digitally somehow was not possible until NFTs came along?

"Now go back to flip more burgers you lazy fvçk!" Nayib Bukele continues horrify those who come across his tweets and realize he's not just a Bitcoin bro but the president of an entire country

Tweet from Nayib Bukele: "Most people go in when the price is up, but the safest and most profitable moment to buy is when the price is down. It’s not rocket science (Man shrugging emoji) So invest a piece of your McDonald’s paycheck in Bitcoin. Now go back to flip more burgers you lazy fvçk!"Tweet by Nayib Bukele (attribution)
El Salvadoran president Nayib Bukele gives us Americans a painful reminder of having a president who truly cannot be trusted with the reins of a country, much less a Twitter account. On January 24, with Bitcoin prices tanking, Bukele tweeted, "Most people go in when the price is up, but the safest and most profitable moment to buy is when the price is down. It's not rocket science. So invest a piece of your McDonald's paycheck in Bitcoin. Now go back to flip more burgers you lazy fvçk!"

Naturally, he failed to mention the nearly 1,000 Bitcoin that he had purchased with taxpayer money since September 2021 at times that Bitcoin was above $50,000.

OpenSea users lose a collective $1.8 million to an issue allowing people to buy NFTs at low prices from old OpenSea listings the sellers thought they'd deleted

Bored Ape illustration: light brown ape with a laurel crown, coins over its eyes, and an army jacket on a light blue background.Bored Ape #9991 (attribution)
A horrified (former) owner of a Bored Ape tweeted that his NFT had just unexpectedly sold for a measly 0.77 ETH (about $1,700) and that "I cant financially afford that loss". The purchaser netted a handsome profit by quickly reselling the NFT for 84.2 ETH ($190,000). It appears that the buyer took advantage of the fact that they could still purchase NFTs that had previously been listed for sale at a lower price, even once the owner thought they had removed the listing. In about 90 minutes, the person was able to exploit the issue by buying and selling several different NFTs for a total profit of about $880,000.

A software engineer investigating the incident attributed it to OpenSea's choice to do many of their operations off-chain to save on the expensive gas fees required for any Ethereum blockchain transaction, saying this introduced a disparity where updates were not reflected on-chain. Another person investigating the apparent issue reported that this looked to be the same "glitch" as earlier this month, where users tried to avoid paying the gas fees to delist their NFT sales by swapping them out of their wallet and back again, not realizing the listing would still be active when the NFT was returned.

OpenSea added an "Inactive listings" page to allow people to view listings that are still associated with NFTs that have been transferred out of the wallet, though the feature doesn't seem to have been widely publicized and it's not clear when it was released. They also later reimbursed users who suffered losses from this exploit, to the tune of about $1.8 million.

Solfire Finance rug pulls for $4.8 million

The Solana-based asset management protocol Solfire attracted users with its promises of over 500% APY. Partnerships and mentions from other prominent Solana projects helped the project earn legitimacy, and they enjoyed over $12 million TVL at the project's peak.

However, on January 23, the project developers drained around $4.8 million from the project before deleting the project's website and social media accounts.

Co-founder of the team behind CryptoPunks v2 sells all 40 of his v1 Cryptopunks shortly before the team announces they view them as worthless

A pixel art character with pale skin and black hair on a purple backgroundV1 Punk #7276 (attribution)
The enormously popular Cryptopunks project, created by the LarvaLabs group, is actually on its second version. A bug in the original smart contract allowed users to retrieve their money after buying the original NFT, allowing people to "steal" the v1 NFTs, and so the project largely faded into obscurity in favor of the patched version 2. However, recently the NFT marketplace LooksRare allowed a project where people "wrap" their original punks and can trade them properly without encountering the bug. This apparently didn't go over so well with LarvaLabs: on January 31, the project tweeted, "PSA: 'V1 Punks' are not official Cryptopunks. We don't like them, and we've got 1,000 of them... so draw your own conclusions." However, @NFTethics noticed that one of the LarvaLabs founders sold all 40 V1 punks that he owned between January 23 and 25. Trading them shortly before the project released the tweet declaring they viewed them as worthless sure looks a lot like insider trading. The trades earned the founder a handsome total of 260 ETH (about $625,000). Fortunately for buyers of the wrapped V1 punks, LarvaLabs' announcement doesn't appear to have impacted trading price very much.

A surgeon tries to sell an NFT of an x-ray of a terror attack victim without the victim's consent

French surgeon Emmanuel Masmejean minted an NFT of an x-ray image of a bullet embedded in the fractured forearm of a person who was shot in the November 2015 Paris Bataclan attack. The NFT, which was listed on OpenSea for a starting price of around $2,800, was created without the consent of the victim. The doctor quickly took down the listing after it was noticed by media, and the head of Paris's public hospital system announced that the doctor would be facing criminal and professional complaints.

A conservationist and wildlife photographer decides the way to battle people "exploiting nature for personal gain" is by minting NFTs on the Ethereum blockchain

A photograph of a gorilla"Congo" NFT from the collection (attribution)
Conservationist and wildlife photographer George Benjamin tweeted about his new project, "The NFT Conservation Fund". "Over the last decade I've seen first-hand the devastation that our Earth is currently enduring, oftentimes feeling completely helpless," he writes. The project involves minting NFTs of his wildlife photography on the notoriously high-emissions Ethereum blockchain, and then contributing a measly 15% of profits to... get more wildlife photographers to do the same. Good news, though — the paper on which the limited-edition prints will be printed is "Forest Stewardship Council-approved"!

NFT creators announce an NFT collection to "honor" Kurt Cobain

A black and white photo of Cobain singing and playing guitar, with another guitarist next to himOne of the NFTs (attribution)
An NFT group announced that they'd be releasing NFTs created from photographs of a 1991 Nirvana show they performed shortly before Nevermind rose to popularity. The NFTs go on sale on what would have been Kurt Cobain's birthday if he was still alive. The creators say they seek to "honor" Cobain by releasing these NFTs, which makes you wonder if they've ever heard Cobain speak before.

Investors on Solana-based defi platforms experience mass liquidations caused by yet another outage

Tweet from aeyakovenko: "lol" with a screenshot of a spike in network trafficAnatoly Yakovenko's tweet during the outage (attribution)
Solana was so overloaded with bot transactions that users couldn't transact. As the cryptocurrency market in general continued to tank, users rushed to top up the collateral they had provided to keep their loans from being liquidated and found they couldn't get the transfers to go through. One user reported spending eight hours trying unsuccessfully to add collateral, before eventually getting liquidated and losing 500 SOL (about $47,500). It took Solana 24 hours to even identify the cause of the issue, and another 24 before they were able to resolve it. Traders watching their loans get liquidated were not impressed when Solana Labs co-founder tweeted "lol", with a screenshot of a Solana node showing high amounts of duplicate packets.

Scammers set up a new server at the URL previously used by Ozzy Osbourne's NFT project, stealing thousands

A brown pixel art bat with a toothy smile and a halo, on a teal backgroundCryptoBat #1783 (attribution)
Ozzy Osbourne's NFT project, CryptoBatz, changed to a slightly different Discord URL ("cryptobatz" rather than "cryptobatznft") some time after the new year. However, they forgot to take down at least one tweet mentioning the previous URL, and scammers were able to set up a new server at that location. Users were instructed to "verify", which redirected them to a phishing site where the contents of their wallets were stolen.

McDonald's steals an artist's work to present to Twitter as a proposed NFT profile picture

Screenshot of a tweet by Sarah Burssty, which has a pixel art version of the Twitter logo and says "you've come to the right place, one ponzi scheme coming up"The original tweet (attribution)
Shortly after rolling out their hexagonal NFT profile pictures, @twitter posted "gm, looking for an nft pfp". The next day, McDonald's German language communications account, @McDonaldsDENews, replied "Say no more!" with attached pixel art of the Twitter bird logo holding a McDonald's bag in its beak. After further investigation, the art was found to be nearly identical to an image from a tweet by @SarahBurssty, which ironically was created to criticize Twitter's support of NFTs.

MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"

Security researchers publicly disclosed a critical privacy vulnerability with the popular cryptocurrency wallet Metamask, where a malicious attacker can easily create an NFT and airdrop it to a victim to obtain their IP address (and thus potentially their location). Metamask founder Dan Finlay acknowledged that "this issue has been widely known for a long time", and that the researchers were "right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it."