Web3 is Going Just Great

The project has been delayed so many times that it has become a bit of a running joke — crypto critics regularly describe the Ethereum PoS migration as something that has been "only six months away" for several years now. Meanwhile, it has proven a useful way for Ethereum fans to dismiss the valid concerns about the enormous energy expenditure of their preferred blockchain, as though enormous emissions and e-waste are somehow a non-issue if there is some vague plan at some perpetually-in-the-future point to move away from them.

Anyway, Ethereum developers have projected new levels of optimism lately, with several of them describing "the merge" as imminent — I believe a June timeframe was the popular estimate. Unfortunately, this appears to have been just as unachievable as the prior "deadlines", with an Ethereum core developer stating it was now looking like it wouldn't happen until some time this autumn. This is particularly brutal timing, given Nilay Patel's interview yesterday with a16z's Chris Dixon, where he confidently pointed to an early July "merge" date (only to become substantially less confident when pressed on specifics). Anyway, see you this fall for the next hype cycle — between now and then, Ethereum will have again consumed energy comparable to the amounts used annually by some small countries, for little if any useful purpose.

In the order, the Commissioner alleged that the project was "leveraging interest in metaverses to perpetrate a high-tech fraudulent securities offering", and had been falsely claiming to their followers that securities laws don't apply to NFTs. "They are misleading purchasers by claiming they can simply avoid securities regulation by implementing illusory features or use different terminology," the Commissioner's announcement said.

The day after the announcement, Brown released a statement saying that he had been drawn in by the hope that NFTs would allow him to avoid "big companies whose sole focus is strong-arming away the rights to projects they've never been a part of to turn a big profit." He wrote, "I felt that if I didn't jump on it myself, someone else would, without the love, care, and artistry we believe in". He concluded that, given the response from his fans, he would not be continuing the NFT project. Some encouraged him to use the artwork that had already been created for merchandise or other non-NFT art sales.

The day after the announcement, crypto influencer "Cobie" wrote on Twitter, "Found an ETH address that bought hundreds of thousands of dollars of tokens exclusively featured in the Coinbase Asset Listing post about 24 hours before it was published, rofl". The wallet had spent around $400,000 on multiple currencies listed in the announcement, which certainly appears as though they knew about the contents of the announcement before it was published.

This is not the first time allegations of insider trading have been made based on Coinbase announcements. In February, a trader made a profit of over $700,000 by trading on what appeared to be advance knowledge of two upcoming Coinbase announcements.

The community member writing the closing summary of the discussion wrote that "Common arguments in support include: issues of environmental sustainability, that accepting cryptocurrencies constitutes implicit endorsement of the issues surrounding cryptocurrencies, and community issues with the risk to the movement's reputation for accepting cryptocurrencies.... Excluding new accounts and unregistered users, the tally is 232 to 94, or 71.17% in support of the proposal. These results indicate overall community support, with a significant minority in opposition. Thus, the Wikimedia community requests that the Wikimedia Foundation stop accepting cryptocurrency donations."

Elephant Money is a defi project with some questionable promises — its Twitter account advertises that people can "earn 672% APY", and a recent tweet encouraged people to use Elephant Money "as your new bank: Your share of ELEPHANT tokens can be compared to your debit account, except that it also generates you money. Stampede Perpetual Bonds is your retirement fund." Hopefully no one took them up on their suggestion to put their debit account balance or retirement money into the project.

Individual accreditation is based on net worth or income: only those with net worth above $1 million, or yearly income above $200,000, qualify. American Celsius users were largely unhappy with the change, with one writing, "Celsius Network making the rich richer. Shameful."

One Rari developer blamed Ichi for the disaster, writing, "Fuse is a permissionless protocol. Pool operators are responsible for following best practices to avoid situations like this one". Rari Capital's official Twitter account also blamed Ichi, stating, "This is a permissionless pool that is owned and operated by Ichi. We hope to see an announcement from Ichi regarding redemption strategies and next steps to make users whole."

In the FAQ about the incident, Ichi wrote that they had allowed such a high LTV ratio in the pool because they expected "users would make responsible decisions that would benefit the community". There is currently around $30 million of bad debt in the liquidity pool.

$CF was an asset belonging to Creat Future, an early-stage defi project. Some have speculated that the hack was an inside job, and the vulnerable function was added intentionally.

A customer ordered two combo meals, which he purchased by using his mobile crypto wallet to transfer 2 $APE. I was able to track down the transaction, and at the exact time of transfer, 2 $APE were priced at $21.92. The value of $APE has increased by 20% since then, so the purchaser lost out on those earnings by spending them at that time (compared to cash, which is worth roughly the same as it was 10 days ago). This is a (very small) example of why people don't tend to use as currency the same assets they are expecting to increase substantially in value. Furthermore, the purchaser had to agree to an estimated $10 in gas fees when he confirmed the transaction — half as much again as the price of the meal. The transaction ultimately cost the purchaser $4.66 in gas due to fortunately low rates that day, but it was a transaction fee that wouldn't exist if they used cash, or would be substantially smaller and typically absorbed by the restaurant if using a credit card.

Painful financial implications aside, a public transaction record means it's now trivial for anyone to see who is purchasing food at the restaurant using crypto in real time — something that has concerning implications for victims of stalking and other abuse if implemented more widely, as well as just for average people who enjoy having some degree of privacy.

Anyway, hopefully the food's good — assuming the person had any appetite left after looking at their food containers depicting an ape with green skin sloughing off its face.

A company called Gripnr is already working to line up NFT pre-sales, despite acknowledging that they have no idea how they will prevent fraudulent data input — an issue commonly known as the oracle problem. It's also unclear how they intend to change the game so that it's sufficiently different from the Wizards of the Coasts game that they will not face legal action (an issue that ended another crypto project planned to be based around a WotC game). We can only hope that none of this may last long enough to become an issue, given that Gripnr have come up with an idea that I can't imagine appealing to a single person who's ever played D&D.

Meanwhile, Gaye used the project Twitter account to promote his own NFT collection. He also took the donated funds and used them to buy NFTs. When pressed on this in the project's Telegram chat, he wrote, "Im buying NFTs because its my ETH and thats what I wanted to do." After crypto scam investigator zachxbt wrote about Gaye's scams, Gaye threatened to "put him in the ground if we ever meet in person".

Gaye has spent almost 400 ETH on NFTs since beginning to collect donations for his project — equivalent to over $1 million. He has also sold NFTs for a total of around 315 ETH (roughly breaking even with the amount he spent on NFTs, if looking at the ETH prices at time of trade), and amassed a substantial number of NFTs he still holds.

Although the Formula 1 blockchain game that shut down earlier this month made halfhearted promises to allow NFT holders to swap their NFTs for ones used in a different game, Ubisoft has made no such promises.

The language in the lawsuit is very similar to the stolen ape lawsuit filed February 18, which is not surprising because the plaintiffs are using some of the same lawyers. Vice interviewed one of the lawyers, and determined that the somewhat odd wording refers to the issue in which OpenSea users didn't realize their old listings of NFTs at lower prices were still active.

Sadly, the collaborative and fun community art piece and social experiment was financialized almost immediately after the last pixels were placed, with several projects cropping up to sell portions of the canvas for crypto. One of the projects ended almost as quickly as it began, replacing all its NFT images with the "r/FUCKNFTS" portion of the canvas and rewriting the description to say, "Ok, I guess that was a bad move and a bad Joke. Please use Cryptos as decentralized money against states, not to sale dumb images on the internet. Love U Reddit, got U". Other projects, however, remain for sale.

When the user confirmed the transaction, they transferred their three pricey apes to the scammer, receiving three worthless ones in return. NFT trader 0xQuit estimated the loss at around $587,000.

The email in question appeared to be from Trezor, and claimed that users' funds were in jeopardy. It prompted them to download a new (fake) version of the Trezor wallet software, and when users entered their seed phrase to restore their wallet from a backup, it drained their crypto. "What a mug I am," wrote the affected user. "Had been building up my BTC for seven years and lost it in a few minutes' utter stupidity."

The Reddit post also included two follow-up edits, displaying the victim blaming that is common when users are hit with phishing scams and other attacks. The user wrote "Edit: yes I entered my keys, because I'm a twat Edit 2: a lot of people saying they'd never fall for it. I hope they're right."

The theft prompted security researchers at Check Point Research to investigate what ended up being a serious bug in Rarible, where malicious NFTs could execute JavaScript and trick users into signing a contract that would then empty their wallets.

De Ford has named the LGB coin creators in the suit, as well as NASCAR, and promoters like Brandon Brown and Candace Owens.

Whoever was behind these transactions airdropped fake NFTs purporting to be a part of an upcoming BAYC metaverse land project, sending them to owners of pricey NFTs and various NFT influencers. It's not clear whether the NFT can perform malicious actions, or if any individuals have been impacted by it if so. However, part of the scam appeared to be to try to entice other users hoping to get in on the next new BAYC project to fall for a phishing scam. Tracing the transactions back showed an OpenSea profile with a fake "verified" badge and a mint link to what appears to be a phishing website, which invites people to connect their wallets to supposedly mint their own BAYC land NFTs.

Other Discords reported to be compromised include several other big-name projects including Doodles, which had previously endured a Discord compromise in late February. This particular compromise appeared to stem from a series of compromised Discord bots, including a very popular CAPTCHA bot used to fight spammers. It's unclear if anyone lost money to the fake links posted by seemingly-official Discord accounts, or how much, but these types of attacks often lure in at least some victims, and the higher-priced NFT projects like Bored Apes and Doodles enable scammers to ask for quite a lot of money without raising an eyebrow.

The Cosmic Cowgirls team hit back with accusations against the head moderator, accusing him of falsifying allegations against the project out of anger at being fired along with the other moderators. The group also claimed that the funds had been moved for security and tax reasons, and sent a vaguely threatening message to the moderator in which they stated that he should "discontinue the spread of false information in attempts to harm us and the project" and "resolve [concerns] ... privately as the terms of our contract are still ongoing and applicable".

One of their networks, built on top of the Fuse chain, was exploited for crypto assets priced at around $3.6 million. By taking advantage of a re-entrancy vulnerability, the attacker was able to take loans on the platform, then withdraw the collateral without paying back the loans. They then took the stolen assets and transferred them to the BNB and Ethereum chains, making them more difficult to recover.

Suddenly, the project creator resurfaced on March 29, with a tweet claiming that he had been absent for a month because he had been... reading emails. The team then announced they would be handing the project reins over to a community member, though there was no mention of the $21.1 million that had already been pocketed by the original team.

The unexpected return came only days after the U.S. Department of Justice announced charges against two perpetrators of a different NFT rug pull, in which they stated unequivocally that "the same rules apply to an investment in an NFT or a real estate development. You can't solicit funds for a business opportunity, abandon that business and abscond with money investors provided you."

Sky Mavis announced that they had halted the Ronin Bridge and Katana DEX, and were making changes to their network to try to guard against future attacks. They also wrote that they were "working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed".

Unfortunately, the drop did not go smoothly. Heavy botting caused gas fees to spike, and the project claimed there were issues with MetaMask's estimation of gas fees. Outside parties have suggested the issue was not with MetaMask, but rather with a poorly-implemented smart contract.

People wound up making transactions that ran out of gas before completing, meaning they lost their gas fees and did not successfully receive any NFTs. Others paid sufficient gas, but ran into other errors with the contract that meant they didn't get an NFT. The spiking gas fees meant some people lost a considerable amount of money — people reported failed transactions that cost them amounts ranging from 0.1 and 0.8 ETH (between $338 and $2,700). Some who did successfully receive NFTs also claimed to have lost value as a result of the rocky mint, which they said contributed to a lower-valued NFT.

manifold.xyz, the group behind the mint, reported that they planned to reimburse people who lost gas trying to mint NFTs. Some people seemed happy with this solution, while others were upset that they missed their chance to obtain an NFT they wanted as a result of the problems.

One of the artists, Phillip Lietz, took to Twitter on March 28 to call out the group for the pittance he was offered for his work, posting screenshots of an email exchange he had had with a member of the project team. The emails show Lietz asking whether artists would receive compensation for their work, and a project team member replying: "Yes... any artist we select will receive a percentage of our revenue".

They went on to say that if they used his work, they would "negotiate a percentage of what we sell". The reply to Lietz's question about if there was a contract was: "No formal contract as we need to move fast, but I imagine this email would hold up in court as a written agreement if it ever came to that (it wouldn't! Andrew and I are men of our words!)" In a subsequent email, the team member wrote that they would "love to send you a Lobby3 Member token", and that "our artist commissions weren't huge, but [we] would love to send you $500 for your time and effort". Lietz replied to say that the DAO's NFT fundraising appeared to have raised at least $790,000, and that $500 was an unfair amount (although I suppose 0.06% is technically "a percentage"). The team member replied by basically negging Lietz, writing "Honestly, I didn't want to say this, but I will now mention: we weren't actually going to use your art in the project... but you seemed like a great guy and I wanted to throw you some cash and get you some exposure".

Anyway, nice job Andrew and team! Nothing says "eradicating poverty" and "empowering creatives" like paying them basically nothing.

When chastised by other NFT collectors who assumed he had stored the ape on a hot wallet, Moulène clarified that the NFTs had been stored in a Ledger hardware wallet. He later tweeted, "Since I've got a platform, here's what I learned today: COLD WALLET, does not just mean storing assets in a series of ledgers/trezors. It means a wallet that is NEVER Linked to anything besides MM or OS." Moulène went on to threaten legal action, saying, "Oh I will spend 10x that ape tracking these fucks down and suiting [sic] them into oblivion." and "I'm going to pursue legal action in the states and internationally (if need be) to find the people responsible and hold them accountable."

Some initially speculated that he may have mistaken the offer represented in DAI for ETH, as 115 ETH (~$387,500) and 25 ETH (~$84,000) would've been pretty reasonable trades for the respective NFTs. However, the trader posted on Twitter that he had been "swiped ... of his BAYC and MAYC... I am fine. In shock, but okay. Do i know what happened? No. Still trying to wrap my head around how and why."

Some Coinbase customers in these jurisdictions seemed less than enthused at the announcement. One tweeted, "Wait, then what's the point of crypto/blockchain, being outside of fin.system and all.. I may be better off sending fiat money".

After Lieber put these questions to ZenLedger, the company fired Hannum. ZenLedger founder Pat Larsen was cagey around the circumstances under which Hannum was hired, and an outside spokesperson for the company laid the blame on a bad referral and a federal background check that returned "no flags regarding his education or work history". A venture capital firm that invested in the company reported that they "did more due diligence than a traditional venture capitalist would have done" on the company but had not checked Hannum's background.