Hackers make off with over $3 million from Deus Finance

Hackers were able to use a flash loan attack to manipulate a price oracle, pulling 200,000 DAI and 1101.8 ETH (totaling almost $3.1 million) out of the Deus Finance defi platform. PeckShield, the analysis firm that identified the vulnerability, wrote that the $3 million number represented the amount the hackers were actually able to withdraw and put through a cryptocurrency tumbler, but that the loss to the project may have been larger. The CEO of Deus Finance subsequently wrote on Twitter that users whose positions were liquidated as a result of the exploit would be repaid.

Sneaky malware replaces Bitcoin addresses in clipboard to reroute transactions

Bitcoin wallet addresses look something like bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq, and so it's not always obvious at a glance if one string of random characters might have been replaced with another. Malware taking advantage of this fact has been spotted in the wild, replacing copied Bitcoin addresses with the address of a scammer, so that if a person pastes in an address to send Bitcoin to, it goes to the scammer instead. One trader learned this the hard way when the 0.255 BTC (about $10,000) they'd tried to send to an exchange never arrived. After looking into it, they saw that the funds had gone to a completely different address than they'd intended, and were able to sniff out that malware was to blame.

Invictus DAO whales quickly vote to shutter the project in its first ever community vote, leaving most others with huge losses

Invictus price history since November 12, 2021, showing a brief spike in late November and then a precipitous drop and slow decreaseInvictus token price in USD (attribution)
The Sol Invictus project was an Olympus DAO-like project on the Solana blockchain, much like the Wonderland project that went up in flames recently. Promising absolutely massive returns, with numbers like 60,000% APY being tossed around, people bought in hoping to see their money skyrocket. The project also partnered with major names in the Solana ecosystem, earning legitimacy.

However, although the project enjoyed a spike in price in November, the token has bled value since then. On March 9, the project leaders began a conversation about team salaries, where they also floated the idea of redeeming the treasury and closing the project. On March 11 they began a vote, which lasted only three days, and allowed members of the DAO to vote on whether the project should close and distribute treasury funds to participants. Much like the Wonderland vote in late January, a relatively small number of whales with a large share of the votes (who bought in early and still stood to make money on the project) were able to pass the vote to close the project, despite a majority of voters selecting to keep the project going. Furthermore, because the Invictus tokens used for voting also themselves hold the value, some people were unable to vote in the poll because their tokens were locked up in lending platforms where they had used them as collateral. Many participants in the project who haven't been actively watching the governance page likely don't even know the vote happened.

Some members of the project wrote on Discord that they felt rugged, with one even speculating that the project had been so eager to implement voting so they could pass a "community" vote to close the project and make off with a profit without damaging their reputations or potentially facing lawsuits. Various members of the project Discord shared how much they had lost: one person said they were down $20,000, another was down $75,000, and a third person reported losing $400,000. One person asked "who else is in the 6 figure loss club" and received three agreement emoji reactions; another person said they'd lost a year's salary. Some people already opted to try to sell their tokens early, worrying that the project leaders might make off with the treasury and not allow people to redeem their $IN; others waited in hopes of the redemption price being higher than the current token price; and some even suggested buying more $IN in hopes that they could make a profit if the redemption price is higher than the current price.

Discord compromise targets fans of the Wizard Pass project in a two-for-one scam that both accepted payments for fake NFTs and stole the NFTs that victims already owned

Wizard Pass is an NFT trading community and package of various software tools that can be joined for a price: a collection of 3,000 NFTs gates access to the community. The NFTs had a successful mint on March 7, and since then have been trading for around 0.3 ETH ($800) on the secondary market. Although the project stated that they would never mint more passes, members of the Discord were excited when the project's founder announced they would be doing a public sale for an additional 1,000 NFTs, at 0.1 ETH ($250) apiece. Unfortunately, there was no such mint, and it turned out the founder's Discord account had been hacked. As of midday on March 14, the hacker had received 66.4 ETH ($169,000) from 290 wallets.

A Twitter thread by SerpentAU suggested that the malicious minting website had not only accepted ETH from victims and provided nothing in return, but had also prompted users to grant full access to their NFT wallet, allowing valuable NFTs to be stolen. It's not yet clear how many NFTs were stolen as a result.

Collector sues artist after spending over $500,000 on an image of Pepe the Frog that others got for free

A trading card style image with an illustration of Pepe the Frog leaning on the edge of a pond, with his buttocks partially exposed. The text area of the card contains Matt Furie's signature.FEELSGOODMAN Series 20, Card 50 (attribution)
Matt Furie is the original creator of the Pepe the Frog cartoon that was later co-opted as an alt-right hate symbol, and which has also been popular among crypto enthusiasts and other online communities. Furie, his company Chain/Saw, and his DAO PegzDAO held an auction on October 8, 2021, and seemed to promise that the NFT would be one-of-a-kind: "500 cards issued, 400 burned, 99 will remain in the PegzDAO, and ONE is being auctioned here". Halston Thayer ended up winning the auction by bidding 150 ETH, then worth $537,084. However, on October 24, 46 of the 99 NFTs that were held by PegzDAO were distributed for free. According to a lawsuit filed by Thayer on March 12, 2022, releasing the 46 additional NFTs "significantly devalu[ed] Plaintiff's Pepe NFT to less than $30,000". The lawsuit seeks reimbursement of Thayer's original purchase, as well as punitive damages. Best of luck to the lawyers trying to describe "Rare Pepes" to a judge, or keep a straight face when saying that yes, the plaintiff did pay more than half a million for a drawing of a rather callipygian cartoon frog.

A trader reportedly makes half a million from a flash crash, then the LATOKEN exchange takes their coins

A trader set very low limit order on Ripple's XRP token, and was delighted to see it executed with XRP very briefly plummeted in value in what's known as a flash crash. The price recovered quickly, and the trader found themselves $458,000 wealthier. However, when they tried to withdraw some of their money from the exchange they were using, LAToken, the withdrawal was declined and their account was restricted for 24 hours for an unspecified terms of use violation. When the trader regained access to their account, the XRP they bought was nowhere to be found.

Report alleges Socios withheld payments owed to advisors and staff to maintain the value of its cryptocurrency

Off the Pitch reported on March 11 that Socios, the sports fan platform, had withheld payments owed to staff, advisors, and others who had signed agreements to endorse the platform's cryptocurrency, chiliZ. Internal messages showed that Socios founder Alexandre Dreyfus repeatedly referred to the payments owed to advisors as "the free money we give them". The reasoning for withholding the payments he'd agreed to? According to internal messages from Dreyfus, "When you give free tokens, people can sell at any price... It doesn't matter for them; so it makes the price going down... and the REAL investors who bought are losing money because of that." Staff members also were not paid the amounts they were owed. Some of them had moved to Malta, where Socios is headquartered, and were stuck there waiting to be paid.

$4 billion hedge fund Fir Tree Capital Management shorts Tether

The large hedge fund Fir Tree Capital Management has decided that the doubts around the stablecoin Tether are serious enough to take out a substantial short position against the project. Tether has faced questions from regulators, many of which center around whether or not the stablecoin is actually backed by the reserves it claims to have. Some of the assets Tether holds are high-yield commercial paper, which Fir Tree evidently believes is substantially tied to Chinese real estate firms. If that is the case, the real estate crisis in China (primarily revolving around Evergrande Group) could cause the value of Tether's reserves to plummet. According to Fir Tree, they've been shorting Tether since July, and expect their bet could pay off within a year. Other commenters and analysts have speculated that if Tether collapses, and that it very well might, there could be enormous ramifications for the rest of the cryptocurrency space.

UK Financial Conduct Authority requires all Bitcoin ATMs to be shut down

A person holds a phone while tapping a screen on an orange Bitcoin ATMBitcoin ATM (attribution)
All 81 functional Bitcoin ATMs in the United Kingdom are operating illegally, says the UK's Financial Conduct Authority (FCA). None of the companies operating them have a license to do so, and the FCA has said that they will take action against the companies if they don't shut down the kiosks.

One company now owns three of the most popular NFT collections: Bored Apes, CryptoPunks, and Meebits

A voxel-style rendering of a human with short black hair and a beanie cap, wearing a tie-die shirt, ripped jeans, and green sneakersMeebit #12742 (attribution)
Nothing really says "decentralized" like one company controlling the priciest and most popular NFT collections! Yuga Labs, the company behind the popular Bored Apes Yacht Club NFTs, announced they had purchased CryptoPunks and Meebits from LarvaLabs. CryptoPunks is one of the oldest NFT collections, and, along with Bored Apes and Meebits, ranks among the priciest collections on the market. Yuga Labs is also the owner of the popular Bored Ape Kennel Club and the Mutant Ape Yacht Club projects.

Facebook bans crypto scammer who pulled in up to $140,000 by impersonating economist David Rosenberg

Facebook comment from someone named Fany Roy Hayes: "I know this may sound unlikely but I just want to share it here for the good of everyone. I've been investing with Sir Ethan David Rosenberg for some week's now, the first investment, to my greatest surprise, I made a withdrawal in just 5days. since then I have been investing with him because of his accuracy. You too can earn big connect with him on the link."A Facebook comment from an account promoting the Rosenberg scam (attribution)
A Facebook profile impersonating an economist named David Rosenberg was discovered by Snopes to have drawn in around 3.4 Bitcoin in deposits, ostensibly from victims who were convinced they were investing with the actual Rosenberg. The fake Rosenberg profile, and others associated with it, posted about how he had reportedly helped them get out of debt or make a lot of money. The scammer's account was originally created in 2012, and when it began to be used in 2021 for the crypto scam, the operators edited old posts to make it appear that the "investment" operation had been going on for multiple years. Facebook banned the account shortly after Snopes published its report.

MeUndies cancels its NFT underwear plans and sells its Bored Ape after community backlash

A grimacing illustrated ape, wearing heart sunglasses and a black cap with a chain around it, to which the MeUndies logo has been addedMeUndies' modified Bored Ape illustration (attribution)
Believe me, I was as shocked as you were to discover that the MeUndies underwear brand has a "community". But that community apparently objected to the brand's purchase of a Bored Ape NFT, which they intended to use as a print on their line of undergarments. "We aren't going to make any excuses, we just didn't do the work we should have to make such an impactful decision", a MeUndies spokesperson wrote on Reddit. The spokesperson wrote that, after learning about the environmental impact of NFTs and cryptocurrency, they would be canceling the planned print, and selling off their Bored Ape. The NFT in question appeared to be BAYC #3986, which most recently sold in January for around 107 ETH ($260,000).

ESPN baseball reporter Jeff Passan has his Twitter account hacked and used to shill NFTs on "the biggest news day of [his] life"

Twitter profile of Jeff Passan, showing banner and profile pictures for "Skulltoons", and the name "Jeff.eth (Jeff Passan)"Jeff Passan's compromised Twitter profile (attribution)
ESPN MLB reporter Jeff Passan was having a great day, as he had been the one to break the news of an agreement between the MLB and the MLB Players Association, who had been deadlocked on labor negotiations. Unfortunately, this was soured a bit by his 800,000-follower, verified Twitter account being compromised and repurposed to shill "Skulltoons" NFTs.

Passan regained control of his Twitter account several hours later. Passan later wrote in a tweet, "hey remember that time i got hacked on the biggest news day of my life". The Skulltoons project distanced themselves from the incident, writing that they believed the hackers were trying to scam the Skulltoons community.

The Polygon network suffers an eleven-hour-long outage

After a network upgrade, Polygon went offline for eleven hours while developers scrambled to diagnose and patch an issue preventing its validators from achieving the 2/3 consensus required by the protocol. Projects and traders alike were affected by the outage, with various projects having to delay planned releases, and users reporting errors and funds stuck in transit. Although the network was able to release a patch to buy them some time, the project had to hard fork on March 18 in order to properly fix the issue.

After someone games the system to acquire a disproportionate amount of airdropped tokens valued at $123 million, Juno community begins a vote to take them away

A blockchain protocol called Juno launched in October 2021, airdropping their $JUNO tokens to members of the Cosmos ecosystem in proportion to how many $ATOM tokens they held. The protocol agreed via community vote that they would cap the amount given to a single individual at 50,000 $JUNO to "ensure fair distribution across the network". However, there is no restriction that one individual only have one crypto wallet, and so one single whale ended up receiving more than 3.1 million $JUNO across tens of wallets, which they later consolidated into one. Because of the enormous value centralized in one wallet — equivalent to around $123 million — if the whale sold off their $JUNO they could wipe out liquidity on decentralized exchanges and tank the price of the token. They could also perform a 51% attack on the network, as they already have half of quorum.

On March 10, a community proposal was submitted, proposing to take away the majority of the whale's tokens (worth around $121 million), and leave them with the 50,000 $JUNO (a little below $2 million) that was originally intended to be the maximum per person. The vote passed, in a major blow to an ecosystem where "your keys, your coins" is taken as gospel — that is, if you control the keys to a wallet, your assets supposedly can't be taken from you.

Bored Apes team asks people to verify their identities for their next project, shortly after making a stink about their own identities being revealed

Two tweets by Bored Ape Yacht Club. First tweet: "fuck it, again. http://somethingisbrewing.xyz". Second tweet: "This has been building over the last seven months. AnimocaBrands will launch the first phase, and there’s more to come. P.S. we don’t like KYCs either, but we think you’re going to want to be a part of this."Tweets by Bored Ape Yacht Club (attribution)
Yuga Labs, the company behind the Bored Ape Yacht Club (BAYC) project, announced a new project in partnership with blockchain gaming group Animoca Brands. The signup required KYC — that is, people were required to verify their real-life identities — something many BAYC fans seemed to bristle at, particularly given they had released absolutely no information about what the project would entail. BAYC themselves wrote, "P.S. we don't like KYCs either, but we think you're going to want to be a part of this."

There was some irony in BAYC requiring their buyers to reveal their identities only a month after some of the BAYC founders' identities were revealed by a journalist (who made the connection based on publicly-available information), which made the BAYC team and many of their supporters absolutely irate.

NFT collector accidentally sells their rock for close to $0 instead of over $1 million

Illustration of a gray rockEtherRock #44 (attribution)
The owner of EtherRock #44 tried to list their NFT for sale for 444 ETH (almost $1.2 million), but erroneously listed it for 444 wei — the fractional unit of ETH typically used for representing transaction fees. A bot programmed to look for listings like this one, where a pricey NFT is listed for far below its average or floor price, quickly snapped up the NFT before the buyer could remove the listing. The buyer of the NFT eventually tried to flip the NFT for 234 ETH, (around $625,000). The trader wrote on Twitter, "In one click my entire net worth of ~$1 million dollars, gone".

Entrepreneurs resuscitate 20-year-old piracy powerhouse LimeWire to turn it into a totally legitimate NFT marketplace, they promise

LimeWire, the filesharing service that was enormously popular in the early 2000s for piracy, has been resuscitated — or at least the brand has. Needless to say they are probably not planning to reuse much of the 20-year-old codebase that existed before public blockchains were even in use, if they even still have it at all. The choice to create an NFT marketplace with the same branding as the service that was shut down by a federal court for rampant copyright infringement seems a bit on the nose to me, for a technology that proponents still try to claim empowers artists and actually mitigates art theft. The duo behind the project claim that they are just trying to capitalize on nostalgia for the brand, but plan to operate above-board (though they would say that, wouldn't they).

Pirate X Pirate blockchain gaming platform exploited, blames its team's "utter carelessness"

The Pirate X Pirate blockchain gaming platform was exploited, with an attacker selling of more than 9.6 million $PXP. They were able to dump the tokens into the market for a profit of around 212 BNB ($78,000). In a blog post following the incident, Pirate X Pirate wrote, "Such attack could happen due to the team's utter carelessness to launch the conversion feature despite of its vulnerability. We deeply regret bypassing the inspection that should have been done by a white hat hacker as we intended to roll out the feature long-suspended as fast as we could. We have decided to dismiss our current developer team and are currently in the process of recruiting a new team to assume the responsibilities." They also announced that they had bought back the total $PXP that were stolen, and would be undergoing an audit.

A trader ends up owing $3600 after an exchange mistakenly deposits 10 Bitcoin in their account

Something apparently went terribly wrong on the trading platform that Twitter user rifftrader was using (though they didn't say which) when 10 BTC (~$385,000) was erroneously deposited to their account. The trader, who was expecting a transfer of $24 USD for Litecoin (LTC) that they had initiated to go through, didn't initially notice that the amount was in BTC when they subsequently converted it to USD. However, when they suddenly saw hundreds of thousands of dollars in the account, they realized what had happened. Not wishing to spend money that wasn't theirs, the trader transferred it back into BTC and contacted their exchange's support email. The exchange subsequently withdrew the erroneously-deposited funds from the trader's account. However, because the trader incurred a cost converting the BTC to and from USD, only 9.8752 BTC went back to the exchange. The exchange then proceeded to demand the trader pay the difference — around $3,600 — and accused them of "trad[ing] on those funds which did not belong to you". The email demanded payment by the following day, and the exchange threatened to send the case to a debt collector the trader didn't send the money.

NFT project created and endorsed by various English footballers plunges in value, players try to quietly delete endorsements

A brown ape with rainbow eyes, a drip of snot coming from his nose, and a lollipop stick sticking out of his mouth, wears a black and red jersey and shorts and pink sneakersAKFC #5849 (attribution)
John Terry, an English football coach and former player, launched an NFT project called "Ape Kids Football Club" on February 2. Several players, including Tammy Abraham, Ashley Cole, and Jack Wilshere, all endorsed the project. The NFTs traded for around $650 shortly after the project launch, but as of March 9 were averaging a little under $75 apiece. At some point, Abraham, Cole, and Wilshere quietly deleted their endorsements of the project.

The plummeting price is not the only problem the project has faced; shortly after Terry announced the project in January, he was threatened with legal action by the Premier League, and had to remove depictions of Premier League, UEFA and FA trophies, as well as the Chelsea logo, from the NFT illustrations.

Bug in Fantasm Finance allows multiple exploiters to take more than $2.6 million

An exploiter was able to use a bug in the Fantasm Mint contract to drain more than 1,000 ETH ($2,640,000) from Fantasm Finance. Fantasm urged their users to redeem their tokens they were staking and exit from liquidity pools, but attackers were still able to drain an enormous amount of funds from the protocol. It appeared that several other attackers joined in after the first attacker used the exploit, though it's not yet clear how much money was lost in total. The primary attacker transferred 1,007 ETH to the Tornado Cash tumbling service shortly after the attack. Fantasm Finance wrote on Twitter that they planned to publish a postmortem the following day, which would include compensation options for affected users.

Crypto.com gives borrowers in some jurisdictions a week to pay back their loans

A screenshot of an email from Crypto.com. Text reads, "Dear Valued Customer, Please be informed that Lending is no longer supported in your jurisdiction. For this reason we are required to cancel your current loans. You can find more information here. Kindly take steps to repay your loans by 02:00 UTC, 15 March 2022. Outstanding loans and the associated interest will be automatically repaid from the funds in your Spot Wallet after this date. We sincerely apologise for any inconvenience caused. If you have questions or concerns, please email us at contact@crypto.com. We're here to help. Best regards, The Crypto.com Team"Email from Crypto.com (attribution)
Crypto.com sent out an unexpected email to some users, apparently primarily in the EU, announcing that "Lending is no longer supported in your jurisdiction... [and] we are required to cancel your current loans". The email stated that if a borrower was unable to repay their loans by March 15, seven days from the date the email was sent, "outstanding loans and the associated interest will be automatically repaid". This seems like a tough timeline for borrowers, whose loans are twelve months long, and given people tend to spend the cash they've borrowed on something, rather than, say, hold on to it in case they need to suddenly repay a loan with a week's notice.

Reddit users from the UK, Germany, France, and Switzerland reported receiving the email, and those countries now all appear on the 40-entry-long list of countries not permitted to use Crypto.com's lending services. One Reddit user wrote, "I have 7 days to pay a big loan, like big. If it gave us a month I could unstake and pay, but no, they give us 7 [days], I will get liquified and can't do anything for it." Other users were confused to receive the email when they didn't have any loans on the platform, as it was worded in a way that they interpreted to mean they did.

Ormeus Coin founder charged with securities fraud for misrepresenting cryptomining operations and other assets

John Barksdale, part of the sibling duo behind Ormeus Coin, was charged with conspiracy, securities fraud, and wire fraud for his role in selling the Ormeus Coin token. He allegedly falsely represented the mining assets controlled by the company, claiming a mining operation that would have been one of the largest in the world, if his representations were true. The company also claimed to have reserves of Bitcoin backing their currency, when in reality these "reserves" belonged to a completely different entity. Through these misrepresentations, which were widely published including in a Times Square billboard, Barksdale drew $70 million in investment from around 12,000 individuals. The various charges Barksdale is facing involve maximum sentences between 5 and 20 years in prison. The SEC also filed a parallel civil action against the Barksdales.

Founders of several 2017 cryptocurrency companies indicted for alleged theft of more than $40 million

Four individuals who owned and operated EmpowerCoin, ECoinPlus, and Jet-Coin were indicted on wire fraud, money laundering, and obstruction of justice charges. They allegedly "engaged in a sophisticated scheme that preyed on unsuspecting investors nationwide with false promises of guaranteed returns and virtual currency trading opportunities", then tried to destroy evidence and obfuscate what they'd done after everything fell apart even before any actual trading happened. The group allegedly defrauded investors of more than $40 million over the four months in 2017 that the three companies were active, and they now face up to 20 years in prison if convicted.

Over 10,000 NFTs of photographs by August Sander are delisted from OpenSea after being created without permission

A black and white photo of a man, woman, and young child. The man sits on a stool with a child on his knee, and the woman stands next to them.AS10k+ #5489 (attribution)
An NFT project called the August Sander 10K Collection launched on February 11, offering NFTs of all 10,700 photographs by German portrait and documentary photographer August Sander (1876–1964). The project website described a "groundbreaking partnership between Fellowship and the August Sander family estate", apparently referring to their partnership with August Sander's great-grandson Julian. The NFTs were all distributed for free to the Fellowship community, which the project website boasted "speaks volumes about the commitment of both Fellowship and the August Sander family estate to creating a new standard of visibility and public access to large photography collections, an issue that has historically burdened museums". The website does not appear to mention that they take a 10% cut of all secondary sales, which so far appears to have netted them around 7 ETH ($20,000).

The problem with this whole scheme is that Julian Sanders does not actually control the Sander estate — it was sold in 1992 by Gerd Sander (August's grandson, and Julian's father) to the Cultural Foundation of the Stadtsparkasse Cologne. That group was surprised to see all of Sander's work suddenly being sold as NFTs without their permission, and submitted a legal notice to have it taken down from OpenSea. OpenSea complied with the request on March 7. After almost two weeks of stalling and deflecting questions about the delisting without even acknowledging the cause, Fellowship and Julian Sander finally released a statement on the issue on March 18. Sander wrote that "a third party... claims to have certain rights in August Sanders' photographs" but that he "believe[s] the complaint is not valid" and would be working with his lawyers to have the collection reinstated. As best as I can tell, it seems that Sander is trying to argue he is entitled to sell his great-grandfather's work as NFTs because he physically possesses the negatives, despite the fact that the Cultural Foundation owns the usage rights to all of Sander's work.

Influencer Jake Paul alleged to be repeatedly promoting projects without disclosing his financial involvement

A purple-skinned devil wearing a top hat, making a worried face, wearing a yellow t-shirt with a red female devil on it, and holding a sci-fi blaster gunLeague of Sacred Devil #4474 (attribution)
Jake Paul, who is already in hot water after being named in the class-action lawsuit against SafeMoon, has now been implicated by YouTube detective CoffeeZilla in $2.2 million worth of undisclosed promotions for multiple different projects. Influencers are required by the FTC to disclose when they financially benefit from promoting a project, though the crypto space seems rife with celebrities deciding that rule just doesn't apply.

Paul allegedly tried to cover his steps by creating a new crypto wallet to receive payments for each promotion, but then transferred the money a wallet he controlled to cash out. Oops. Some of the projects that Paul hyped in his undisclosed promotions included League of Sacred Devils, $MILF, and $YUMMY.

Andre Cronje and Anton Nell suddenly ditch their 20+ defi projects

Anton Nell
@AntonNellCrypto
Andre and I have decided that we are closing the chapter of contibuting to the defi/crypto space.
There are around ~25 apps and services that we are terminating on 03 April 2022. 
1/3
Most notibly
http://yearn.fi (use http://yearn.finance)
http://keep3r.network (use http://thekeep3r.network)
http://multichain.xyz (use http://multichain.org)
http://chainlist.org (lots of people replacing it)
http://solidly.exchange
http://bribe.crv.finance
2/3
Unlike previous "building in defi sucks" rage quits, this is not a knee jerk reaction to the hate received from releasing a project, but a decision that has been coming for a while now.
Thanks you to everyone that supported us over the past few years.
3/3Tweet thread by Anton Nell (attribution)
Andre Cronje and Anton Nell, the prolific developers of around 25 defi projects including yearn.fi and the new Solidly exchange, suddenly announced on Twitter that they would be quitting defi and shutting down their projects. "Unlike previous 'building in defi sucks' rage quits, this is not a knee jerk reaction to the hate received from releasing a project, but a decision that has been coming for a while now", wrote Nell. The sudden announcement caused several tokens associated with the projects to plunge in value. Some people were quite upset with the two developers, with one Twitter user writing, "People lock up billions of dollars for 4 years and dev announces it's being terminated in a month. Defi truly is the future of finance." Others were confused by the statement that the decision was a long time coming, when one of their projects, Solidly, had launched only a month before.

"NFT mortgage lender" Bacon Protocol is hacked for $1 million

Bacon Protocol, a defi project seeking to provide NFT mortgage liens (yes, really) was hacked. A reentrancy bug in their smart contract enabled attackers to get more lending credits than they should have been allowed, and was exploited for a total loss to Bacon Protocol of around $1 million.

BattleCatsArena apparently rug pulls several weeks after launch

An illustration of a rainbow-colored cat with a brown afro and small glassesBattle Cat #286 (attribution)
The NFT project BattleCatsArena appears to have rug pulled on March 5, about three weeks after its launch. The project had been announced late last year, with a post from its creator danvee.eth explaining, "After seeing lots of projects with zero utility and surviving 2 rug pulls I decided that it's time to build a real product that will deliver value to its holders from day one." The project had an ambitious roadmap, featuring NFTs, cat shelter donations, and of course a game with several play modes. Minting began on February 16, though the launch was somewhat disappointing — only around 400 of the 500 available BattleCats were minted in the three weeks following launch, and trading volume was low. On March 6, the project apparently deleted its Twitter account, and danvee.eth claimed the Discord had been hacked. All told, the project earned almost 21 ETH ($55,000). danvee.eth wrote on Twitter that he would try to refund people who wished to be refunded (so long as they were nice to him); as of that day no refunds had been sent from addresses associated with the project.

NeosVR virtual reality project jettisons its crypto component after a team blow-up

NeosVR, a virtual reality project originally released in 2018, introduced "Neos Credits" (NCR) in 2018 with the idea that it could enable in-game transactions. The crypto component was primarily managed by Karel Hulec, one of the project's team members. After cryptocurrencies and metaverse projects experienced a boom in 2021, crypto enthusiasts flooded into the project and drove up the value of the token. Some project members described the influx of people from the crypto community as having a strongly negative effect on the community, with one person writing they brought "all of its true slur-lovin' pepe-wearing glory to Neos". After some discontent within the team about the crypto side of operations, members of the team traded public statements with allegations about other members. On March 4, after Hulec released an updated whitepaper fraudulently (but perhaps mistakenly) "signed" by the rest of the team, the project creator and developer announced a proposal to allow Hulec to operate the cryptocurrency "on top of our work, but as a 3rd party solution, under a company solely under his ownership and direction", and for the primary team to cease involvement with the crypto component of the project.

Tai Lopez releases an exorbitantly-priced NFT project where people can buy access to him

List of NFTs: "1 on 1 Shadow Tai in Person at His Office
1 on 1 Michelin Star Restaurant with Tai
1 on 1 Whatsapp Access to Tai's Personal Number
1 on 1 Private Jet Trip with Tai
1 on 1 Watch a Movie with Tai
1 on 1 $10,000 HORSE Basketball game with Tai
1 on 1 NBA Game Courtside with Tai
1 on 1 VIP Table at a Top Nightclub with Tai"Some of the NFTs (attribution)
The entrepreneur and motivational speaker Tai Lopez, of "here in my garage, just bought this new Lamborghini" fame, announced a new NFT project. The NFTs feature staggering list prices and promise "value" that all largely center around access to Lopez. Some of the highest-tier "Black Card" NFTs include, "1 on 1 Shadow Tai in Person at His Office" (2–3 hours, travel & accommodation not included), "1 on 1 Whatsapp Access to Tai's Personal Number", "1 on 1 Watch a Movie With Tai" (2-hour movie, Lopez picks), and "1 on 1 $10,000 HORSE Basketball game with Tai", and were presented in a Dutch auction beginning at 80 ETH ($210,000).

Some people in the crypto community responded with disdain at the project, describing it as a "cash grab". One NFT influencer tweeted "Hey @tailopez legit question: Why Would I pay 30-40k to watch a movie with you? or 80-90k for your WhatsApp? Who u think u are? U def have a shady reputation and doing this only adds more fuel to the fire. I respect anyone wanting to add value to NFTs but this is not the way." Others were surprised at the project's smart contract, which not only automatically transfers any money out of the project and into the team members' wallets, but requires the NFT buyer to pay the gas fee for that transaction in addition to normal gas fees for minting.

Nemus Earth plans to buy and protect land in the rainforest... with Ethereum NFTs and a Brazil nut plantation

An illustration of an eagle sitting on a branch, on a trading card styled background. The card reads "Harpy Eagle, Parcel #128, -66.87661, -7.83341"Nemus Earth NFT (attribution)
A project called Nemus Earth has emerged, offering to sell you an Ethereum NFT to become a "Guardian" of the Brazilian Amazon rainforest. The project has lofty plans to create a "protective belt" in the Brazilian Amazon to try to protect it from deforestation. The project's whitepaper goes on to explain that "economic activity is required" on the land that they will purchase, and outlines a plan to employ the Indigenous people in the area to farm Brazil nuts on an abandoned plantation the project intends to "revitalize". The project describes a "co-op" for the local people that will "unlock generational wealth for these communities", though there appear to be no plans for these people to actually join the community of "Guardians" or have any say in the project's governance. Other economic activity planned by the project apparently involves "sustainable forestry", "empower[ing] local police authorities", something involving drones, and of course generating carbon offsets for other projects.

The whitepaper also addresses that the project will be built on the Ethereum blockchain. There is a section about "pros & cons of Ethereum", which has one section: gas fees. Apparently the project based on environmental conservation has decided to simply gloss over the enormous energy consumption, emissions, and electronic waste stemming from the Ethereum blockchain.

The project opened its second round of minting on March 3, and is offering its NFTs for mint prices between 0.06 ETH and 19.44 ETH ($150 to $50,000).

OpenSea blocks Iranian users

Iranian users were surprised to find that their OpenSea accounts had been deactivated with no warning. One Iranian user wrote, "NOT A gm AT ALL. Woke up to my opensea trading account being deactivated/deleted without notice or any explanation, hearing lots of similar reports from other Iranian artists & collectors. What the hell is going on? Is OS straight up purging its users based on their country now?" At least one user who reported issues said that they are Iranian, but haven't lived there in years, and are based in Italy.

OpenSea said in a statement that "OpenSea blocks users and territories on the U.S. sanctions list from using our services", though it's unclear why this change seems to only have come into effect recently.

MetaMask and Infura block Venezuelan users, at least briefly

Users based in Venezuela suddenly found themselves unable to use the enormously popular crypto wallet, MetaMask, on March 3. MetaMask relies on Infura, a popular API platform for Ethereum, which had apparently blocked access for Venezuelan users. Both MetaMask and Infura are owned by the parent company ConsenSys. An FAQ page on MetaMask's website states that "MetaMask and Infura are unavailable in certain jurisdictions due to compliance with laws", though it does not specify which jurisdictions, or which laws.

Some Venezuelan users were furious with MetaMask, feeling that their choice to prevent them from using the platform was incompatible with the decentralized and deregulated nature of much of crypto. One Twitter user wrote, "MetaMask Do not tell me that you became Centralized, I have this problem and many people in Venezuela have the same".

ConsenSys later appeared to say that the block of Venezuelan users was in error, writing that "In changing some configurations as a result of the new sanctions directives from the United States and other jurisdictions mistakenly configured the settings more broadly than they needed to be".

People joke about being "rugged" by Ukraine as the country cancels its planned airdrop

Ukraine canceled its promised cryptocurrency token airdrop on the day it was expected to happen. Government officials had previously announced that anyone who donated by March 3 would receive an airdropped cryptocurrency token as a reward; this was a promise that spurred a large total number of donations, though relatively few of much size. Protocol reported that 95% of people donated amounts of 0.01 or 0.001 ETH (equivalent to $28 or $2.80), apparently primarily in hopes of getting the promised reward.

Some publications have speculated that the airdrop was canceled because someone tried to spoof the tokens, but it doesn't appear that Ukraine has given a reason for the change in plans. After the cancellation, many commenters on Twitter, all of whom were hopefully joking, wrote that they had been "rugged" by Ukraine — using the common slang for crypto scams in which people are convinced to buy in on a project that then takes the money and doesn't follow through on its promised plans. In the tweet announcing the cancellation, Ukrainian Vice President Mykhailo Fedorov wrote, "After careful consideration we decided to cancel airdrop. Every day there are more and more people willing to help Ukraine to fight back the agression. Instead, we will announce NFTs to support Ukrainian Armed Forces soon. We DO NOT HAVE any plans to issue any fungible tokens". What a world we live in.

Someone tries to spoof promised Ukraine airdrop

After embracing cryptocurrency donations to help fund its resistance to Russian invasion, the Ukrainian government decided to try to solicit even more donations by announcing they would airdrop a token to anyone who donated. There was some excitement on March 3 as it appeared that Ukraine was seeding liquidity pools on Uniswap with $WORLD tokens. However, blockchain analysis tool Etherscan shortly afterwards marked the token as "misleading... and may be spam or phishing". It's not yet clear what the person apparently spoofing the tokens was trying to do.

Conspiracy theorists Brian Rose and David Icke get in on the defi and NFT grift

Brian Rose and David Icke pose next to one another with their arms crossedBrian Rose and David Icke (attribution)
Conspiracy theorists Brian Rose and David Icke are together known for their April 7, 2020 interview where Icke attempted to draw unsubstantiated links between the rollout of 5G cellular technology and the COVID-19 pandemic. Independently, Icke is also known for many other conspiracy theories, including the antisemitic theory that an interdimensional race of reptilian creatures form the Illuminati, and control humans through fear.

Rose, for his part, runs a show called Brian Rose's DeFi Real, where he has published episodes like "Create your Career in Crypto: How to Become a DeFi Influencer, Educator & Fund Manager", and "The Next 100x Coins: How to Pick the Big Crypto Winners". As for the Rose and Icke duo, not only have they teamed up to broadcast COVID-19 conspiracy theories, they've also turned that project into NFTs, with a 100-item collection consisting of several-minute-long portions of their COVID-19 conspiracy TV series. Although all of the NFTs were given away, only a single NFT has experienced any trading so far.

Personally, I'm shocked to see the conspiracy theorists and crypto communities overlapping in this way.

Bug in Treasure NFT marketplace results in listings being sold for free

A pixel art monkey with a large brain, who appears to be made out of goldSmol Brains #5203 (attribution)
The Treasure NFT marketplace on Arbitrum (a layer 2 network built atop Ethereum) apparently experienced a bug that allowed someone to "buy" NFTs in transactions where they sent 0 currency. The attacker particularly seemed to target the "Smol Brains" NFT project, likely because of its relatively high value — the project has a floor price of almost $10,000. Some of the NFTs that were transferred at no cost to the attacker had been listed for several times that floor price, including one gold-colored Smol Brain (pictured) that had been put of for sale for the equivalent of $560,000.

At least 17 Smol Brains NFTs were stolen, which were listed for a combined total of around $1.4 million. PeckShield reported that more than 100 NFTs from multiple collections had been stolen. They reported that the exploit was due to a bug in their contract that allowed an attacker to set a quantity of 0 in a transaction, which when multiplied by the item price resulted in a total price of 0.

TreasureDAO co-founder John Patten wrote in a tweet while the hack was ongoing that "We will cover the costs of the exploit — I will personally give up all of my Smols to repair this."

One contracted developer writes malicious code for 32 different NFT projects

Rendering of a spherical planet with dark green trees interspersed with futuristic skyscrapersThestarslab #6333 (attribution)
A developer offering his services on the freelancer marketplace Fiverr was hired by 32 different NFT projects, for which he wrote and deployed the smart contracts. The first project to be compromised via the malicious code was "TheStarsLab" project, when the developer renounced ownership on the mint contract, making it impossible for the project team to access the funds. The developer is the only one who has the ability to move the money out of the project contract, though as of a month after the attack on the project, the 197 ETH stuck in the contract (~$580,000 at the time of the attack; ~$648,000 as of April 10).

About 2/3 of the other affected projects had yet to launch or had no social media presence. Crypto sleuth zachxbt tried to contact the other 1/3, and some of the projects were able to migrate contracts before any malicious actions. zachxbt wrote, "Funny enough when I reached out to all the different projects the ones that responded said they either didn't read over the smart contract beforehand or weren't the most technically inclined teams." On April 7, OpenSea contacted zachxbt to say they had frozen trading for all contracts created by the developer.

Hackers who stole data from Nvidia demand the chipmaker remove cryptomining limitations on GPUs

In late February, the Lapsus$ ransomware group claimed to have breached Nvidia's corporate network and stolen more than a terabyte of data, which they say includes schematics and source code for drivers and firmware, as well as employee credentials. Instead of the typical monetary ransom, Lapsus$ demanded something unusual: that Nvidia remove the "Lite Hash Rate" (LHR) feature from their graphics card. LHR is an artificial limitation that Nvidia has applied to their line of gaming chips, which makes them less attractive to cryptominers who have otherwise been causing shortages in GPUs.

Lapsus$ initially promised that if Nvidia removed LHR from their 30-series line of chips, they would "forget about [the hardware] folder (it's a big folder)". However, they updated their demand on March 1, demanding that Nvidia either make all current and future drivers for all of their cards open source ("while keeping the Verilog and chipset trade secrets... well, secret"), or else they would publish all files for Nvidia chips. They wrote that Nvidia had until March 4 to make a decision. As of March 3, Nvidia had not made a statement around whether they would acquiesce to the hackers' demands.

Former ConsenSys employees demand audit regarding MetaMask and Infura's transfer to a new company

A group of 35 former employees of the startup incubator ConsenSys filed a request for an audit of a transfer of the company's "crown jewel" assets to a new company, which they say "was to the detriment of the minority shareholders". The requested audit relates to an August 2020 deal that saw the cryptocurrency wallet MetaMask and the developer platform Infura be transferred to a brand new entity. The transaction also resulted in the banking giant JPMorgan taking a 10% share in ConsenSys, and in a $39 million loan by ConsenSys founder being offset. The shareholders allege that MetaMask and Infura were massively undervalued in the trade; an allegation that a ConsenSys spokesperson has rebutted, saying that "the group would like to apply a valuation that might be achieved today to a set of projects that were pre-monetization during the darkest days of Covid when the transaction took place".

Far-right social network Parler launches an NFT platform where you have to pay with credit cards

An illustration of Donald Trump wearing rhinestone sunglasses and a rhinestoned tuxedo and bow tie, in front of rhinestoned text reading "TRUMP"CryptoTrump (attribution)
You might think if Parler was going to create an NFT celebrating their hero, they wouldn't include along with their promotional material the example most reminiscent of Milo Yiannopoulos, the man who's been so effectively deplatformed that he's had to resort to selling statues of the Virgin Mary on a home shopping TV channel. On March 1, the far-right social network Parler announced their "CryptoTrump" NFTs, which will sell on their "DeepRedSky" NFT platform. The platform is built on the Solana blockchain, and has already helped Melania Trump "sell" (wash trade) her NFTs. Their inaugural project is a collection of 250 algorithmically-generated Trump NFTs, which will sell for $2,750 each and eventually be part of a collection of 10,000 items.

Although Parler's press release contains a lot of their usual chest-thumping about "freedom from Big Tech", the DeepRedSky NFTs can only be minted with credit cards, with payments being processed through Stripe. The good news: if you aren't getting enough of a rush out of the risks involved with crypto in general, you can get a new thrill from giving your personal information to a platform that's been hacked multiple times.

GenomesDAO wants you to give them your genetic data, which they acknowledge is "data that can be exploited in ways we cannot even imagine yet"

An illustration of a calico cat with green eyesWho's going to tell them cats don't have human eyebrows? (attribution)
GenomesDAO has created a platform which they promise will allow people who wish to sell their genetic data to have more control over it. They write that genetic data is "data that can be exploited in ways we cannot even imagine yet" and go into a list of these possible exploits — and this is apparently why you should definitely entrust it to a company building in a space known for its endless hacks. The company promises to help users earn money through selling access to their genome — though of course this isn't until step five in their roadmap. They're currently at step two or step three, depending on which version of your roadmap you look at; both steps seem focused on creating cat NFTs out of your genetic data for some reason.

Randi Zuckerberg tests your secondhand embarrassment tolerance with her second crypto-themed parody song

Apparently hoping to create the "rallying cry for the women of web3", Randi Zuckerberg released her second crypto-themed song "WAGMI", a parody of Twisted Sister's "We're Not Gonna Take It". Earlier that month, she had released another parody video, of Adele's "Hello". "WAGMI" is loaded with crypto in-jokes, with Zuckerberg at one point yelling "LFG! sweep the goddamn floor! we're hodling, yes we are!" The reaction on Twitter appeared to be fairly universally one of cringe, and more than a few users drew comparison to the terrible raps of alleged Bitfinex money launderer Heather "Razzlekhan" Morgan.

Partway through the song, Zuckerberg sings "carpe the crypto diem". This raises the question of whether she intentionally included a dig at her brother Mark's failed Diem cryptocurrency project (formerly Libra), or if the project was such a flop even his own sister didn't know about it. I truly can't decide which scenario would be funnier.

NFT collector files $6 million lawsuit against OpenSea, LooksRare, and the company behind Bored Apes for not doing more to discourage thefts

A Mutant Ape illustration, with an ape made out of yellow oozing slime, with rainbow worms coming out of its nose, wearing rainbow suspendersMutant Ape #1819, one of the stolen NFTs (attribution)
Robert Armijo is the former owner of three valuable NFTs — one Bored Ape and two Mutant Apes — which he bought for a total of around $300,000 between November 2021 and January 2022. On February 28, he filed a lawsuit against the NFT marketplaces OpenSea and LooksRare, as well as the company behind the Bored and Mutant Ape projects, Yuga Labs. The lawsuit was filed only ten days after another former Bored Apes owner filed suit against OpenSea for allegedly failing to secure their platform.

On February 1, he was the victim of a phishing attack in which he lost the three pricey NFTs. He had agreed to trade one of his Mutant Apes for another NFT he was interested in, but he and the prospective buyer had to perform the transaction through a platform other than OpenSea or LooksRare because it was a swap rather than a purchase for ETH. Armijo turned down several suggestions of platforms by the other party, saying he was unfamiliar with them, and instead suggested one of his own choosing. However, the other party was still able to send him a trading link that appeared to be from the site he had suggested, and Armijo approved what turned out to be an illegitimate transaction that allowed the other party to take all three of his NFTs for nothing in return. Armijo alleges that although he quickly realized he'd been phished, he was not able to get OpenSea or LooksRare to freeze sales of the stolen NFTs, and they were flipped for resale within days.

Armijo alleges that OpenSea and LooksRare have "utterly failed to protect consumers or do anything to disincentivize or stop the thefts" because they profit from each trade on their platform. He has also named the company behind the Apes NFTs, Yuga Labs, in his lawsuit, stating that they have not done enough to disincentivize theft by failing to "monitor its proprietary and exclusive ape community by denying entry to individuals whose access is predicated on a stolen BAYC NFT". Once again, my heart goes out to the judge hearing this case.

In terms of damages, Armijo states he has been "deprived not only of the significant monetary value of the NFTs he owned, but also [has been] strip[ped] of his membership in the BAYC community and the commercialization rights he possessed in his underlying Bored Ape and Mutant Ape images", and as such is seeking damages "in no event less than $6 million". Interestingly, the name Robert Armijo also appears as a defendant in SEC charges from June 2021, where the individual is alleged to have unlawfully sold securities managed by an organization also alleged by the SEC to be a Ponzi scheme. It's not immediately clear if this is the same person, or someone who shares a name.

Elexir draws in more than $1.3 million, then announces an end to the project a week later and "reimburses" investors with $300,000

Elexir Finance promised a platform where users could build passive income via "yield bearing NFTs". They drew in more than $1.3 million in investments since the project's launch on February 22. However, on February 28, the team suddenly sold off their assets, tanking the $ELXR price in the process. They explained in Discord that this was because they had discovered a flaw in their tokenomics design, and so they had sold in order to cut losses and put "almost all early investors... either in positive profit or breakeven". The team also announced that they would distribute $300,000 to other early investors via airdrops. They notably failed to mention their plans for people who were not "early investors", or who were unknowingly snapping up doomed tokens that the project was offloading. Notably, the announcement also mentioned that the remaining treasury of more than $1 million would stay with the project developers, to be used for some new project they did not describe.

After their announcement went over about as poorly as you might expect, Elexir offered their community a choice: take the $300,000 they planned to airdrop, and either continue with that plan or re-add it to the liquidity pool. Community members by and large seemed to support an unlisted third mention, which was to refund the entire treasury to people who bought in, but the project developers seem intent on keeping that amount.

The project development team had had their identities verified by the organization StaySAFU, who subsequently tweeted that "We are currently communicating with both the team behind Elexir and the legal authorities", and that they had identity documents for the team members as well as video confirming they were responsible for rug pulls.

Cryptocurrency exchanges refuse requests by Ukrainian Vice President to freeze Russian and Belarusian addresses

Jesse Powell
@jespow
5/6 Sometimes the hardest thing about having power is knowing when not to use it. Our mission is better served by focusing on individual needs above those of any government or political faction. The People's Money is an exit strategy for humans, a weapon for peace, not for war.Tweet by Kraken CEO Jesse Powell (attribution)
Ukrainian Vice President Mykhailo Fedorov publicly requested major cryptocurrency exchanges to freeze addresses of all Russian and Belarusian users, to increase economic pressure on Russia to end its attacks on Ukraine. Several crypto exchanges including Binance, Kraken, and KuCoin publicly refused to do so. CEO and co-founder of the U.S.-based Kraken Exchange, Jesse Powell, wrote a Twitter thread in which he stated that Bitcoin was "the embodiment of libertarian values" and supposed to be "a weapon for peace, not for war".

Although perhaps unsurprising that these exchanges refused a request like Fedorov's, it will be interesting to see if and how sanctions may affect various cryptocurrency exchanges' actions. Binance, the largest crypto exchange, has already indicated it will comply with sanctions. Kraken, whose executives have tended towards more ideological stances, has also indicated that it will comply with legal requirements to freeze accounts.

Gavin Wood decides war in Ukraine is a great opportunity to promote his Polkadot project

Gavin Wood
@gavofyork
Replying to 
@Ukraine
If you post a DOT address I'll personally contribute $5m.Tweet by Gavin Wood (attribution)
On February 26, the Ukrainian government tweeted Bitcoin and Ethereum addresses, allowing cryptocurrency donations directly to the government to support their resistance to the ongoing Russian invasion. Gavin Wood, a co-founder of Ethereum who is now primarily involved with the Polkadot cryptocurrency network, apparently thought this could be a great marketing opportunity for Polkadot if the Ukrainian government would list a Polkadot address alongside BTC and ETH. He took to Twitter to offer a generous donation contingent on them doing so: "If you post a DOT address I'll personally contribute $5m". I'm sure the Ukrainian government have nothing more important to do than futz around with making wallets for every millionaire who wants to promote his crypto project.

Some with a more optimistic view of Wood's tweet suggested that perhaps his request was motivated by a desire to avoid capital gains taxes that could be incurred by converting his DOT to ETH before donating it, but another commenter pointed out that 1) Wood almost certainly holds more than $5M in ETH already as a co-founder of the project, and 2) Wood lives in Switzerland, where private individuals are generally exempt from capital gains taxes.

Co-founder and primary artist for Starcatchers NFT project uses insider knowledge to buy the project's rare NFTs to flip after reveal

An illustration of a human figure with a star for a head, wearing a pink baseball cap and looking unhappy, wearing a rainbow hoodieStar Catcher #1755 (attribution)
The Starcatchers NFT project sold NFTs which did not immediately show the image associated with them, but would instead be revealed at a later date. An observant collector noticed that several of the NFTs in the project sold for considerably higher than others. Following the reveal, it turned out that these were the rarest NFTs in the project. One of the NFTs (#1755, pictured) has been described as the "project mascot", and later sold back to the Starcatchers team for 30 ETH (~$83,400).

It turned out that "Beutrec", a co-founder and the primary artist behind the collection, had used his access to the project metadata to identify and buy the rarest NFTs in the collection. Although he attempted to use distinct wallets to perform the transactions, they were trivially linked back to him. He made around 50 ETH (~$140,000) in profit from flipping the NFTs he bought with insider knowledge. After his actions were revealed in April 2022, Beutrec's new NFT project, Boki, announced that Beutrec would no longer be a part of their team.