Squiggles project revealed to be part of an NFT scam ring just before launch

3D rendering of a monkey with a banana stuck to its forehead, wearing a yellow hoodieSquiggles NFT (attribution)
A project called Squiggles generated an enormous amount of hype before its launch, with hundreds of thousands of members in its Discord and followers on Twitter. Just before the project launched on February 10 with its whopping 1 ETH initial mint price (around $3,100), a 60-page dossier was published that claimed to expose the people behind the project as the same group who had pulled off a long list of other NFT rug pulls: League of Sacred Devils, League of Divine Beings, Vault of Gems, Lucky Buddhas, Dirty Dogs, Sinful Souls and Faceless. The project, which was expected to generate around $20 million in sales, still enjoyed some trading volume, though YouTuber and crypto scam researcher CoffeeZilla has opined that millions of dollars in trading appears to be the project founders trying to generate hype with shadow wallets. CoffeeZilla also reported on the people behind the scam ring allegedly threatening those who exposed them, promising lawsuits, threatening to publish fake news stories accusing their families of crimes, and even saying they had put out hits on people. OpenSea delisted the project shortly after mint, and as of February 17, the NFTs were selling on the OpenSea alternative LooksRare for 0.1–0.2 ETH (between $280 and $575).

mtgDAO gets a legal notice from Wizards of the Coast, writes that they are "unfairly discriminat[ing] against web3 tech and web3 communities"

The fledgling mtgDAO promised to deliver a "crypto NFT card economy" based around the Magic: The Gathering card game published by Wizards of the Coast. Needless to say, WotC sent them an email to inform them that their "intended use of Wizards' intellectual property, including its trademarks and copyrights, would be unlawful". This prompted mtgDAO to publish a 20-tweet-long thread about "why WotC is ngmi", where they accused WotC of "unfairly discriminat[ing] against web3 tech and web3 communities" by protecting their intellectual property. It's unclear where mtgDAO will go from here — they wrote in the thread that they hope to "help [WotC] see something like mtgDAO, and web3 in general, as an opportunity and not a threat", but I suspect they will not have much luck convincing WotC to let them infringe upon their intellectual property out of the goodness of their own hearts. On February 15 the project said what was already pretty clear: "I don't know shit about copyright law" and that "I'll tell you that mtgDAO NFTs being IP infringement is not intuitive to me."

Security firm forced to publicly disclose issues with Atomic Wallet after they go unaddressed for months

Atomic Wallet is a cryptocurrency wallet that claims to have more than 3 million downloads and advertises that "we provide users with the exceptional safety of their funds". However, an April 2021 audit by the Least Authority security firm "found that the design and implementation of the Atomic Wallet system does not sufficiently demonstrate considerations for security and places current users of the wallet at significant risk." When the Atomic Wallet team returned to the auditing firm in November to show them they'd addressed the issues, Least Authority found that "a significant number of issues and suggestions remain unresolved and that the implementation in its current state continues to be a security risk for users". After the Atomic Wallet team continued to ignore issues raised by the Least Authority team, the security researchers took the last-ditch step of publicly disclosing that there are serious issues with the platform, and recommending that the software not be used. The researchers did not disclose the specific issues they had found, in hopes of avoiding malicious actors exploiting the outstanding bugs.

New York power plant starts mining Bitcoin, increases emissions by 6x

An aerial photo of a power plant, with trees and a lake in the backgroundGreenidge Generation, with Seneca Lake in the background (attribution)
A mostly-dormant coal power plant near Seneca Lake in New York was converted to natural gas in 2017 and began devoting much of its power generation to mining Bitcoin in 2019. The plant went from generating a total of 39,406 tons of carbon emissions in 2019 to generating a total of 243,103 tons in 2020, its first full year mining Bitcoin — the equivalent of the emissions that would be produced to provide electricity to around 35,000 households. The plant was operating at only 13% of its capacity in 2020, but has plans to increase its mining operations. Locals who enjoy Seneca Lake for swimming and other leisure activities have said that, due to the plant, Seneca Lake is now "so warm you feel like you're in a hot tub". This is because the plant circulates around 135 million gallons of water a day from the lake to the cool the plant, outputting water directly into the lake at allowed temperatures up to 86–108˚F (though the plant claims its average outflow temperature is 50˚, only 7˚ warmer than the inflow temperature).

Locals of the area have demanded that the Department of Environmental Conservation review the air emissions permit for the plant rather than renew an old one, which the DEC agreed to do, though they have delayed a new decision until March 31. Many pressing for permit review were unhappy with the delay, with the Seneca Lake Guardian reporting, "This delay from the DEC is not benign... Every day that Gov. Hochul and Commissioner Seggos drag their feet on this (permitting) decision is another day for Greenidge to continue expanding operations."

On June 30, regulators denied Greenidge's request to renew their permit.

Hackers take more than $10 million from defi project Dego Finance

Hackers drained more than $10 million from the project Dego Finance. This also plunged the value of the project's $DEGO token by about 78%. Dego claims that the hackers compromised the keys to the address providing liquidity on UniSwap and PancakeSwap. Dego, which is a decentralized finance project, asked the various major exchanges to step in and prevent trading of the token, a type of intervention by centralized exchanges that is precisely what defi is supposed to prevent from happening.

Creator of Skycoin files lawsuit claiming he was extorted and kidnapped

Brandon Smietana, the creator of the Skycoin cryptocurrency, filed a civil racketeering lawsuit on February 9 against a slew of people. He claims that the people hired to market the coin and redo its website ended up damaging the website to demand ransom payments, and ultimately kidnapped Smietana and his girlfriend, then beat and tortured them for hours until Smietana handed over $360,000 in Bitcoin and Skycoin.

One defendant in the lawsuit has described the suit as "absurd" and "pretty weird", and said that Smietana has "a history of blaming other people for the failure of Skycoin".

Canadian antivaxxers try shilling crypto after failing to fund their trucker protest

A group of protesters gathering outdoors. One is holding a Bitcoin flag, several others hold Canadian flags.Canadian protesters with Bitcoin flag (attribution)
A protest in Canada against COVID-19 vaccine requirements for truckers re-entering the country, known as the "Freedom Convoy" has tried to crowdfund in several ways. A GoFundMe campaign that raised over CA$10 million was taken down after terms of service violations. A campaign on the right-wing favorite GiveSendGo raised over CA$8.2 million, but funds were frozen after an injuction by the Ontario Attorney General. The GiveSendGo platform also catastrophically failed to secure sensitive user data, and suffered a huge leak of donor data including scans of passports and drivers licenses, which is being made available to journalists and researchers by the inimitable DDoSecrets.

The protesters eventually turned to Bitcoin and other cryptocurrencies for crowdfunding, even appointing a "Bitcoin team lead" who rambled on in a livestream about not "being shackled by the censorship put in place by our legacy financial system", much to the confusion and annoyance of some viewers. One commenter asked, "Are we at a press conference for Freedom Convoy 2022 or having some guy shove Bitcoin down our throats?" As of February 9, the group claims to have raised $300,000 in Bitcoin, and $500,000 in other cryptocurrencies.

Baby Musk Coin rug pulls after a $2 million January ICO

Illustration of a baby that looks like Elon Musk on a yellow coinBaby Musk Coin illustration (attribution)
The Baby Musk Coin memecoin launched in January, promising to "revolutionize the meme industry". The coin enjoyed a $2 million ICO the previous month, despite warnings from observers who noticed the coin couldn't be sold, and who described it as a honeypot. Sure enough, on February 9, the project developers suddenly transferred 1571 BNB out of the project and quickly mixed it using Tornado Cash, earning a tidy profit of around $653,300. The sudden sell-off crashed the coin value to 0, leaving remaining holders with a worthless coin they were unable to sell. Developers took down the project website, Twitter account, and even their "Baby Musk dance video".

Samsung launches environmental sustainability-themed metaverse scavenger hunt where people plant virtual trees and earn NFTs

A 3D man stands in a virtual forest"Sustainability Forest" in the metaverse (attribution)
Samsung launches a "sustainability-themed quest" on their "Samsung 837X" Decentraland metaverse project, where they invite characters to hunt for "recyclable product boxes", plant trees in the (virtual) forest, and earn NFT badges.

The press release doesn't happen to mention that the Decentraland project is built on Ethereum, which was at the time a proof-of-work blockchain that used over 100 TWh of electricity per year — around the same amount as countries like the Netherlands or Finland.

The BBC publishes (and then deletes) a puff piece on a "self-made crypto-millionaire giving back" without mentioning his scam coin

Photograph of a man holding a laptop while standing in front of a MercedesHanad Hassan (attribution)
The BBC featured an article on their homepage about Hanad Hassan, "a 20-year-old who made millions trading cryptocurrency [who] is set to open a food bank to give back to his community." They mentioned that "he and his friend ... set up a special cryptocurrency together, donating all the profits to charity." What the BBC failed to note was that the project, Orfano, was apparently a scam — after the project launched and received investments, the duo shut it down and took the money. The BBC took their article down without explanation shortly after publishing, though it is still accessible via the Internet Archive. The BBC had also originally announced that there would be a 30-minute feature on the man on their BBC One channel running later that day, but replaced it with a different segment.

Someone appears to trade on insider knowledge of Coinbase listings

In early February, Coinbase listed the Aventus token ($AVT) on its exchange and added support for Pawtocol ($UPI). Shortly before these announcements, someone created a new crypto wallet and spent more than $350,000 buying AVT. The listing news didn't result in much of a price bump for AVT, so the trader tried again — cashing out the AVT and putting it into UPI in advance of that announcement. They found success with this trade, ultimately making a profit of around $734,000. The timing of the trades, combined with the relatively unknown nature of $AVT prior to the announcement, strongly suggests someone had insider knowledge of the upcoming announcement.

$36 million taken from retirement accounts of IRA Financial customers investing in crypto

IRA Financial, a platform for managing retirement investments, boasts of being "the first self-directed IRA company to allow their clients to invest in cryptocurrencies, such as Bitcoin, directly via a cryptocurrency exchange". Unfortunately, they were probably also the first to have that feature exploited, when an administrator account was apparently compromised and users' funds were transferred out of their connected Gemini accounts. Two days later, IRA Financial publicly acknowledged "suspicious activity that has affected a limited subset of our customers with accounts on the Gemini cryptocurrency exchange". The stolen funds, taken in a mix of Ethereum and Bitcoin, amounted to around $36 million.

Exploit of Superfluid vesting contract nets attacker $8.7 million

A vulnerability in the Superfluid crypto streaming protocol allowed an attacker to drain $8.7 million, affecting projects including Mai Finance, Stacker Ventures, Stake DAO, and the Museum of Crypto Art.

Longstanding British photography institution baits-and-switches investors with NFTs

Twitter account for Art3.io. Description reads, "We are ART3. A better way to discover, collect, buy and sell NFT photographic art."ART3.io Twitter account, formerly the account for the BJP (attribution)
The British Journal of Photography is a magazine and institution within the fine art and documentary photography world dating to 1854. In June 2021, they asked for investments, but were optimistic about the organization's performance, saying that they projected 6x returns over the next four years. They were successful in raising £1.8 million (about $2.4M) in shareholder investment. In November, the organization emailed investors announcing the launch of ART3.io, "our foray into the fast-growing NFT space", but still seemed optimistic about the "game changing opportunity for the business" that it would present.

On February 2, some Twitter users were confused to find themselves suddenly following the Twitter account of an NFT operation, as BJP had taken its existing 250,000-follower Twitter account and rebranded it to "ART3.io" and begun promoting various NFTs with posts of "gm". The primary BJP organization started a new Twitter account, @bjp1854, which had a total of around 1,500 followers. On February 8, investors received an email from BJP announcing the company had been sold, and that they would be paying back shareholders £50,000 of the £1.8 million, a 92% loss.

U.S. Department of Justice arrests duo for trying to launder billions stolen from Bitfinex in 2016

A woman in round sunglasses wearing a shiny gold jacket and a baseball cap that says "#0FCKS" sings with her hands in the airHeather Morgan, aka "Razzlekhan" (attribution)
The U.S. Department of Justice announced that they had arrested a New York couple and seized more than $3.6 billion in Bitcoin that they were allegedly trying to launder. The fortune was a portion of what was stolen in the 2016 Bitfinex breach, which saw the exchange lose around 120,000 BTC — then valued at around $71 million but worth around $4.5 billion at today's BTC prices. The husband and wife pair, Ilya Lichtenstein and Heather Morgan, both describe themselves as tech entrepreneurs; Morgan also describes herself as a "surrealist rapper", and her work sure is surreal.

News of the arrest came only a week after 20,000 BTC from the Bitfinex hack was observed being moved. Although the DOJ didn't explicitly say that this movement led to the arrest, it seems like a safe bet.

LooksRare team cashes out $30 million in wETH, panicking their community

The team behind LooksRare, an NFT platform known for its enormous proportion of wash trading, cashed out around 10,500 wETH worth around $30 million. They had earned the wETH by staking $LOOKS tokens, the platform's native token. A LooksRare team member explained that "The fact that the team earns WETH has never been a secret", though it certainly seemed to come as a surprise to many in the community.

The discovery of the withdrawal caused panic, with some community members believing it was a sign that the team was rug pulling. Some also questioned the team members' choice to send the funds to a cryptocurrency tumbler, believing this meant they were trying to hide the cash-out from community members. One might understand why they would try to hide it: after the withdrawals became public, the value of the native $LOOKS token crashed around 15%.

More broadly, the fear around the team cashing out illustrates a common belief among some crypto project communities: that if you cash out even some of your holdings, you're not a true believer. A LooksRare team member explained that the team behind the project had "been grinding night and day for 6+ months" without payment and had collectively fronted "more than 7 figures in costs" before the platform launch (reassuring!), and the withdrawal was simply 10+ team members finally receiving payment. Apparently unsatisfied with this explanation, the community tried to demand the team use their wETH to repurchase $LOOKS, though it doesn't appear this has happened.

SuperRare parts ways with its community manager over racist tweets, she hosts a disastrous "apology" Twitter Space

The same week as bigoted tweets from an ENS director Brantly Millegan surfaced, so too did racist tweets by Ashni Christenson, then-community manager for the NFT platform SuperRare. Christenson, who is white, had presented herself as an ally to people of color and other members of marginalized communities in her work with SuperRare. The first tweets to appear were from 2011, where in several instances Christenson used the n-word when quoting rap lyrics. SuperRare quickly announced that they had "parted ways" with her, and Christenson tweeted that she had "stepped down". Unlike Millegan, who doubled down on his statements after they resurfaced, Christenson appeared apologetic for what she had written in the past. She expressed on Twitter: "wish I got the chance to take accountability & talk about this". She apparently decided to try to do so by hosting a Twitter Space, oddly called "a warning to all web3". The Space went well for her in the beginning, with several people speaking up in support of Christenson and condemning SuperRare for the firing, and with Christenson championing a project she led at SuperRare to highlight Black creators and expressing how upset she was over "the situation". Several commenters expressed that they thought this was "cancel culture" at work, and that web3 was supposed to be resistent to "censorship" and "canceling".

However, as the Space continued and amassed several thousand listeners, several Black women stepped up to express that her apologies didn't seem genuine or self-reflective, and that the Space appeared to be little more than an opportunity for other white people in the web3 community to "forgive" her and pat her on the back, as she gained followers throughout. The women who spoke up immediately began to receive extraordinarily racist and threatening mentions and direct messages on Twitter from various people in the Space.

As the Space was ongoing, more of Christenson's past tweets surfaced, several considerably more recent than 2011, and none involving song lyrics: several that were racist towards Mexicans and one that appeared to be questioning the experiences of rape survivors. When one speaker asked how old Christenson had been when she made the 2016 tweets about Mexicans, Christenson initially dodged. When another listener repeated the question she answered that she had been 26, but that research shows that your frontal lobe isn't fully developed until you're 25... or something. As the Space continued, Black web3 community member mec. kindly suggested that Christenson end the Space and take some time to genuinely reflect. As more Black speakers expressed that they felt hurt by Christenson's actions, the Space abruptly ended. Although the Space was being recorded, Christenson took down the recording shortly after.

Another project tries to sell music NFTs without permission from artists

Tweet by NFT Music Stream: "Should you wish for your music to be removed we will honor your wishes and remove it for you, simply email verification@nftmusic.stream We are on YOUR SIDE and are going to flip the industry on it's head by cutting out the middle man & giving control back to you profit wise. (4)"Tweet by NFT Music Stream (attribution)
Following close on the heels of the disaster of an idea that was HitPiece, a new project called "NFT Music Stream" cropped up. Like HitPiece, the project appeared to be scraping Spotify to list music by an enormous number of artists, all apparently without the consent of the musicians. Crypto critics and musicians who questioned the project quickly found themselves blocked.

Also like HitPiece, NFT Music Stream claimed to be doing artists a favor, tweeting, "We are on YOUR SIDE and are going to flip the industry on it's[sic] head by cutting out the middle man & giving control back to you profit wise." They also wrote, "I think a lot of people are missing the point of the project", apparently not understanding why musicians might be less than thrilled to see their work resold without permission.

EarnHub claims they've been hacked for around $284,000

EarnHub, a DeFi platform with its own rap song, suddenly saw 660 wBNB (around $284,000) disappear from their project. EarnHub wrote on Twitter that "A hacker was able to exploit our contracts and steal most of the tokens in certain pools, then sell them, draining our LP." However, blockchain security firm CertiK found in their analysis that the "hack" was likely to be a rug pull.

NFT marketplace Cent shuts down over "rampant" fakes and plagiarism, founder says "I think this is a pretty fundamental problem with Web3"

Cent, the NFT marketplace which sold Jack Dorsey's NFT of his first tweet for $2.9 million, stopped transactions on February 6. The founder explained that people selling NFTs of content they didn't own, copies of other NFT projects, and NFTs resembling securities were "rampant" problems on the platform. "We would ban offending accounts but it was like we're playing a game of whack-a-mole... Every time we would ban one, another one would come up, or three more would come up."

Ubisoft holds internal workshop to address major employee concerns about NFTs, delivers celebratory NFT to employees

Screengrab of an army green baseball capScreengrab of the employee hat NFT (attribution)
Players are not the only ones questioning Ubisoft's decisions to incorporate NFTs into their games (such as their newest Tom Clancy game), though Ubisoft has done little more than brush those aside with statements from executives that players simply "don't get it". Questions and concerns have also been raised by Ubisoft employees, to the point where the company held an internal workshop to address questions like "How can you look at private property, speculation, artificial scarcity, and egoism, then say 'yes this is good, I want that, let's put it in art?'" Bloomberg reported that an internal announcement pertaining to NFTs received hundreds of negative comments from employees.

Meanwhile, Ubisoft announced that they were creating a celebratory virtual hat NFT to gift to their employees in early March, in honor of the opening of the Ubisoft Quartz NFT platform. Maybe just give them a cash bonus next time.

The team behind Doodled Dragons rugpulls again with "Balloonsville", taunts buyers and the NFT platform they used

A blue balloon with a snowman on its head, wearing a grey polo shirt with striped sleevesBalloon #2607 (attribution)
On January 9, the team behind an NFT project called Doodled Dragons made off with $30,000 and wrote that the charity to which they'd promised to donate "will instead now be... my bank account". A month later, the same team rug pulled again with a project called "Balloonsville", this time netting 5,000 SOL (about $590,000). The project had been listed as a "Featured project" on the Magic Eden NFT platform, a popular Solana marketplace. Before deleting their Twitter account, the Balloonsville project posted a series of tweets, including one that read, "all it took was a couple of paid actors, and boom. we did it again. y'all really believe anything nowadays. Magic Eden NFT refund everyone we scammed cause you were too stupid to ask for ID which could've easily shown we were a rug - doodled dragons". The Magic Eden NFT platform did indeed subsequently announce that they would stop allowing anonymous projects to use their platform. The platform also refunded users who sold their Balloon NFTs below the original mint price, though not the users who bought after the mint and later sold at a loss.

UN reports that millions of dollars in stolen crypto have gone towards funding North Korean missile programs

A report by the United Nations identified cyberattacks as an "important revenue source". At least three cryptocurrency exchanges were targeted by North Korean hackers, and a January Chainalysis report suggested that cyberattacks originating from North Korea could have provided the country with as much as $400 million in stolen cryptocurrency.

Contracted developer makes off with all the funds for the Ratz Club NFT project

A pixel art rat wearing a baseball cap and sports jerseyRatz Club NFT (attribution)
Mexican VTuber Zilverk created an NFT project called Ratz Club, built on the Solana blockchain. On February 6, the project announced that a developer they had contracted drained all of the funds from the project wallet. The project lost about 1,300 SOL, or around $140,000. The project announced that Zilverk and another developer would be putting their own money back into the project, and that "you are going to be able to replace your Ratz with a new series of Ratz, all holders will receive the same amount of Ratz they had minted for free. (Since the Ratz you already minted are kinda are useless)."

ENS governance put to the test as a bigoted 2016 tweet from its director of operations resurfaces

Brantly Millegan is the director of operations for the Ethereum Name Service, which is basically a blockchain version of DNS, and is also how some people get their wallet to show up as customname.eth on various web3 projects. His Twitter biography describes him as a "Catholic, husband, father". Someone discovered a 2016 tweet of his, in which he expressed bigoted views about homosexuality and transgender people, and condemned abortion, contraception, masturbation, and pornography. Millegan dismissed the concerns about the tweet, writing, "hey looks like I've got my first mob. nice to see some ppl finally read the first word of my bio." He left the offensive tweet up, and later doubled down in a Twitter Spaces conversation.

On February 6, the ENS community stewards voted to remove Millegan from among them, and the following day the nonprofit behind ENS announced that they had terminated Millegan's contract as director of operations. As of February 7, Millegan still holds the largest share of voting power in the ENS DAO.

Meter Passport, another blockchain bridge, is exploited for $4.3 million

A bug in the Meter Passport smart contract allowed an attacker to pull 1400 ETH (~$4.2 million) and 2 wrapped Bitcoin (~$83,000) from the Meter Passport blockchain bridge. This was the second hack of a blockchain bridge in three days, following the enormous Wormhole Network exploit. Meter urged its users not to trade any meterBNB, which are currently unbacked, and wrote that they were "working on compensating funds to all affected users."

Trader trying to cash out their rewards from a DeFi platform loses more than $35,000 to a Twitter support scammer

A person using the TraderJoe DeFi platform to yield farm encountered issues when trying to "harvest" their rewards. They tweeted at the platform (@traderjoe_xyz) to get support, only to receive a reply from a very similarly-named account (@traderjoe_xyz_) asking them to message them. The trader did so, and when the scammer instructed them to connect their wallet to supposedly help the dev team troubleshoot, they did. When the scam account blocked them, they realized what they had done, and saw that the scammer had drained the holdings in their wallet and liquidated all of their active positions.

The trader reported that they lost more than $35,000. They wrote in a Reddit post, "I was unemployed and literally solely yield farming to hedge my student loan. I deposited almost the same amount of my debt, and was leveraging the fact that the return I was getting was higher than my loan's APR. While trying to earn $8-9 more, I lost $35k and my financial freedom."

Former Gumroad freelancer tweets that he no longer works for the company because the company was planning to get into NFTs, Gumroad founder has a bit of a meltdown

Tweet conversation. First tweet from Jacob van Loon: "your social media presence ranks among some of the worst ive ever seen for a company like yours. never used gumroad, never going to." Tweet reply by Gumroad: "According to your bio's email address, you already have."Tweet by Gumroad (attribution)
Brian Box Brown, an artist who had previously worked for the digital self-publishing platform Gumroad, tweeted that he was ramping up his original art sales because "my former regular freelance employer has let me know they'll be...Embracing NFTs so...we had to part ways." Gumroad founder, Sahil Lavingia, responded on the official 130,000-follower Gumroad Twitter account by sharing what appeared to be private messages between himself and Box Brown, and claiming that Box Brown had only refused to work on NFTs out of a fear of being "canceled" — a claim that apparently missed what appeared to be Box Brown trying to let the founder down gently in a message where he also wrote "I do not want to lose [my job]". Lavingia also lashed out with the Gumroad account at a person who criticized Gumroad's treatment of Box Brown. When the commenter wrote "never used gumroad, never going to", Lavingia appeared to leak private customer data when he replied, "According to your bio's email address, you already have."

By that evening, the tweets attacking their former employee and leaking customer data were all deleted, and the Gumroad account had pinned a tweet saying, "If and when we do anything related to crypto/NFTs, you'll hear it from us first. For now, no plans."

Someone tries to take out a loan against their Bitcoin holdings to get a mortgage, loses over $300,000

A prospective house-buyer wanted to pad their bank account to try to convince their bank to approve them for a mortgage. Their bank didn't consider Bitcoin holdings when evaluating a person's suitability for a mortgage (can't imagine why), and so the person decided to take out a loan on the BlockFi platform, putting up $600,000 worth of Bitcoin as collateral for a $300,000 loan. However, the borrower had bought their Bitcoin from a private source (rather than through one of the major exchanges), and it turned out the Bitcoin had previously come through a cryptocurrency mixer. Because of what BlockFi described to the borrower as "indirect mixing exposure", BlockFi called back the loan and the borrower "lost more than half of [their] BTC holdings, have a huge tax bill, and was screwed out of a fortune".

Even if things had worked out as this person planned, it seems like the bank might have wanted to know where $300,000 suddenly came from, and I don't know how "I took out a sketchy loan against my Bitcoin holdings, which you already don't think can qualify me for a mortgage" would have shaken out.

Hackers steal $1.9 million from KLAYswap crypto exchange

Some sophisticated hackers managed a BGP hijack on the servers powering KakaoTalk, a marketing and customer service application used by the South Korean KLAYswap cryptocurrency exchange. The hijacking enabled the hackers to serve malicious JavaScript that allowed hackers to intercept funds as a user initiated a transaction. Over a two-hour period, the hackers stole cryptocurrency totaling ₩2.2 million (about $1.9 million) from 325 customer wallets. The exchange acknowledged the hack the same day, and promised to compensate affected users.

Nike sues StockX for selling unauthorized NFTs of their shoes

A rendering of a card, showing a photograph of a red high-top sneaker. The card has the branding "StockX" on it, as well as "Vault NFT ERC-1155"NFT of a Nike Jordan 1 sneaker (attribution)
Nike filed a lawsuit in New York federal court against StockX, an online reseller that decided to get in on NFTs in January. StockX started selling "NFTs tied to physical products", and say that buyers are also purchasing the "opportunity to take possession of [the corresponding physical item]" at any time". Nike has objected to this, stating that the NFTs infringe their copyright, are likely to cause confusion among customers, and have hurt their reputation. According to the complaint, StockX has already sold more than 500 NFTs of Nike products. The StockX site shows that some Nike NFTs have traded for thousands of dollars. Amusingly, although the NFTs exist on the Ethereum blockchain, "cryptocurrencies are not an acceptable payment method for NFTs at this time" and NFTs can't be transferred or traded outside of the StockX platform. According to their FAQ, "StockX maintains custodial authority of all NFTs traded on the platform".

This lawsuit is somewhat similar to the January lawsuit by Hermés against artist Mason Rothschild, who has been selling "MetaBirkin" NFTs (though MetaBirkins describes itself as an art project, and promises no physical items).

Miami mayor Francis Suarez's MiamiCoin gambit lands the city $5.2 million, investors not so lucky

Miami mayor Francis Suarez eagerly hyped "MiamiCoin" ($MIA), a cryptocurrency created by a private company and not actually controlled by Miami. Suarez appeared on CoinDesk TV to say that MiamiCoin has "been mainstreaming significantly faster than bitcoin", despite trading for pennies, and not being listed on any exchange aside from the Singaporean OKCoin.

On February 2, Suarez excitedly announced that they had received their "first-ever disbursement... totaling $5.25M". He didn't mention that the coin is trading at 90% below its all-time-high and 35% less than its initial price of $0.01. Both the OKCoin exchange and the coin creator previously advertised that buyers could earn "430% APY" by participating in some sort of staking program with the coin. All current holders of the coin, such as the Miamians Suarez encouraged to invest, have lost money even when factoring in staking rewards, says Protos.

Wormhole, a cross-blockchain bridge, is hacked for more than $320 million in one of the largest hacks to date

The Wormhole Network is a blockchain bridge between Solana and various other blockchains, allowing assets to be traded across the different and not otherwise interoperable chains. After an attacker was able to spoof a guardian account, Wormhole was exploited on February 2 for 120,000 wETH, or about $326 million. The network was taken down for maintenance, and Wormhole promised that "ETH will be added over the next hours to ensure wETH is backed 1:1". The parent company of Wormhole, Jump Trading, replaced the funds that had been drained; meanwhile, Wormhole offered a $10 million bounty to try to tempt the attacker into returning the funds. The hack was the fourth-largest cryptocurrency theft of all time, trailing behind the $480 million Mt. Gox theft in 2014, the $547 million Coincheck theft in 2018, and the $611 million Poly Network theft (that was later returned) in 2021.

Game studio behind Worms games series does a quick U-turn on their NFT project after massive backlash

A glittery rainbow worms character, holding some sort of spherical object, on a base that says 'Colonel'MetaWorms NFT (attribution)
Team17, the studio behind the many Worms games, announced their plans for "MetaWorms": NFTs based on the characters from the games. The announcement on January 31 apparently blindsided development teams who've published with Team17 — shortly after the announcement, three teams published statements condemning NFTs. One team, Aggro Crab, also announced they wouldn't be working with Team17 going forward. The three statements also all urged fans not to harass Team17 staff and community managers, with one announcement by Playtonic saying they were "unwittingly affected by NFT announcements". Backlash from fans had been swift and fierce, and in some cases extreme. The following day, Team17 wrote that they were ending the project and "step[ping] back from the NFT space".

HitPiece catches heat for selling song and album NFTs without seeking consent from the artists

Two listings for sale on the HitPiece website: "Tokyo DisneySea Theme Song" and a German-language Star Wars song, "Die Belagerung von Lothal - Teil 2 - Kapitel 6"You have to admit they have guts for so prominently listing stolen IP from the notoriously-litigious Disney (attribution)
The industrial band Choke Chain tweeted, "Yo a bunch of industrial scene acts (including me) have NFTs for sale on the site hitpiece.com I did not put it online and I assume you probably didn't either, fucked up". A look through the site shows that it is chock full of almost certainly unauthorized NFTs of music not just from industrial bands, but from contemporary pop music artists, k-pop groups, Disney, and many others. The group appears to be simply scraping Spotify and publishing everything as NFT auctions.

The project's website writes, "Each time an artist's NFT is purchased or sold, a royalty from each transaction is accounted to the rights holders account." They do not write about how this is supposed to work when the artists have had zero involvement in the NFT being created to begin with, or have no cryptocurrency wallets at all. The FAQ also includes a hilariously handwavy answer to the question most people learning about NFTs have: "What utility does owning an NFT give me?" HitPiece writes, "Artists provide NFT owners access and experiences."

Someone sends COVID-19 NFTs to all ~100,000 active users of the HEN NFT marketplace, whether they want them or not

Screenshot of the SARS-CoV-2 NFT, showing a microscope image of the virus. The description text reads, "SARS-COV-2Ω
Your wallet has been infected by SARS-CoV-2, the virus responsible for COVID-19.

All tezos wallets holding at least 1 non-fungible token from Hic et Nunc have been air-dropped SARS-CoV-2, in an act symbolic of the invasive and ubiquitous nature of the virus and its psychological effects. A total of 96,186 viral copies have been sent to as many wallets.

Whether you believe horse paste is the cure or gas masks are the new normal, everyone has been affected by COVID-19. Now, even the blockchain itself is infected. It is still early in the disease process. Will you cure yourself of SARS-CoV-2 by burning this viral token in an act of communal catharsis? Will you choose to infect others? Or, will you risk the consequences of superinfection with an increasing viral load?

Life is a terminal condition. Act appropriately."SARS-CoV-2 NFT (attribution)
Artist bayneko created and airdropped NFTs of microscope pictures of SARS-COV-2 (the virus that causes COVID-19) to all 96,186 users of Hic et Nunc (HEN) who hold at least one NFT. HEN is an NFT marketplace built atop the Tezos blockchain. The NFT description read, "Your wallet has been infected by SARS-CoV-2, the virus responsible for COVID-19... in an act symbolic of the invasive and ubiquitous nature of the virus and its psychological effects." It cost the creator 1,623 ꜩ (about $5,900) to accomplish — a chunk of change, though considerably less than it would cost on higher-fee blockchains like Ethereum. Users reacting to the airdrop expressed a mixture of interest, confusion, annoyance, fear — some were scared to burn or transfer the NFT because of past NFTs that executed malicious contracts upon being destroyed. Others were unhappy with receiving an unsolicited NFT, which they felt was spammy. Others spoke about how, although this particular project appeared to be a good-faith art project, it illustrated the susceptibility of these systems to spam and abuse, especially on blockhains with lower transaction fees.

About 30 posts in a subreddit about gambling addiction mention crypto in the month of January

Reddit post titled "Crypto casinos have destroyed me": "I’ve struggled with gambling problems for most of my 20s , lost countless pay cheques, got in all kinds of debt, lies etc

I’m in the UK and something called Gamstop was introduced a few years ago which was great, all you had to do was sign up and you would instantly be banned from making an account with any UK governed gambling company. It helped for a long time

THEN I found crypto casinos where there is just no real way of self excluding because of how anonymous it is, and I’m back to square one today after losing all my saving 5k in the space of a few hours

Devastated"Reddit post about crypto casinos (attribution)
Crypto trading and crypto casinos have presented a new challenge to those battling gambling addiction. There are options for problem gamblers who are struggling to stop gambling in the traditional format: many states and countries require traditional casinos to allow individuals to "self-exclude" — that is, ban themselves from gambling at an establishment. Online gambling is more challenging, but there is software like Gamban and GAMSTOP that attempts to restrict access. However, posters in r/problemgambling have discussed the relative ease of finding online and crypto casinos not restricted by the software — particularly easy with cryptocurrency-based platforms because of the anonymity afforded by crypto.

Regardless of whether they are trying to use blocking software or not, some people in the subreddit appear to be struggling with the challenges presented to them by cryptocurrencies. Some speak about gambling in cryptocurrency casinos, while others have realized that the behaviors that many people involved with cryptocurrencies simply refer to as "investing" are actually manifestations of their gambling addiction. One poster wrote, "Realised yesterday whilst out walking my dog that i'd used crypto as a way to satisfy my gambling urges. I've self excluded from gambling sites for a few years now and managed to taper off. Crypto pulled me back in with trading. I was lying to myself that I was 'investing' so its fine which eventually turned into 24/7 chart watching and leverage trades."

The World Wildlife Fund announces their upcoming NFT project... for nature!

The UK branch of the World Wildlife Fund (WWF) announced their upcoming "Tokens For Nature" NFT project, which is meant to support endangered species. The WWF was quick to tout that its project would be eco-friendly because it uses the Polygon blockchain, though commenters were skeptical. One commenter wrote, "This is like if David Attenborough did a piece to camera about his environmental activism while politely snapping swans' necks throughout." Other commenters expressed that it was irresponsible of the WWF to engage with NFTs at all, given the overall environmental damage of the concept, and because it brings more people into a space full of predatory projects. The WWF ended up shuttering the project on February 4, after all the negative feedback.

This was not the WWF's first foray into NFTs — the German arm of the WWF released a "Non-Fungible Animals" NFT project in November 2021, which has enjoyed less than $10,000 in trading volume. It also did't appear to be the only project the WWF UK had planned — their NFT website advertised upcoming collaborations with CyberKongz (built on the Ethereum blockchain) and World of Women (also built on the Ethereum blockchain).

Realux, a project promising to "democratize" and "resolve the wealth gap" in real estate, rug pulls $23,000 only hours after launch

Value of RLX token over time, showing a steady climb and then a sudden crash as liquidity was removed$RLX value over time (attribution)
On January 31, a cryptocurrency project called Realux launched after fanfare from viral tweets and influencer YouTube videos. The project promised to make "real estate open to everyone, at a very low cost in a very easy way" and "resolve, once and for all, the wealth gap by removing all barriers, costs, middlemen, social background, and other limitations". The token enjoyed a fairly steady climb in value over the four or so hours it was active, increasing in value 400% from about $0.00065 to a peak of around $0.0027. The price suddenly crashed to around $0.0003 when the developer sold off 70 million of the RLX tokens, earning a profit of around $23,000. The project also deleted their website, Twitter account, and Telegram channel.

After backlash, Troy Baker announces he will no longer be partnering with the "voice NFT" project Voiceverse

Voice actor Troy Baker faced some backlash in mid-January when he announced that he would be partnering with "voice NFT" project Voiceverse. His antagonistic tweet, that "You can hate. Or you can create." didn't go over so well at the time, and things worsened when it was discovered that Voiceverse had stolen work from another project and used it without credit. On January 31 he apologized again for the antagonistic tweet, and wrote that "After careful consideration, I've decided to not continue the partnership with VoiceVerseNFT". Voiceverse wrote in their own statement that the company had "mutually decided to end [their] partnership with Troy Baker".

All "iloveponzi"'s apes gone! Veteran hacker makes $700,000 stealing and flipping big name NFTs

A brown ape with Xs over its eyes and rainbow-colored teeth, wearing an orange slouchy beanie and a purple and orange fur coat.Bored Ape #7985 (attribution)
NFT collecter "iloveponzi", aka Larry Lawliet, apparently authorized what he thought was a legitimate application to access his NFT wallet. Unfortunately for him, he had actually authorized another person to transfer all his NFTs: one Bored Ape, five Mutant Apes, and one Doodle. The hack, which affected iloveponzi and several others, was made possible after the Discord for the "Moshi Mochi" NFT project was compromised, and the attacker sent out an "official announcement" for a final round of NFT minting that actually enabled them to steal NFTs. The attacker then flipped the NFTs for a total profit of a little less than $700,000. Iloveponzi said they believed that the attacker could've sold the NFTs for millions (though they admittedly have a vested interest in the NFTs sounding valuable). Iloveponzi also said they believe the hacker just sold quickly and cheaply to try to beat OpenSea freezing the NFTs, which OpenSea did later do. The hacker appears to be an old hand at shady NFT dealings — although they netted "only" $700,000 from this scam, the wallet used has moved around 600 ETH in total (worth around $1.5 million) through the cryptocurrency tumbler Tornado Cash. Slightly over a month earlier, iloveponzi reported that another of their Bored Apes had been stolen, "because of some coincidences and my carelessness".

Tax season begins to hit crypto Reddit hard

With so many newcomers to cryptocurrencies this year, and the often complex tax situations cryptocurrency trading can create (assuming it's reported at all), some traders are beginning to receive unpleasant surprises in the mail. One Redditor has posted in horror after receiving a letter showing they owe upwards of $100,000 to the IRS.

Questions like "How can crypto be a viable currency if every transaction is taxed?" are beginning to pop up as well, and more than a few commenters have described their plans to not report any of their crypto activity — certainly a wise thing to be discussing on a public Internet forum.

Streamer Ice Poseidon admits to scamming his followers out of $500,000 with his "Cxcoin" made for streamers

Paul Denino, also known as "Ice Poseidon", is a livestreamer, Internet personality, and cryptocurrency enthusiast. In July 2021 he launched Cxcoin, a forked project he said was intended specifically to allow streamers and other content creators to earn money. Denino had said in an earlier video that "the reason why I'm not going to start a cryptocoin is because someone is gonna get fucked, because dude if I see a million dollars, I'm selling, I don't give a fuck. I'm not going to be like 'I'll hold for you guys', bro I see a million dollars in my portfolio, I'm out". He later claimed that he was just joking, though unfortunately this turned out to be exactly what he did (though with somewhat less than a million). Although Denino claimed he was "locked in" for five months, he started draining hundreds of thousands of dollars from the project only two weeks in, which served to tank the token price for remaining holders.

On January 31, 2022, a YouTuber named Coffeezilla released a video in which he confronted Denino about his actions and urged him to return the money to his fans who'd bought in on the project. Denino replied, "I could give the money back, it is within my power, but I am going to look out for myself and not do that." According to Coffeezilla, Denino took a total of $200,000 from the token's presale, $250,000 that was earmarked for marketing, and $300,000 from the liquidity pool. In the end, Denino pocketed around $300,000 and his developers took around $200,000. After realizing that Coffeezilla would be releasing the interview, Denino promised to "use the buyback function to put 155k into the liquidity" — which turned out to mean 155,000 BNB rather than dollars, roughly equivalent to around $40,000.

Someone starts selling colors on the blockchain, because why the hell not I guess

Color swatch of a light cream color, with hex code #F1EECE (spelling "fleece")I wonder if this color is taken (attribution)
As the NFT gold rush continues and people attempt to slap price tags on everything in sight, Omar Farooq detailed his plans to sell colors on the blockchain. He said he will then build a platform where the "owner" of a color gets a cut of platform fees for any NFT using the color (or one close to it). He's offering 10,000 colors for sale at starting prices of $350 a pop, and then building an NFT platform where portions of the platform fees for any NFT sold will go to the "owners" of the closest colors in proportion to how much of the color is used in the image. Why artists would actually choose to buy or sell their artwork on the color-based platform is unclear — novelty value maybe? Its promised platform fee of 2.5% is the same as its popular competitors OpenSea and Rarible.

Qubit continues to try to tempt the attackers who stole $80 million to return it, with increasingly-desperate messages

After a bug in their code allowed an attacker to make off with $80 million, Qubit immediately began trying to contact the exploiter and convince them to return the money. First they wrote that they were "prepared to offer the maximum bounty", which was $250,000, or 0.3% of the amount the attacker had just stolen. The exploiter presumably felt that $80 million was truly the maximum bounty, and didn't take them up on the offer. The next day, Qubit wrote a message asking the exploiter to "negotiate directly with us... if the maximum bounty offer is not what you are looking for". The day after that, Qubit bumped the reward to $1 million (a whole 1.25% of the $80M!) and begged the exploiters to "please consider the big amount of people, families, stories involved in this". On January 30, Qubit announced they would be offering "the highest bounty in history", $2 million (2.5% of $80M), continuing to underscore that they wouldn't seek prosecution if the attacker returned the funds. A number of hours later, Qubit apparently decided to change tactics, writing that they were "developing a website that users can easily search their losses related to the exploit... users can connect their wallets to get documents to report to the police".

Wonderland protocol founder writes that the "Wonderland experiment is coming to an end", despite vote ongoing and majority of participants voting to continue

Charts showing "yes and yes - value of votes" and "yes and no - number of individual votes", showing large amounts of value supporting "yes" whereas total number of votes supporting "no"Comparison of vote value supporting each proposal, vs. individual number of votes (attribution)
The Wonderland protocol had a rough week, first experiencing massive losses in "cascading liquidations" and then the unmasking of the previously pseudonymous lead developer as Michael Patryn, a shady operator with a long history of financial crimes. The project team decided to hold a vote on whether the project should wind down: "giving every wMEMO holder back the funds from the treasury that they are entitled to and declar[ing] the OHM Fork experiment closed". The project leaders wrote that they "strongly believe that this would be the cleanest way of moving forward". The vote began on January 29 and was slated to end on January 31.

By raw numbers it appeared most investors opposed the idea, as many will receive miniscule amounts compared to their initial investments. However, the larger holders (most of whom bought in at low prices) stand to make money from the liquidation and some have supported winding down. Because the DAO voting operates in a plutocratic model, where people can vote based on how many tokens they hold, at one point votes from a relatively small number of whales were trending the vote towards supporting winding down even though 90% of individuals wanted the project to continue. The votes to continue had begun to beat out the votes to wind down when Daniele Sestagalli announced on Twitter on January 30, before the vote's scheduled end, that the "Wonderland experiment is coming to an end."

Ultimately, Sestagalli ended up respecting the wishes of the community, who decided to continue the project despite having lost 90% of their money, presumably in hopes of regaining some of the losses.

Justin Bieber "buys" a Bored Ape for $1.3 million in a deal that is shady in one of two possible ways

A sad bored ape in a black t-shirt on a blue backgroundBAYC #3001 (attribution)
The media went a bit nuts when Justin Bieber reportedly bought a Bored Ape (for several times what it was "worth", for some reason). This served to generate hype for several NFT projects, including Bored Apes, that Bieber has reportedly bought. However, some investigation by @interlunations and Dirty Bubble Media showed that something shady is going on, and neither possibility looks great for Bieber. Either Bieber does own the wallet that spent millions on the Bored Ape NFT and hundreds of others, in which case he was paid more than $2 million by the inBetweeners project — this would mean that inBetweeners lied about not paying influencers to promote their projects, and it would mean that Bieber never disclosed the financial relationship (in violation of FTC rules). If Bieber doesn't own the wallet, then Bieber has lied about owning the Bored Ape he supposedly "bought", as have the projects (though possibly unknowingly) who are generating hype by telling everyone Bieber owns one of their NFTs. The full investigation by Dirty Bubble Media is worth a read.

Trader loses $510,000 trying to convert funds between two currencies

Reddit post titled "Did I just lose half a million dollars by sending WETH to WETH's contract address?" Text: "Please tell me that I didn't :(

https://etherscan.io/tx/0x96a7155b44b77c173e7c534ae1ceca536ba2ce534012ff844cf8c1737bc54921

Edit: Full story. Sent ETH to WETH contract and got WETH back (after some googling I found this is how the contract works). Assumed it works the same way backwards and sent WETH back to the contract. No ETH back. Apparently you have to use a frontend to get the ETH back. ETH lost forever."Reddit post by the trader (attribution)
A trader learned that, in order to exchange Ethereum tokens (ETH) for Wrapped Ethereum (WETH), they should send their ETH to the WETH token contract and receive the WETH in return. Intending to convert WETH back into ETH, they erroneously assumed that it "works the same way backwards". The trader sent 195 WETH ($510,000) to the WETH contract only to find they received no ETH in return, and their money was lost forever.

Transaction history on Etherscan shows they were the 265th person to make this mistake. Most people did so with far smaller amounts of WETH, although another unfortunate trader lost 115 WETH (at the time valued at $360,000) on August 11, 2021. A total of 432 WETH has been irretrievably lost to this contract this way since July 2018 — currently valued at $1.1 million.

Fake Bored Ape project pulls in $17,500 following high-profile endorsement of Bored Apes

OpenSea collection called "Bored Ape Original" using the same icon and header image as the real account. Description says "BAYC is a collection of 10,000 Bored Ape NFTs. Certified by opensea"Fake Bored Ape collection (attribution)
After Paris Hilton and Jimmy Fallon engaged in a frankly bizarre discussion of their beloved Bored Apes on The Tonight Show, a fake projects imitating the Bored Ape Yacht Club began popping up on OpenSea. OpenSea shut down several projects of this type, which each brought in several hundred dollars an hour. One such project was left up for two weeks, duping investors out of nearly $65,000.

Lazy Lion Ape Club rug pulls for 50 ETH ($125,000)

An ape face with a purple and turquoise lion mane, wearing a fedora styl hat and a wide collared shirt. It's grimacing and bubbles are coming out of its ears.LLAC #33 (attribution)
Lazy Lion Ape Club, an NFT project in somewhat resembling the mega-popular Bored Apes, listed their NFTs on OpenSea on January 26. In addition to the NFTs, the project promised to generate passive income for its holders, as well as give them 3D models of their ape/lions to be used in the metaverse. The project leaders managed to generate 50 ETH (about $125,000) in sales before emptying the project of its funds and deleting their website and social media accounts.