Web3 is Going Just Great

The problem with this whole scheme is that Julian Sanders does not actually control the Sander estate — it was sold in 1992 by Gerd Sander (August's grandson, and Julian's father) to the Cultural Foundation of the Stadtsparkasse Cologne. That group was surprised to see all of Sander's work suddenly being sold as NFTs without their permission, and submitted a legal notice to have it taken down from OpenSea. OpenSea complied with the request on March 7. After almost two weeks of stalling and deflecting questions about the delisting without even acknowledging the cause, Fellowship and Julian Sander finally released a statement on the issue on March 18. Sander wrote that "a third party... claims to have certain rights in August Sanders' photographs" but that he "believe[s] the complaint is not valid" and would be working with his lawyers to have the collection reinstated. As best as I can tell, it seems that Sander is trying to argue he is entitled to sell his great-grandfather's work as NFTs because he physically possesses the negatives, despite the fact that the Cultural Foundation owns the usage rights to all of Sander's work.

Paul allegedly tried to cover his steps by creating a new crypto wallet to receive payments for each promotion, but then transferred the money a wallet he controlled to cash out. Oops. Some of the projects that Paul hyped in his undisclosed promotions included League of Sacred Devils, $MILF, and $YUMMY.

Some people in the crypto community responded with disdain at the project, describing it as a "cash grab". One NFT influencer tweeted "Hey @tailopez legit question: Why Would I pay 30-40k to watch a movie with you? or 80-90k for your WhatsApp? Who u think u are? U def have a shady reputation and doing this only adds more fuel to the fire. I respect anyone wanting to add value to NFTs but this is not the way." Others were surprised at the project's smart contract, which not only automatically transfers any money out of the project and into the team members' wallets, but requires the NFT buyer to pay the gas fee for that transaction in addition to normal gas fees for minting.

The whitepaper also addresses that the project will be built on the Ethereum blockchain. There is a section about "pros & cons of Ethereum", which has one section: gas fees. Apparently the project based on environmental conservation has decided to simply gloss over the enormous energy consumption, emissions, and electronic waste stemming from the Ethereum blockchain.

The project opened its second round of minting on March 3, and is offering its NFTs for mint prices between 0.06 ETH and 19.44 ETH ($150 to $50,000).

OpenSea said in a statement that "OpenSea blocks users and territories on the U.S. sanctions list from using our services", though it's unclear why this change seems to only have come into effect recently.

Some Venezuelan users were furious with MetaMask, feeling that their choice to prevent them from using the platform was incompatible with the decentralized and deregulated nature of much of crypto. One Twitter user wrote, "MetaMask Do not tell me that you became Centralized, I have this problem and many people in Venezuela have the same".

ConsenSys later appeared to say that the block of Venezuelan users was in error, writing that "In changing some configurations as a result of the new sanctions directives from the United States and other jurisdictions mistakenly configured the settings more broadly than they needed to be".

Some publications have speculated that the airdrop was canceled because someone tried to spoof the tokens, but it doesn't appear that Ukraine has given a reason for the change in plans. After the cancellation, many commenters on Twitter, all of whom were hopefully joking, wrote that they had been "rugged" by Ukraine — using the common slang for crypto scams in which people are convinced to buy in on a project that then takes the money and doesn't follow through on its promised plans. In the tweet announcing the cancellation, Ukrainian Vice President Mykhailo Fedorov wrote, "After careful consideration we decided to cancel airdrop. Every day there are more and more people willing to help Ukraine to fight back the agression. Instead, we will announce NFTs to support Ukrainian Armed Forces soon. We DO NOT HAVE any plans to issue any fungible tokens". What a world we live in.

Rose, for his part, runs a show called Brian Rose's DeFi Real, where he has published episodes like "Create your Career in Crypto: How to Become a DeFi Influencer, Educator & Fund Manager", and "The Next 100x Coins: How to Pick the Big Crypto Winners". As for the Rose and Icke duo, not only have they teamed up to broadcast COVID-19 conspiracy theories, they've also turned that project into NFTs, with a 100-item collection consisting of several-minute-long portions of their COVID-19 conspiracy TV series. Although all of the NFTs were given away, only a single NFT has experienced any trading so far.

Personally, I'm shocked to see the conspiracy theorists and crypto communities overlapping in this way.

At least 17 Smol Brains NFTs were stolen, which were listed for a combined total of around $1.4 million. PeckShield reported that more than 100 NFTs from multiple collections had been stolen. They reported that the exploit was due to a bug in their contract that allowed an attacker to set a quantity of 0 in a transaction, which when multiplied by the item price resulted in a total price of 0.

TreasureDAO co-founder John Patten wrote in a tweet while the hack was ongoing that "We will cover the costs of the exploit — I will personally give up all of my Smols to repair this."

Waves founder Aleksandr Ivanov blamed the withdrawals on outsiders. However, various crypto researchers believe they have identified Ivanov as the one behind wallets involved in the mass withdrawals.

About 2/3 of the other affected projects had yet to launch or had no social media presence. Crypto sleuth zachxbt tried to contact the other 1/3, and some of the projects were able to migrate contracts before any malicious actions. zachxbt wrote, "Funny enough when I reached out to all the different projects the ones that responded said they either didn't read over the smart contract beforehand or weren't the most technically inclined teams." On April 7, OpenSea contacted zachxbt to say they had frozen trading for all contracts created by the developer.

Lapsus$ initially promised that if Nvidia removed LHR from their 30-series line of chips, they would "forget about [the hardware] folder (it's a big folder)". However, they updated their demand on March 1, demanding that Nvidia either make all current and future drivers for all of their cards open source ("while keeping the Verilog and chipset trade secrets... well, secret"), or else they would publish all files for Nvidia chips. They wrote that Nvidia had until March 4 to make a decision. As of March 3, Nvidia had not made a statement around whether they would acquiesce to the hackers' demands.

Although Parler's press release contains a lot of their usual chest-thumping about "freedom from Big Tech", the DeepRedSky NFTs can only be minted with credit cards, with payments being processed through Stripe. The good news: if you aren't getting enough of a rush out of the risks involved with crypto in general, you can get a new thrill from giving your personal information to a platform that's been hacked multiple times.

Partway through the song, Zuckerberg sings "carpe the crypto diem". This raises the question of whether she intentionally included a dig at her brother Mark's failed Diem cryptocurrency project (formerly Libra), or if the project was such a flop even his own sister didn't know about it. I truly can't decide which scenario would be funnier.

On February 1, he was the victim of a phishing attack in which he lost the three pricey NFTs. He had agreed to trade one of his Mutant Apes for another NFT he was interested in, but he and the prospective buyer had to perform the transaction through a platform other than OpenSea or LooksRare because it was a swap rather than a purchase for ETH. Armijo turned down several suggestions of platforms by the other party, saying he was unfamiliar with them, and instead suggested one of his own choosing. However, the other party was still able to send him a trading link that appeared to be from the site he had suggested, and Armijo approved what turned out to be an illegitimate transaction that allowed the other party to take all three of his NFTs for nothing in return. Armijo alleges that although he quickly realized he'd been phished, he was not able to get OpenSea or LooksRare to freeze sales of the stolen NFTs, and they were flipped for resale within days.

Armijo alleges that OpenSea and LooksRare have "utterly failed to protect consumers or do anything to disincentivize or stop the thefts" because they profit from each trade on their platform. He has also named the company behind the Apes NFTs, Yuga Labs, in his lawsuit, stating that they have not done enough to disincentivize theft by failing to "monitor its proprietary and exclusive ape community by denying entry to individuals whose access is predicated on a stolen BAYC NFT". Once again, my heart goes out to the judge hearing this case.

In terms of damages, Armijo states he has been "deprived not only of the significant monetary value of the NFTs he owned, but also [has been] strip[ped] of his membership in the BAYC community and the commercialization rights he possessed in his underlying Bored Ape and Mutant Ape images", and as such is seeking damages "in no event less than $6 million". Interestingly, the name Robert Armijo also appears as a defendant in SEC charges from June 2021, where the individual is alleged to have unlawfully sold securities managed by an organization also alleged by the SEC to be a Ponzi scheme. It's not immediately clear if this is the same person, or someone who shares a name.

After their announcement went over about as poorly as you might expect, Elexir offered their community a choice: take the $300,000 they planned to airdrop, and either continue with that plan or re-add it to the liquidity pool. Community members by and large seemed to support an unlisted third mention, which was to refund the entire treasury to people who bought in, but the project developers seem intent on keeping that amount.

The project development team had had their identities verified by the organization StaySAFU, who subsequently tweeted that "We are currently communicating with both the team behind Elexir and the legal authorities", and that they had identity documents for the team members as well as video confirming they were responsible for rug pulls.

Although perhaps unsurprising that these exchanges refused a request like Fedorov's, it will be interesting to see if and how sanctions may affect various cryptocurrency exchanges' actions. Binance, the largest crypto exchange, has already indicated it will comply with sanctions. Kraken, whose executives have tended towards more ideological stances, has also indicated that it will comply with legal requirements to freeze accounts.

Some with a more optimistic view of Wood's tweet suggested that perhaps his request was motivated by a desire to avoid capital gains taxes that could be incurred by converting his DOT to ETH before donating it, but another commenter pointed out that 1) Wood almost certainly holds more than $5M in ETH already as a co-founder of the project, and 2) Wood lives in Switzerland, where private individuals are generally exempt from capital gains taxes.

It turned out that "Beutrec", a co-founder and the primary artist behind the collection, had used his access to the project metadata to identify and buy the rarest NFTs in the collection. Although he attempted to use distinct wallets to perform the transactions, they were trivially linked back to him. He made around 50 ETH (~$140,000) in profit from flipping the NFTs he bought with insider knowledge. After his actions were revealed in April 2022, Beutrec's new NFT project, Boki, announced that Beutrec would no longer be a part of their team.

Part of this collection's draw has been the promise that "you own the art". However, the artwork is released under the CC0 license, which dedicates the work to the public domain — that is, any ownership of the work in a copyright sense no longer exists.

Ukraine-themed NFT projects have also sprung up all over the place, promising to donate portions of proceeds, with very few avenues to distinguish the legitimate from the scams. Some existing NFT projects have created Ukraine-themed items to add to their collections. Other NFT projects that have nothing to do with Ukraine have tried to tempt buyers by claiming they will donate a portion of proceeds (5%, in one case) to Ukrainian war relief funds. Individual sellers have also tried to use the crisis to increase the sales of NFTs they own, promising to donate their profits.

Needless to say, my advice if you're hoping to donate to relief would be to skip the cryptocurrency and NFTs altogether and pick any of the many verified relief funds out there.

Although the project lead wrote on the Discord that they had "made a horrible mistake" but that they would "completely revamp and redesign" the NFTs, the project appeared to be a cash grab. On the night of the reveal, 1,000 ETH ($2.8 million) had already been transferred out of the project and split among various addresses. One of the recipients who received 400 ETH ($1.1 million) immediately went on a shopping spree, buying various big-ticket NFTs with their windfall.

However, on February 24 they announced that their newest NFT would show a short, top-down video of around fifty migrants crammed into a small inflatable boat, adrift at sea in the Mediterranean. Any goodwill the AP might have had for their NFT project was likely shattered by their choice to monetize a video of human suffering. The already horrific NFT announcement was particularly ill-timed, given its juxtaposition on many Twitter feeds amongst news of Russian military action against Ukraine. The Associated Press deleted the announcement tweet four hours later.

In March, the third co-founder, Sam Reed, also pled guilty and agreed to pay a $10 million fine. In August, top BitMex employee Gregory Dwyer entered a guilty plea and agreed to pay a $150,000 fine.

BitMEX had attempted to evade sanctions by claiming they didn't serve customers in the United States, though in reality they served thousands of U.S. customers and marketed in the U.S. At one point, when an early investor inquired as to why an investment in the company hadn't triggered a report to regulatory authorities, Delo responded with a meme of a man smiling, superimposed with the text "Incorporated in Seychelles, come at me bro". Hayes and Delo face a maximum sentence of five years in prison as a result of this plea. The exchange had in August paid $100 million to settle a separate lawsuit from the Commodity Futures Trading Commission, in an agreement which had also required them to implement proper blocks to prevent U.S. customers from using the service.

Suddenly, on February 23, the project deleted its social media accounts and most of its Discord. Fox wrote in the remaining Discord announcements channel that "The time and attention that y'all deserve and that I wanted to give you all/what this project requires, was not known to me and I overstepped and stretched myself too thin, trying to do this project in the middle of an NBA season." He promised to send anyone who bought more than five NFTs (which would have cost ~0.4 ETH, around $1,300, if bought at mint price) a signed jersey (available for purchase online for around $100).

The following day, after some attention was drawn to the rug pull, Fox released a Twitter statement that said basically nothing at all, and made no mention of reimbursing holders. Meanwhile, the floor price of the NFTs dropped to around 0.003 ETH ($8).

However, 0x650d withdrew the sale only minutes before the auction was due to start, tweeting only "nvm, decided to hodl". CoinDesk reported that, "Perhaps contributing to 0x650d's reversal were rumors of a tepid reception for the CryptoPunks mega-lot. Three sources, including one bidder on-site at Sotheby's, told CoinDesk that the highest pre-bid offer was $14 million, which was also the reserve price."

Journalist and researcher Laura Shin reported on February 22 that she had successfully used a forensics tool from Chainalysis to discover the identity of the hacker: Toby Hoenisch, a co-founder of the TenX "crypto debit card" project. Hoenisch refused to speak with Shin, and has denied the allegation.

For a technology that makes lofty promises of anonymity and privacy, increasingly-powerful technology is being released that at least claims to be able to unwind crypto mixing and make other connections between wallets and transactions that were previously extremely difficult, if not next to impossible. I imagine there may be a few people behind various crypto crimes sweating a bit as these technologies progress and threaten to unmask those behind other hacks and scams.

After Bleckmann-Dreher's attempts to contact the project were published on Web3 Is Going Great on February 26, Ocean Protocol's founder Bruce Pon commented to say they were "on it", and that he had alerted Data Whale about what appeared to be an issue in the ALGA project. Several hours later, Data Whale announced they would be taking the app offline due to concerns that there was a vulnerability, and that they had contacted the researchers. ALGA was later brought back online after they confirmed the vulnerability was not an issue with their project, but rather with Ocean Protocol itself. Pon acknowledged on February 27 that "there was a configuration issue on Ocean compute-to-data which is being fixed now", and later that day Ocean Protocol cut a new release of their operator engine which appeared to be a patch.

Unfortunately for him, CEO of The Martin Agency Kristen Cavallo showed up with receipts: "It was actually inspired by presentations our agency showed your team on 8/18 (pages 19-24) and 10/7 (pages 11-18) with ad concepts for the Super Bowl with floating QR codes on a blank screen."

I guess if there is a lesson here it is that if you're going to take credit for someone else's idea to try to make your team sound good, maybe you shouldn't also use it as an opportunity to dunk on the people who actually came up with the idea.

On February 20, 0xbrainjar confirmed that he was indeed Zaki. He wrote, "I did this so that my efforts to build up a suite of products would not be shadowed by a mistake that I made in my past.... 0xbrainjar was a place for me to not be defined by this serious misstep (which has been settled and was amplified by the media)". He also wrote on Twitter that "I do not want a mistake in my youth to cloud all of the team's efforts", though the SEC charge was filed less than three years ago, when Zaki was 21.

Some users directed their anger at Assure DeFi, a project that claims to "privately verify the identity" of various projects. The group had reportedly verified the identities of those behind Atom Protocol, lending the project credibility to some who bought in. Assure later tweeted that "many people are still misunderstanding the role of KYC/verification. KYC is a deterrent and not a scam prevention and if anyone says otherwise they are misleading you."

An hour and a half after users began to report missing NFTs, OpenSea finally acknowledged the issue. They tweeted that they were "actively investigating rumors of an exploit associated with OpenSea related smart contracts", and wrote that they believed it was a phishing attack coming from outside of OpenSea, rather than an issue with their contract. It was later determined that an attacker had successfully phished 17 OpenSea users into signing a malicious contract, which allowed the attacker to take the NFTs and then flip them. Bizarrely, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) from the attacker as well as some of his stolen NFTs back. The attacker later transferred 1,115 ETH obtained from the attack to a cryptocurrency tumbler, worth around $2.9 million.

The following day, Crypto.Chicks announced that they would be replacing Polly as a team member, and pausing their planned release of another NFT collection that also appeared to contain stolen artwork.