Journalist says she's been able to use chain analysis tools to discover the person behind the 2016 hack of The DAO

"The DAO", one of the first DAOs, was famously hacked in 2016, requiring a hard fork of the Ethereum blockchain to "undo" the breach. (So immutable!) Had Ethereum not forked, members of The DAO would have lost 3.6 million ETH — then worth around $50 million.

Journalist and researcher Laura Shin reported on February 22 that she had successfully used a forensics tool from Chainalysis to discover the identity of the hacker: Toby Hoenisch, a co-founder of the TenX "crypto debit card" project. Hoenisch refused to speak with Shin, and has denied the allegation.

For a technology that makes lofty promises of anonymity and privacy, increasingly-powerful technology is being released that at least claims to be able to unwind crypto mixing and make other connections between wallets and transactions that were previously extremely difficult, if not next to impossible. I imagine there may be a few people behind various crypto crimes sweating a bit as these technologies progress and threaten to unmask those behind other hacks and scams.

Security researchers desperately try to contact Ocean Protocol about a critical security problem

Screenshots of Kubernetes credentials and a shell connection, with sensitive credentials blurred out.Image from Bleckmann-Dreher's tweet (attribution)
Ocean Protocol is a web3 project promising to help people "publish, discover, and consume data in a secure, privacy-preserving fashion". Recently, they've been promoting the ALGA defi wallet, a project created by an external development team called Data Whale. Security researcher Christopher Bleckmann-Dreher, also known as "schniggie", resorted to publicly replying to one of Ocean Protocol's promo tweets to try to get the group's attention on a security vulnerability he and his collaborator Daniel Matesic ("mtd_0x00") had discovered. The duo found Kubernetes infrastructure that appeared to be completely compromised, and were able to get a shell, call their underlying AWS metaservice, and more. When Bleckmann-Dreher tried to report the bug through Ocean Protocol's Github bug bounty program, he found it was retired. He also tried to contact the team via their security email address, Telegram, and Discord, but received no reply.

After Bleckmann-Dreher's attempts to contact the project were published on Web3 Is Going Great on February 26, Ocean Protocol's founder Bruce Pon commented to say they were "on it", and that he had alerted Data Whale about what appeared to be an issue in the ALGA project. Several hours later, Data Whale announced they would be taking the app offline due to concerns that there was a vulnerability, and that they had contacted the researchers. ALGA was later brought back online after they confirmed the vulnerability was not an issue with their project, but rather with Ocean Protocol itself. Pon acknowledged on February 27 that "there was a configuration issue on Ocean compute-to-data which is being fixed now", and later that day Ocean Protocol cut a new release of their operator engine which appeared to be a patch.

Coinbase CEO tries to weave a compelling story about how their own team came up with a Super Bowl ad that "broke the rules on marketing", is quickly revealed to just be taking credit for the work of an outside ad agency

Two tweets. First by Brian Armstrong: "10/ I guess if there is a lesson here it is that constraints breed creativity, and that as founders you can empower your team to break the rules on marketing because you're not trying to impress your peers at AdWeek or wherever. No ad agency would have done this ad." Reply by Kristen Cavallo: "Except an ad agency did do that ad."Tweet by Armstrong, with reply from Cavallo (attribution)
Coinbase CEO Brian Armstrong embarked on a 12-tweet-long thread congratulating Coinbase employees for coming up with the bouncing QR code Super Bowl ad. He wrote, "I guess if there is a lesson here it is that constraints breed creativity, and that as founders you can empower your team to break the rules on marketing because you're not trying to impress your peers at AdWeek or wherever. No ad agency would have done this ad."

Unfortunately for him, CEO of The Martin Agency Kristen Cavallo showed up with receipts: "It was actually inspired by presentations our agency showed your team on 8/18 (pages 19-24) and 10/7 (pages 11-18) with ad concepts for the Super Bowl with floating QR codes on a blank screen."

I guess if there is a lesson here it is that if you're going to take credit for someone else's idea to try to make your team sound good, maybe you shouldn't also use it as an opportunity to dunk on the people who actually came up with the idea.

Another pseudonymous defi project exec revealed to have a checkered past

Composable Finance is a company that makes infrastructure tools for defi. Until recently, their head of product has been known only as 0xbrainjar, and has operated pseudonymously. However, on February 18, the crypto detective zachxbt revealed his discovery that 0xbrainjar was actually Omar Zaki. Zaki was charged with fraud by the SEC in 2019 for misleading investors while operating an unregistered investment adviser and hedge fund. He ultimately settled the case for a $25,000 fine, and a three-year ban from working in the investment industry. Although I personally think it's reasonable not to describe anything crypto-related as an "investment", I'm curious how the SEC might feel about him working on defi projects.

On February 20, 0xbrainjar confirmed that he was indeed Zaki. He wrote, "I did this so that my efforts to build up a suite of products would not be shadowed by a mistake that I made in my past.... 0xbrainjar was a place for me to not be defined by this serious misstep (which has been settled and was amplified by the media)". He also wrote on Twitter that "I do not want a mistake in my youth to cloud all of the team's efforts", though the SEC charge was filed less than three years ago, when Zaki was 21.

Avalanche-based Atom Protocol rug pulls within a day of its launch, claiming a bug

Tweet by Atom Protocol: "There is a problem/mistake in contracts, we can't do anything. We have to close the project, sorry"Tweet by Atom Protocol (attribution)
Atom Protocol, a project built on the Avalanche blockchain (and not to be confused with the Atom/Cosmos project on Binance), rug pulled within a day of launching. The developers posted a tweet reading, "There is a problem/mistake in contracts, we can't do anything. We have to close the project, sorry". Shortly afterwards, they deleted their Twitter account and Discord.

Some users directed their anger at Assure DeFi, a project that claims to "privately verify the identity" of various projects. The group had reportedly verified the identities of those behind Atom Protocol, lending the project credibility to some who bought in. Assure later tweeted that "many people are still misunderstanding the role of KYC/verification. KYC is a deterrent and not a scam prevention and if anyone says otherwise they are misleading you."

Indian authorities arrest a group accused of $5 million cryptocurrency scam

Indian authorities arrested at least eleven people accused of running a cryptocurrency scam that drew ₹40 crore (around $5.3 million) from investors. The alleged ringleader, Nishid Wasnik, flaunted his luxury lifestyle to help convince investors to put money into his firm, which he said traded Ether. According to one official, "He manipulated the website of the firm to show a steady rise in the value of investments, while transferring money into his accounts fraudulently between 2017 and 2021". Wasnik is also facing outstanding cases, including two murder charges, and had been in hiding since March 2021.

Seventeen OpenSea users have their NFTs stolen and flipped for a total of $2.9 million by a phishing scammer

Panic erupted on February 19 as a few users saw their wallets emptied of valuable NFTs without knowing why, and many others feared the same could happen to them. Early explanations blamed a new contract that OpenSea had rolled out, or an airdrop from a new NFT marketplace called X2Y2. People urged NFT owners to revoke permissions for both the OpenSea contract and for X2Y2 until more was known, although one of the most popular websites helping people do so went down shortly after from the high traffic.

An hour and a half after users began to report missing NFTs, OpenSea finally acknowledged the issue. They tweeted that they were "actively investigating rumors of an exploit associated with OpenSea related smart contracts", and wrote that they believed it was a phishing attack coming from outside of OpenSea, rather than an issue with their contract. It was later determined that an attacker had successfully phished 17 OpenSea users into signing a malicious contract, which allowed the attacker to take the NFTs and then flip them. Bizarrely, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) from the attacker as well as some of his stolen NFTs back. The attacker later transferred 1,115 ETH obtained from the attack to a cryptocurrency tumbler, worth around $2.9 million.

Former owner of a reportedly stolen Bored Ape files million-dollar lawsuit against OpenSea

An illustration of an ape wearing a blue bonnet, sunglasses, and black turtleneck, biting its lower lipBored Ape #3475 (attribution)
Businessman Timothy McKimmy is the former owner of Bored Ape #3475, an NFT he purchased in December for 55 ETH (then about $232,000). In a lawsuit against OpenSea, McKimmy alleged that on February 7, a "security vulnerability allowed an outside party to illegally enter through OpenSea's code and access Plaintiff's NFT wallet, in order to list and sell Plaintiff's Bored Ape at a literal fraction of the value". The Bored Ape was purchased for 0.01 ETH (about $30), then flipped by the alleged thief within hours for 98.9 ETH (a bit over $300,000). McKimmy alleges that OpenSea knew about the reported vulnerability, and failed in their duties to him as a customer by not informing customers of the issue, or shutting down the platform while it was reportedly vulnerable. The lawsuit further argues that because Bored Ape #3475 has a higher "rarity score" than the one supposedly purchased by Justin Bieber for 500 ETH ($1.3M) in January, the value of #3475 is "arguably in the millions of dollars and growing as each day passes". The lawsuit seeks "any and all damages to which [McKimmy] may be entitled, including the return of the Bored Ape, damages equivalent to the valuation of the Bored Ape, and/or monetary damages over $1,000,000."

Crypto.Chicks team member gives a non-apology for blatantly copying the work of another artist

Side-by-side comparison of an Instagram post and an NFT listing, both containing similar illustrations of a woman with a grimace and three eyesComparison of the original and Crypto.Chick #2 (attribution)
Polly, a member of the popular Crypto.Chicks NFT team, apologized for "drawing inspiration from" artists and "inadvertently cop[ying]" their work, after it is discovered that she blatantly traced the artwork used in some of the Crypto.Chicks NFTs. Although she wrote that she had "redrawn" the NFT in question, the artwork was nearly identical to artwork by a Brazilian artist named Amanda, who apparently was never credited nor compensated. The Crypto.Chick in question had sold for $27,500 in late January.

The following day, Crypto.Chicks announced that they would be replacing Polly as a team member, and pausing their planned release of another NFT collection that also appeared to contain stolen artwork.

Appeals court allows legal claim to continue against online promoters of Bitconnect

An appeals court found that a legal claim could continue to be pursued against some of the major voices that promoted Bitconnect online. Bitconnect was a Ponzi scheme that collapsed in early 2018, defrauding investors of $2 billion. This claim, should it succeed, could set a frightening precedent for those irresponsibly hyping cryptocurrency schemes in online videos and other promotions.

Authorities raid Generación Zoe, an Argentine pyramid scheme propped up by cryptocurrencies

Authorities performed nine separate raids targeting Generación Zoe, a holding company raising money from thousands of Argentines. The company promised 7.5% monthly returns at the lowest level, but more if investors recruited others to the scheme. They said these returns came from cryptocurrency trading, sales of "coaching" courses, and other investment strategies. The group even had their own cryptocurrency, Zoe Cash, and had begun other ventures — including a church. The accountant from the firm and several others were arrested in the February 18 raid, but the head of the scheme was on the lam.

Kickstarter says they "won't make changes to Kickstarter without you" after blockchain backlash... but they will continue with blockchain plans

Kickstarter announced back in December that they planned to completely rebuild their product on a blockchain. It was quickly met with resistance from the community, including some big-name users announcing plans to stop using the service. Two months later, the company published an article titled "We Won't Make Changes to Kickstarter Without You". Despite the title, they did not appear to waver on the blockchain plans, and committed only to "not mov[ing] Kickstarter.com onto the new protocol unless it has been tested" and to gathering "input" while they move forward with the plans.

Kickstarter's COO, Sean Leow, did an interview with The Beat to discuss the announcement. He seemed to be a little bit confused on the whole concept throughout, and seemed to believe that "open source" is some sort of competing idea to blockchains. At one point he stated, "We believe that that data can be structured in a way through a blockchain where it ... can move in a much more efficient and effective way between services ... in a way that open source doesn't allow". Later in the interview he spoke about governance, saying, "our understanding is that [governance] is done more effectively with blockchain then with open-source."

Someone blows up a Lamborghini to "criticize greed", then makes NFTs out of the pieces

A still frame of a Lamborghini mid-explosionStill frame from SHL0MS' video (attribution)
The person known on Twitter by the name SHL0MS bought a used Lamborghini Huracan, drove it to the desert, and recorded the enormous fireball as they blew up the car. The explosion, they said, was meant to be a "criticism of greed and short-termism in crypto".

SHL0MS then gathered 888 pieces of the wrecked car, took rotating videos of each one, and created NFTs from them. The NFTs were to be released on February 25 in an auction starting at 0.01 ETH (about $26), but the auction was delayed due to the news of Russia's military invasion of Ukraine.

It's likely SHL0MS will profit handsomely off the Lamborghini NFT. Their previous NFT collection, FNTN, involved similar rotating videos, in that case of an exploded toilet. The NFTs in that 185-piece collection have recently been trading at 1–2 ETH (several thousand dollars).

Andrew Yang announces plans to fight poverty with a lobbying group that distributes voting power in proportion to how much you pay

Perennial political candidate Andrew Yang, perhaps in a desperate bid to stay relevant, announced his plans to create "Lobby3". Lobby3 is a DAO which he says will push for crypto-friendly regulation and "eradicate poverty". Like many DAOs, the voting power is allocated based on how many tokens a member owns, meaning that those who pay more have more votes. A single token, representing one vote, costs 0.07 ETH (about $200). The "Founder" tier of participation in the DAO, which appears to offer access to Yang more than anything particularly lobbying-related, costs 40 ETH (about $125,000).

Interestingly, one of the people credited as a "contributing artist" to Lobby3 is "Robness", who had the previous day minted an NFT of a photo of a journalist as a child in an attempt to harass her.

Class action lawsuit names SafeMoon, its executives, Jake Paul, Nick Carter, and others in alleged pump-and-dump scheme

A class action suit was filed against SafeMoon, various executives, and a handful of influencers and celebrities who promoted the token. The plaintiffs allege that promotions included false or misleading statements, and that the defendants misrepresented their control over SafeMoon and its tokens in what is commonly called a "pump and dump". In addition to SafeMoon and its executives, the lawsuit named various celebrities and influencers who had promoted the token to their followers: Jake Paul, Nick Carter, Soulja Boy, Ben Phillips, and Lil Yachty. Promotions by the influencers occurred primarily between March and May 2021, and helped the coin spike to its all-time-highs of about $0.000008. However, the coin has spent most of its history worth less than half or, more lately, a quarter of that amount. The token underwent a migration in early 2022, which increased the price per token, but the value has continued to decrease.

These influencers join a growing list of celebrities who have been named in class action suits over alleged pump-and-dumps. The list includes names like Kim Kardashian, who was named among others in a January class action suit pertaining to a coin called EthereumMAX.

Binance halts activities and marketing in Israel over "licensing issues"—namely, the lack of one

Binance announced they had stopped "marketing to Israelis and all activities focused on Israel until we examine the issue of licensing." The "issue" in question seems to be that they don't have a license at all: according to the Israeli Capital Market, Insurance and Savings Authority, they never received an application that would license Binance to do business in Israel.

MetaDeckz ends trading card NFT project after facing legal action from streamers whose likenesses were used without consent

Side-by-side images showing an illustrated trading card of streamer Pokimane eating a lollipop, next to a photo of her from which the illustration was derivedComparison of the Pokimane MetaDeckz card and an existing photo (attribution)
An artist creating and selling trading cards of various streamers without asking their permission claims he was "just trying to do something cool for the community". He originally claimed that he had emailed each streamer about the project and never got a response, but the enormously popular streamer Ludwig released a statement in a tweet reading summarized with "TLDR: I am not making a fucking NFT and I'll let my lawyers take it from here". The longer text said that the MetaDeckz creator hadn't emailed Ludwig at all, and only sent him a Twitter DM "less than 24 hours ago". "You didn't even follow me on Twitter until [a popular Twitter personality called out your project]. It feels like you just reached out to cover your ass rather than get permission.... This is nothing more than a low effort scam."

Following Ludwig's scathing statement and legal threat, MetaDeckz explained he was just "an artist who saw an oppertunity [sic]" and that he would disband the project. He later released a video explaining that he would stop the project, though his continued references to the cards as "the product" and his statements that he intended to continue working on the cards led some to question if he was just planning to try to monetize them in some other way. If that's the case, he may run into further issues given that the card illustrations all appear to be derived directly from photos of the streamers that don't belong to MetaDeckz.

NFT artist "Robness" mints an NFT of a journalist's childhood photo to harass her

"Robness", an NFT artist who is somewhat known for selling a photograph of a trashcan for more than $250,000, apparently took issue with BuzzFeed News journalist Katie Notopoulos, who published an article in early February revealing the identities of two of the pseudonymous Bored Ape Yacht Club team. Robness was not the only one unhappy with her reporting — many people claimed that she "doxxed" the founders, despite the fact that she only published names that were on public business records and which the Bored Apes company confirmed to her. Some went so far as to send threats to her about her parents, claiming to know where they lived.

Robness decided the best way to make his displeasure known would be to find a photo of Notopoulos as a young child and turn it into an NFT titled "VOTED MOST LIKELY TO BE A FAILED JOURNALIST: KATIE NOTOPOULOS". The NFT description read, "Failed journalism is a true art to master. With Buzzfeed's new article about the Bored Ape Yacht Club, Katie Notopoulos went where no journalist usually goes. She ousted [sic] both of the Bored Ape Yacht Club founders while providing baseless claims of racist tropes about their artwork to further stir up contention. We thank Katie for her continued pursuit in tainting the once respected practice of real journalism. Here we have what is known as doxx art. Enjoy."

The NFT platform where Robness originally listed the NFT, Known Origin, eventually took down the listing. However, due to the nature of blockchains, the NFT itself still exists and can continue to be accessed and traded despite one platform's intervention.

Even Gary Vee gets upset with the shady business in NFTs sometimes

Still image from Gary Vee's video. He's wearing a blue sweatshirt and black baseball cap.Gary Vee (attribution)
Gary Vaynerchuk, an entrepreneur and now crypto/NFT personality, took to Twitter to express his frustration with some projects that airdrop their NFTs to big-name collectors and then market their projects by suggesting the person bought in of their own volition. There is no way for a person to prevent NFTs from being airdropped to their wallets, and if a person wants to get rid of them by burning or transferring them, they have to pay gas fees (averaging around $50 today on the Ethereum blockchain). In an exasperated Twitter video, Gary Vee said, "Hey NFT News and all the other accounts that take money from these projects that airdrop these products into my account and others accounts, and then say shit like 'Gary Vee owns this' or 'this person owns that' or 'this that'. Can you just stop doing that? It makes you look insane. This project is completely full of shit and is trying to trick people, and that sucks."

Tabletop roleplaying game publisher Chaosium suspends their NFT project after backlash

An NFT of a 3D model of Cthulu rendered as though it is made from jadeCthulhu fhtagn! (attribution)
Chaosium, a maker of tabletop roleplaying games (TTRPGs; think games like Dungeons & Dragons) including the popular Call of Cthulu game, launched an NFT project in July 2021. Their initial NFT offering was based around their Call of Cthulu game, but "didn't receive much attention from the gaming press or TTRPG community". However, their more recent discussion of plans to release more NFTs received major pushback from their community, leading the company to release a statement that "we have heard your concerns" and "we are suspending production". In a longer-form statement they wrote that, "In recent months, the debate has become prominent and contentious. Bad actors in this sphere have received widespread coverage. Many people are justifiably baffled, incredulous, and deeply skeptical."

BNB42 rug pulls for over $2.7 million

BNB42 was a "100% decentralized investment platform" that promised investors a 20% daily return on their investments. Unsurprisingly, that turned out to be too good to be true when the project owners deployed unaudited contracts that prevented anyone but themselves from withdrawing, and drained 6,445 BNB ($2.78 million) that quickly went to cryptocurrency tumblers. Around 6,000 investors lost money, presumably after being drawn by the unbelievable promises, like "earn 200% and double your investment in just 10 days". As is tradition, the project's Twitter account and website were wiped shortly after the investors cut and run.

"NFT influencer" Morgan (@helloimmorgan) repeatedly fails to disclose being compensated for NFT promotions

More shadiness emerges around the Jacked Ape Club as it's discovered that the popular NFT influencer account Morgan (aka @helloimmorgan and morgan.eth) failed to disclose being paid to promote the project, even directly denying it at one point. After the JAC deal was uncovered, someone asked her how many other projects had paid her that she hadn't disclosed, and she replied "I haven't been paid for anything except this one". However, it appears she has been compensated for multiple other giveaways for NFT projects including WomenOfCrypto and Squiggles.

Last year Morgan was caught up in scandal after it appeared she had bought a $24,000 Mutant Ape NFT while simultaneously running a GoFundMe trying to raise $20,000 for medical bills for her grandmother; she claims that the GoFundMe predated the MAYC purchase (though that seems to be in some doubt as well) and that all GFM funds went to her grandmother. Separately from that incident, she also created an NFT project called "Grumpkins" that was supposed to give 20% of profits towards children with cleft palates and also her grandmother's fund; after launching the project she quietly changed the donation amount to 10%.

Lonely Ape Dating Club launches to help Bored Ape NFT collectors find love, or maybe pay for it

A dating app screen shows a Bored Ape NFT with pink fur and a ponytail, with a profile named "misty.eth"Lonely Ape Dating Club prototype (attribution)
Left in place for posterity's sake, but the inimitible Katie Notopoulos has determined that this "app" was all a well-executed prank in the post-ironic world that is web3.

The Lonely Ape Dating Club project announced their plans to build a dating app specifically for owners of Bored Ape NFTs — NFTs featuring illustrations of apes that trade for an average of around 90 ETH ($225,000). The app is not currently accepting signups from people who don't own a BAYC NFT, which raises more than a few questions about how successful a dating app will be when its pool of users seems to be overwhelmingly male, though perhaps I'm making too many assumptions about their sexualities. The app does promise plans to release a "Coin Digger" feature, which would "allow non-BAYC owners to connect with higher net worth individuals for mutual benefit", so perhaps that is their plan to solve that problem.

Sadly, the project was cancelled in May 2022 due to "unforeseen circumstances" which I have to imagine were pretty foreseeable.

Leaders of the Canadian truck protest come up with hilariously complex plan to distribute the Bitcoins they've collected

18-wheeler trucks plastered in signage, with a man walking in front waving a Canadian flag. There are several plastic fuel canisters on the ground in the foreground.Canadian truck protest (attribution)
The leaders of the Canadian anti-vaccine trucker protest communicated their plan to distribute the 21 Bitcoin (worth almost $1 million) to the truckers blockading the border. Instead of giving the truckers the money in a cash format they can actually use, the "professional orange-piller" in charge of the Bitcoin distribution has explained a multi-step plan to give truckers pieces of paper with seed phrases printed on them. The seed phrases will be placed into sealed envelopes along with instructions on how to create a Bitcoin wallet, which are then "numbered and squiggly random lines should be drawn on the envelope to help with later identification". The volunteers then plan to physically destroy the printer with shears and screwdrivers, to try to prevent attackers from pulling the seed phrases out of the device memory. Of course once the trucker has their seed phrase, they have to go through the multi-step process of gaining access to the Bitcoin wallet on their smartphone, and then figure out how on earth to actually use their newfound Bitcoins to, say, pay for fuel. Anyway, I think this all goes to show that the future of money truly is upon us.

BuildFinance DAO project treasury drained after "hostile takeover"

A person managed to submit a proposal to the DAO that governs BuildFinance, a "decentralized venture builder", that would allow them to take over the project contract. The attacker succeeded in obtaining enough votes for the proposal to pass, primarily because they held an outsized number of governance tokens, and because they were able to disable community Discord features that would have alerted more of the community to the proposal. After the proposal passed and they were granted control over the project, they began minting and selling the project's native $BUILD token, draining the project treasury of about $470,000. According to BuildFinance, "As things stand, the attacker has full control of the governance contract, minting keys and treasury. The DAO no longer has control over any part of the key infrastructure." Some have questioned whether the incident can properly be described as an "attack" or "hostile takeover": everything worked exactly as it was supposed to in a "code is law" sort of way, even though it was against the intentions of the project founders and presumably most of its community.

The Belvedere Museum dreams big (or, rather, small) by splitting one single painting into 10,000 Valentine's Day NFTs

A small section of canvas with brown paintHappy Valentine's Day, honey! (attribution)
In a Valentine's Day-themed stunt, the otherwise reputable Belvedere Museum in Austria decided to sell Gustav Klimt's The Kiss as NFTs. But making one NFT was apparently not enough for the museum, which decided to section the digital copy of the artwork into 10,000 individual tiles. Although The Kiss is a very large piece of artwork, at nearly 6 feet on each side (180cm × 180cm), this means each NFT buyer gets an NFT representing a scrap of the painting measuring 0.7 inches to a side (18mm × 18mm), about the size of a U.S. penny. The Belvedere Museum has, somehow, estimated that each NFT will sell for €1,850 (about $2,100). If their dreams come true, selling all 10,000 NFTs would net them €18.5 million ($21 million).

The website for the NFT sale explains a six-step process to obtain one of these NFTs, including the standard steps of connecting a wallet and joining the allowlist, but ending with "Dedicate your NFT to a beloved one", which involves sending... their loved one a form email, apparently. My heart goes out to anyone receiving an NFT for Valentine's Day, much less a $2,000 one representing a portion of a painting smaller than a postage stamp. To anyone who thinks this is a good idea: I am begging you, please just buy your partner some flowers.

One Monero mining pool creeps closer to that crucial 51% of the network hashrate

Much of the mining of the Monero privacycoin is done by a single mining pool named MineXMR. The total computing power being used to mine and process Monero transactions (also called the hashrate) controlled by the one mining pool has been gradually increasing. On February 13, someone posted in the Monero subreddit urging people to "boycott" MineXMR, because the pool's hashrate was as high as 47.7% of the total network hashrate. If the one group's hashrate breaks the 50% mark, it opens the network up to a potential 51% attack, where the mining pool could be used for malicious actions, including blocking new transactions from being confirmed, reordering transactions, or double spending.

Jacked Ape Club NFT project team erupts in chaos

An illustration of a muscular ape with leopard spots wearing a cowboy hatJacked Ape #463 (attribution)
The team behind Jacked Ape Club, another NFT project featuring computer-generated apes, briefly erupted in chaos, shaking the confidence of many in the project. Several days prior, the project's initial sale finished with a bit more of a whimper than a bang. Team members Orange, Mitchell, and Jango were suddenly kicked out of the project and blocked by the remaining team. The founding members of the team said they simply removed the trio because their work was done, and because they said they weren't going to continue doing work for the project without further payments (how unreasonable!). However, it appeared that the remaining team members subsequently withdrew 178 ETH (a little more than $500,000) — 39% of the money in the project — leading some to believe they were rug pulling.

The following day, the project announced that control was back in the hands of Orange, Mitchell, Jango, and one other team member, and that the founders would be departing the project. The remaining team also announced that 105 ETH would be returned back to the project; they didn't address the 73 remaining ETH (around $220,000) that was reportedly taken by the founders.

Coinbase experiences an outage during the Super Bowl

Screenshot of error message screen reading "Planned maintenance in progress. Our systems are undergoing maintenance. Please try again later. Your funds are safe."Coinbase outage message (attribution)
People were apparently tempted by Coinbase's Super Bowl ad — which was just a QR code bouncing around the screen like the DVD screensaver — so much so that it took the Coinbase website down. Super Bowl levels of traffic are difficult to handle, granted, but you'd think a company with billions in revenue still might be able to figure it out. Travis Kimmel noted on Twitter that Coinbase's error message read, "Planned maintenance in progress": "Loving how 'planned maintenance' is just like their default 404 page. 'Don't worry everything is under control — we intentionally took the site offline while running an ad during the most expensive airtime ever.' " Coinbase subsequently tried to sweeten the pot by announcing that anyone who downloaded their app would receive $15 in Bitcoin.

This Super Bowl was the first to feature crypto advertisements. In addition to Coinbase's spot, Bud Light announced a beer-related NFT collection, Larry David appeared in an ad for the FTX exchange, and Crypto.com of course had a spot. What better time to make well-researched financial decisions than from your phone after a bunch of Super Bowl beers?

British tax collectors perform their first ever NFT seizure in tax evasion investigation

British tax authorities seized three NFTs in what they said was an attempt to dodge £1.4 million ($1.9M) in taxes. Officials stated that the seizure was a "warning to anyone who thinks they can use crypto assets to hide money", which may come as a surprise to some of the masterminds in the crypto subreddits.

Founder of an air taxi DAO writes of narrowly avoiding an elaborate scam attempt

thomasg.eth is the founder of Arrow, a DAO that is working to create "open-source VTOL [vertical take-off and landing] aircraft and air taxi protocol". In a long Twitter thread, he wrote about a pair of scammers, one of whom posed as a 3D artist from Ubisoft and one of whom impersonated a team member of an existing metaverse project called SpaceFalcon. After weeks of interaction, during which the supposed 3D artist supplied thomasg.eth with high-quality renderings and the supposed metaverse project team member invited him to tour the facilities of a different VTOL project, one of them invites him to test their NFT staking app. thomasg.eth was, fortunately, cautious about interacting with unfamiliar NFTs from his main wallets, at which point the scammers began to act a bit cagey. When thomasg.eth inspected the smart contracts, he realized they would enable the scammers to transfer any amount of aWETH (wETH on the Aave protocol) tokens from his wallet.

While many web3 scammers are fairly primitive in their tactics, these appeared to be running a sophisticated and highly-targeted scam. The pair worked to impersonate an existing web3 project, even buying a similar domain. They apparently hired a 3D artist to produce renderings to help ingratiate one of the scammers into the target's web3 project. And when thomasg.eth inspected the scammers' addresses, he found that they were working with at least 100 ETH in funding (currently equivalent to around $300,000). thomasg.eth is currently holding over $100 million in his wallet with the same name, so it's not hard to see why the scammers might have picked him as a target worth some extra effort.

Crowdfunded TitanReach MMO game project crashes and burns after developer spends investor money on a bad crypto gamble and a Tesla

A video game character stands on a beachTitanReach game screenshots (attribution)
The "Runescape-like" MMO game known as TitanReach has had a bumpy history so far, first failing to reach its Kickstarter goal in a crowdfunding project launched in 2020, but building enough community behind it to continue with crowdfunding off of Kickstarter to fund development on a month-to-month basis. The developer earned more than $200,000 via this model, but this only kept the project going until around August 2021, when they ran out of money. However, a month later, the lead developer of the project, "Unravel", reported that an anonymous investor had "fully funded this whole game out of the kindness of his heart. No strings attached. It sounds too good to be true, but it's true." Development resumed.

On February 11, Unravel announced that his studio "would be closing its doors for good. TitanReach will be laid to rest. The reasons for this are private." From there he went into a long message about the previously-unannounced crypto and NFT plans he had for the game, which unsurprisingly enraged the community who had supported the game.

YouTuber KiraTV, who had become close to the project, its developer, and the investor, revealed that the anonymous angel investor had been the cryptocurrency entrepreneur behind Yearn Finance, though Kira said that he believed the investor had not influenced Unravel to add crypto elements to the game. Kira alleged that Unravel had taken $150,000 of money sent by the investor and put it into $TIME, the token associated with the ill-fated Wonderland project. When he lost the money overnight, the investor cut funding for the project. It later came out that Unravel had allegedly used company money to make risky cryptocurrency investments besides the one incident with $150,000, and had even used the investor's money to purchase himself a new Tesla.

Porn actress Lana Rhoades apparently abandons her NFT project after its launch

An illustrated pin-up style woman wearing green bunny ears, a cropped shirt saying "Lana", fringed gloves, a mini skirt, and thigh highs stands in front of a bed.CryptoSis #2153 (attribution)
Lana Rhoades put her celebrity status behind the "CryptoSis" NFT project, which launched on January 22 and raised about $1.8 million. The project featured a detailed roadmap, explaining plans to develop metaverse wearables and a "hangout spot", send personalized messages from Rhoades to a small group of holders, and send out merchandise. The website also promised "real world utilities" including meet and greets with the "many mainstream notable female figures [who] will continue to join this community".

However, only weeks after launch, Rhoades appeared to have abandoned the project, and most of the funds had been transferred out. Rhoades deleted her TikTok videos in which she had promoted it, and didn't respond to tweets asking about the project. One community member wrote on Discord that they had "spent what [they] can't lose. Spent 4k, on total I had 6k. Man I'm left with 2k only. No job and have a 2 yo son". Hopefully the guy who got the tattoo of the project logo on his shin also isn't too disappointed... The NFTs, which cost 0.1 ETH each to mint (about $250), were selling for around 0.005 ETH (about $15) on February 16, if they were being bought at all.

Jacked Ape Club triumphantly announces that the project sold out, and that the remaining supply has been destroyed... wait, what?

A muscular grey ape wearing a bucket hat, holding a hand weight in its mouth, with bloodshot eyes, wearing a bikini topJacked Ape #942 (attribution)
The Jacked Ape Club launched their public sale on February 10, offering 8,888 NFTs of illustrated apes much like the Bored Apes, but muscular. The following day they tweeted that, "The Jacked Ape collection has sold out! The remainder of the supply has been burnt so we can begin building". This led reasonable people to question how a project can both sell out and have remaining supply. It turned out that the Jacked Apes project had only sold about 3,200 of the NFTs, destroyed the remaining ~5,700, and then proclaimed that the NFTs had "sold out".

MoviePass is back, with a blockchain and eye-tracking to keep you glued to ads

Remember MoviePass, the completely unsustainable and shady business that allowed people to go see unlimited movies in theaters (until it didn't)? Well, it's back. This time they promise you'll be able to earn cryptocurrency by watching ads, which I guess you can then spend to watch more movies. Not only that, they promise to prevent that pesky issue of people putting their phones down while the ads are playing by using eye tracking to make sure you're firmly glued to the screen. I wonder if they screen A Clockwork Orange.

BlockFi set to pay $100 million to settle with SEC and state regulators over sketchy lending services

Bloomberg reported that BlockFi is preparing to pay $100 million to settle allegations from the Securities and Exchange Commission (SEC) and state regulators that it provided a service allowing people to loan their cryptocurrencies to others in exchange for high interest rates. BlockFi will also not be allowed to provide new high-yield accounts to most Americans following the settlement. BlockFi is only one of several crypto firms, including Celsius, Gemini, and Voyager Digital Ltd., who are facing scrutiny from regulators over concerns of unregistered securities sales.

Squiggles project revealed to be part of an NFT scam ring just before launch

3D rendering of a monkey with a banana stuck to its forehead, wearing a yellow hoodieSquiggles NFT (attribution)
A project called Squiggles generated an enormous amount of hype before its launch, with hundreds of thousands of members in its Discord and followers on Twitter. Just before the project launched on February 10 with its whopping 1 ETH initial mint price (around $3,100), a 60-page dossier was published that claimed to expose the people behind the project as the same group who had pulled off a long list of other NFT rug pulls: League of Sacred Devils, League of Divine Beings, Vault of Gems, Lucky Buddhas, Dirty Dogs, Sinful Souls and Faceless. The project, which was expected to generate around $20 million in sales, still enjoyed some trading volume, though YouTuber and crypto scam researcher CoffeeZilla has opined that millions of dollars in trading appears to be the project founders trying to generate hype with shadow wallets. CoffeeZilla also reported on the people behind the scam ring allegedly threatening those who exposed them, promising lawsuits, threatening to publish fake news stories accusing their families of crimes, and even saying they had put out hits on people. OpenSea delisted the project shortly after mint, and as of February 17, the NFTs were selling on the OpenSea alternative LooksRare for 0.1–0.2 ETH (between $280 and $575).

mtgDAO gets a legal notice from Wizards of the Coast, writes that they are "unfairly discriminat[ing] against web3 tech and web3 communities"

The fledgling mtgDAO promised to deliver a "crypto NFT card economy" based around the Magic: The Gathering card game published by Wizards of the Coast. Needless to say, WotC sent them an email to inform them that their "intended use of Wizards' intellectual property, including its trademarks and copyrights, would be unlawful". This prompted mtgDAO to publish a 20-tweet-long thread about "why WotC is ngmi", where they accused WotC of "unfairly discriminat[ing] against web3 tech and web3 communities" by protecting their intellectual property. It's unclear where mtgDAO will go from here — they wrote in the thread that they hope to "help [WotC] see something like mtgDAO, and web3 in general, as an opportunity and not a threat", but I suspect they will not have much luck convincing WotC to let them infringe upon their intellectual property out of the goodness of their own hearts. On February 15 the project said what was already pretty clear: "I don't know shit about copyright law" and that "I'll tell you that mtgDAO NFTs being IP infringement is not intuitive to me."

Security firm forced to publicly disclose issues with Atomic Wallet after they go unaddressed for months

Atomic Wallet is a cryptocurrency wallet that claims to have more than 3 million downloads and advertises that "we provide users with the exceptional safety of their funds". However, an April 2021 audit by the Least Authority security firm "found that the design and implementation of the Atomic Wallet system does not sufficiently demonstrate considerations for security and places current users of the wallet at significant risk." When the Atomic Wallet team returned to the auditing firm in November to show them they'd addressed the issues, Least Authority found that "a significant number of issues and suggestions remain unresolved and that the implementation in its current state continues to be a security risk for users". After the Atomic Wallet team continued to ignore issues raised by the Least Authority team, the security researchers took the last-ditch step of publicly disclosing that there are serious issues with the platform, and recommending that the software not be used. The researchers did not disclose the specific issues they had found, in hopes of avoiding malicious actors exploiting the outstanding bugs.

New York power plant starts mining Bitcoin, increases emissions by 6x

An aerial photo of a power plant, with trees and a lake in the backgroundGreenidge Generation, with Seneca Lake in the background (attribution)
A mostly-dormant coal power plant near Seneca Lake in New York was converted to natural gas in 2017 and began devoting much of its power generation to mining Bitcoin in 2019. The plant went from generating a total of 39,406 tons of carbon emissions in 2019 to generating a total of 243,103 tons in 2020, its first full year mining Bitcoin — the equivalent of the emissions that would be produced to provide electricity to around 35,000 households. The plant was operating at only 13% of its capacity in 2020, but has plans to increase its mining operations. Locals who enjoy Seneca Lake for swimming and other leisure activities have said that, due to the plant, Seneca Lake is now "so warm you feel like you're in a hot tub". This is because the plant circulates around 135 million gallons of water a day from the lake to the cool the plant, outputting water directly into the lake at allowed temperatures up to 86–108˚F (though the plant claims its average outflow temperature is 50˚, only 7˚ warmer than the inflow temperature).

Locals of the area have demanded that the Department of Environmental Conservation review the air emissions permit for the plant rather than renew an old one, which the DEC agreed to do, though they have delayed a new decision until March 31. Many pressing for permit review were unhappy with the delay, with the Seneca Lake Guardian reporting, "This delay from the DEC is not benign... Every day that Gov. Hochul and Commissioner Seggos drag their feet on this (permitting) decision is another day for Greenidge to continue expanding operations."

On June 30, regulators denied Greenidge's request to renew their permit.

Hackers take more than $10 million from defi project Dego Finance

Hackers drained more than $10 million from the project Dego Finance. This also plunged the value of the project's $DEGO token by about 78%. Dego claims that the hackers compromised the keys to the address providing liquidity on UniSwap and PancakeSwap. Dego, which is a decentralized finance project, asked the various major exchanges to step in and prevent trading of the token, a type of intervention by centralized exchanges that is precisely what defi is supposed to prevent from happening.

Creator of Skycoin files lawsuit claiming he was extorted and kidnapped

Brandon Smietana, the creator of the Skycoin cryptocurrency, filed a civil racketeering lawsuit on February 9 against a slew of people. He claims that the people hired to market the coin and redo its website ended up damaging the website to demand ransom payments, and ultimately kidnapped Smietana and his girlfriend, then beat and tortured them for hours until Smietana handed over $360,000 in Bitcoin and Skycoin.

One defendant in the lawsuit has described the suit as "absurd" and "pretty weird", and said that Smietana has "a history of blaming other people for the failure of Skycoin".

Canadian antivaxxers try shilling crypto after failing to fund their trucker protest

A group of protesters gathering outdoors. One is holding a Bitcoin flag, several others hold Canadian flags.Canadian protesters with Bitcoin flag (attribution)
A protest in Canada against COVID-19 vaccine requirements for truckers re-entering the country, known as the "Freedom Convoy" has tried to crowdfund in several ways. A GoFundMe campaign that raised over CA$10 million was taken down after terms of service violations. A campaign on the right-wing favorite GiveSendGo raised over CA$8.2 million, but funds were frozen after an injuction by the Ontario Attorney General. The GiveSendGo platform also catastrophically failed to secure sensitive user data, and suffered a huge leak of donor data including scans of passports and drivers licenses, which is being made available to journalists and researchers by the inimitable DDoSecrets.

The protesters eventually turned to Bitcoin and other cryptocurrencies for crowdfunding, even appointing a "Bitcoin team lead" who rambled on in a livestream about not "being shackled by the censorship put in place by our legacy financial system", much to the confusion and annoyance of some viewers. One commenter asked, "Are we at a press conference for Freedom Convoy 2022 or having some guy shove Bitcoin down our throats?" As of February 9, the group claims to have raised $300,000 in Bitcoin, and $500,000 in other cryptocurrencies.

Baby Musk Coin rug pulls after a $2 million January ICO

Illustration of a baby that looks like Elon Musk on a yellow coinBaby Musk Coin illustration (attribution)
The Baby Musk Coin memecoin launched in January, promising to "revolutionize the meme industry". The coin enjoyed a $2 million ICO the previous month, despite warnings from observers who noticed the coin couldn't be sold, and who described it as a honeypot. Sure enough, on February 9, the project developers suddenly transferred 1571 BNB out of the project and quickly mixed it using Tornado Cash, earning a tidy profit of around $653,300. The sudden sell-off crashed the coin value to 0, leaving remaining holders with a worthless coin they were unable to sell. Developers took down the project website, Twitter account, and even their "Baby Musk dance video".

Samsung launches environmental sustainability-themed metaverse scavenger hunt where people plant virtual trees and earn NFTs

A 3D man stands in a virtual forest"Sustainability Forest" in the metaverse (attribution)
Samsung launches a "sustainability-themed quest" on their "Samsung 837X" Decentraland metaverse project, where they invite characters to hunt for "recyclable product boxes", plant trees in the (virtual) forest, and earn NFT badges.

The press release doesn't happen to mention that the Decentraland project is built on Ethereum, which was at the time a proof-of-work blockchain that used over 100 TWh of electricity per year — around the same amount as countries like the Netherlands or Finland.

The BBC publishes (and then deletes) a puff piece on a "self-made crypto-millionaire giving back" without mentioning his scam coin

Photograph of a man holding a laptop while standing in front of a MercedesHanad Hassan (attribution)
The BBC featured an article on their homepage about Hanad Hassan, "a 20-year-old who made millions trading cryptocurrency [who] is set to open a food bank to give back to his community." They mentioned that "he and his friend ... set up a special cryptocurrency together, donating all the profits to charity." What the BBC failed to note was that the project, Orfano, was apparently a scam — after the project launched and received investments, the duo shut it down and took the money. The BBC took their article down without explanation shortly after publishing, though it is still accessible via the Internet Archive. The BBC had also originally announced that there would be a 30-minute feature on the man on their BBC One channel running later that day, but replaced it with a different segment.

Someone appears to trade on insider knowledge of Coinbase listings

In early February, Coinbase listed the Aventus token ($AVT) on its exchange and added support for Pawtocol ($UPI). Shortly before these announcements, someone created a new crypto wallet and spent more than $350,000 buying AVT. The listing news didn't result in much of a price bump for AVT, so the trader tried again — cashing out the AVT and putting it into UPI in advance of that announcement. They found success with this trade, ultimately making a profit of around $734,000. The timing of the trades, combined with the relatively unknown nature of $AVT prior to the announcement, strongly suggests someone had insider knowledge of the upcoming announcement.

$36 million taken from retirement accounts of IRA Financial customers investing in crypto

IRA Financial, a platform for managing retirement investments, boasts of being "the first self-directed IRA company to allow their clients to invest in cryptocurrencies, such as Bitcoin, directly via a cryptocurrency exchange". Unfortunately, they were probably also the first to have that feature exploited, when an administrator account was apparently compromised and users' funds were transferred out of their connected Gemini accounts. Two days later, IRA Financial publicly acknowledged "suspicious activity that has affected a limited subset of our customers with accounts on the Gemini cryptocurrency exchange". The stolen funds, taken in a mix of Ethereum and Bitcoin, amounted to around $36 million.

Exploit of Superfluid vesting contract nets attacker $8.7 million

A vulnerability in the Superfluid crypto streaming protocol allowed an attacker to drain $8.7 million, affecting projects including Mai Finance, Stacker Ventures, Stake DAO, and the Museum of Crypto Art.

Longstanding British photography institution baits-and-switches investors with NFTs

Twitter account for Art3.io. Description reads, "We are ART3. A better way to discover, collect, buy and sell NFT photographic art."ART3.io Twitter account, formerly the account for the BJP (attribution)
The British Journal of Photography is a magazine and institution within the fine art and documentary photography world dating to 1854. In June 2021, they asked for investments, but were optimistic about the organization's performance, saying that they projected 6x returns over the next four years. They were successful in raising £1.8 million (about $2.4M) in shareholder investment. In November, the organization emailed investors announcing the launch of ART3.io, "our foray into the fast-growing NFT space", but still seemed optimistic about the "game changing opportunity for the business" that it would present.

On February 2, some Twitter users were confused to find themselves suddenly following the Twitter account of an NFT operation, as BJP had taken its existing 250,000-follower Twitter account and rebranded it to "ART3.io" and begun promoting various NFTs with posts of "gm". The primary BJP organization started a new Twitter account, @bjp1854, which had a total of around 1,500 followers. On February 8, investors received an email from BJP announcing the company had been sold, and that they would be paying back shareholders £50,000 of the £1.8 million, a 92% loss.