Revest Finance is hacked for $2 million

The Revest protocol was targeted with an attack that stole $BLOCKS, $ECO, and $RENA tokens from their vault. The protocol wrote that the attacker used a "highly sophisticated attack on a vulnerability that went unnoticed during our Solidity.Finance audit as well as ... multiple peer-reviews". The hacker quickly swapped the stolen tokens for ETH via various decentralized exchanges, then tumbled the funds using Tornado Cash. The protocol wrote that they "do not possess the funds needed for meaningful financial recompense, and are not covered by any DeFi insurance provider", but promised to try to "do everything within our power to make things as right as they can possibly be made".

Coinbase begins to require users in Canada, Singapore, and Japan to input personal information about the recipients of their crypto transactions

Coinbase began sending out notices to its customers who reside in Canada, Singapore, and Japan, to tell them that in early April, they will need to begin inputting information about the recipients of any crypto they send. Coinbase said the change was in order to comply with various regulations imposed by those countries. The specifics differ somewhat between the three countries: for example, in Canada, the verification is only required for amounts above CA$1,000 (about US$800); Japanese users need to provide verification for any amounts, but only if transferring to entities outside of Japan; and Singaporean users need to verify any amounts sent to anyone. Canadian and Singaporean residents will also need to provide the address of the recipient of their funds, whereas Japanese customers only need to supply the name and country of residence.

Some Coinbase customers in these jurisdictions seemed less than enthused at the announcement. One tweeted, "Wait, then what's the point of crypto/blockchain, being outside of fin.system and all.. I may be better off sending fiat money".

Crypto tax software firm ZenLedger fires executive after the New York Times discovers he lied extensively about his background

Color-filtered photograph of Dan Hannum from the shoulders up, with a lens flareDan Hannum Twitter profile photo (attribution)
New York Times reporter Ron Lieber began fact-checking a story in March about a deal between crypto tax software firm ZenLedger and the Internal Revenue Service. Lieber ran into trouble fact-checking the claims of ZenLedger COO Dan Hannum, who told a compelling story of being arrested as a juvenile, then turning his life around and earning college degrees, working at several major Wall Street firms, and becoming a crypto millionaire. Lieber discovered that Hannum had never earned the degrees he claimed, nor worked at the Wall Street firms he listed. He also found no evidence that Hannum had ever managed $100 million in assets like he said, nor that he had made so much on crypto that he was paying "millions in taxes" alone.

After Lieber put these questions to ZenLedger, the company fired Hannum. ZenLedger founder Pat Larsen was cagey around the circumstances under which Hannum was hired, and an outside spokesperson for the company laid the blame on a bad referral and a federal background check that returned "no flags regarding his education or work history". A venture capital firm that invested in the company reported that they "did more due diligence than a traditional venture capitalist would have done" on the company but had not checked Hannum's background.

Exxon Mobil reportedly gets in on Bitcoin mining

According to Bloomberg, Exxon Mobil has begun a pilot program to set up Bitcoin miners at an oil well in North Dakota. The project reportedly runs off 18 million ft³ of natural gas that would otherwise be flared. Although early proponents waxed poetic about how anyone could mine Bitcoin, the increasing hardware specialization and massive electricity costs have made it practical at scale only for those with access to the hardware and cheap sources of electricity — including, now, the world's second largest oil company.

Some crypto proponents have spoken positively about using excess gas that would otherwise be flared for Bitcoin mining, though climate experts have spoken out against it being a sufficient or reasonable solution. "It's like if you had a leaky gasoline pipeline and, instead of fixing the problem, you plugged in a Humvee next to the leak and left the engine on in perpetuity with the A/C on full blast," said UC Santa Barbara professor Paasha Mahdavi.

Hacked verified Twitter accounts impersonate BAYC founders, scam $1 million with fake ApeCoin airdrop

A light purple-furred ape with boils, wearing a pirate hat, with green face with mushrooms growing on it, and open mouthMutant Ape #22660 (attribution)
Some scammers obtained hacked verified Twitter accounts, then rebranded them to claim to be founders of the Bored Ape Yacht Club. They then tweeted about how their team's ApeCoin launch had been so successful, they'd decided to airdrop more tokens. Users who clicked the link and connected their wallets quickly discovered they'd been scammed when their high-value NFTs were transferred from their accounts, then flipped for resale. One victim of the scam said they'd lost $600,000, and tweeted: "@BhawanaCAN put out a tweet refering for more $ape available- I trusted the blue checkmark @twitter @jack now the ape and my gutter cat is gone - fuck you @BhawanaCAN". @BhawanaCAN, prior to the hack, was an account belonging to the former CEO of the Cricket Association of Nepal.

There were multiple scammer accounts involved in the scheme, and one researcher has estimated that the scammers had made around $1 million from reselling the NFTs as of March 24. A similar hack had occurred several days earlier, in which a hacked verified account impersonated a BAYC founder and successfully stole three pricey Bored Apes from a collector.

Roller derby community resoundingly rejects NFT project

An illustration of a pink-skinned person with a black helmet with a star on it with spikes, holding skates over their shoulder. The text "BOUT TIME NFTTT" is superimposed over it in a neon styleBout Time NFTTT logo (attribution)
After three roller derby stars announced an NFT project called "'Bout Time", the roller derby community was fairly united in its displeasure with the idea. Though the project intended to donate some of their proceeds back to the roller derby community, the overwhelming response appeared to be that engaging with NFTs was indefensible even if the project did provide money for the derby leagues. Most concerns seemed to revolve around the environmental impact of NFTs in general, as well as the scams that are rampant in the NFT world. After considering the feedback to their project, the three skaters announced that they would not be continuing with the project, which was due to mint on March 31. One of the project founders told Vox, "If this community doesn't want us to run this project, then we're not going to do this project for them. The whole reason was to raise money for the derby community, and they so strongly spoke out against us."

Department of Justice charges the scammers behind the January "Frosties" NFT rug pull with fraud and money laundering shortly before they launch their second project

Pastel rainbow colored illustration of a flame, wearing a hoodieImage from the Embers NFT project, which the Frosties scammers were about to launch (attribution)
On January 9, an ice cream-themed NFT project called "Frosties" made off with $1.1 million in a rug pull only an hour after the NFTs were launched. Less than three months later, the U.S. Attorney's Office for the Southern District of New York announced that they had charged the two 20-year-old individuals behind the scheme with conspiracy to commit wire fraud and conspiracy to commit money laundering. Although it is bizarrely common to see people question whether NFT rug pulls are actually crimes, the USAO was quite clear: "Rather than providing the benefits advertised to Frosties NFT purchasers, Nguyen and Llacuna transferred the cryptocurrency proceeds of the scheme to various cryptocurrency wallets under their control." The Special Agent in Charge stated, "the same rules apply to an investment in an NFT or a real estate development. You can't solicit funds for a business opportunity, abandon that business and abscond with money investors provided you."

The statement also alleged that the duo were working on another NFT project called "Embers", which they hoped would generate around $1.5 million. The project was set to mint on March 26, and the 60,000-member Discord has been thrown into disarray. Some of the community moderators began deleting links to the D.O.J. announcement, and attempted to suggest that the Department of Justice website had been faked to "FUD" the project.

The individuals behind the Frosties scheme face charges that each carry a maximum sentence of 20 years in prison, if they are convicted.

Pye suffers a $2.6 million loss in a flash loan attack

The security firm PeckShield reported that the Pye ecosystem had been targeted with a flash loan attack, which drained around $2.6 million from the protocol. Pye is a group of defi software projects built on the Binance Chain. The project had just undergone a large migration, and it appeared the bug may have been introduced in the new contracts.

The guy behind the "NFT band" on Ellen thinks you should have to pay royalties on dance moves

Four figures resembling neon-colored versions of bigfoot play instruments on a large screen. A woman wearing bright blue pants and a jacket kneels in front of the screen singing into a microphone.I tried to get a good screengrab of the "NFT band" but the videographer, reasonably, seemed to find the human performer more interesting (attribution)
In the latest installment of "large television program launders the reputations of NFTs", an "NFT band" performed on Ellen... Well, some animated characters danced on a screen while a human performed, a concept that is not exactly new.

The animator who created the band animation, however, has big dreams for the possibilities NFTs could bring to dancers. Dancers "can now claim digital ownership over a series of moves or routines by means of NFTs". Imagine, he says, "owning the original Moonwalk". Yes, everyone, just imagine how much better the world could be today if everyone had had to pay royalties whenever they imitated Michael Jackson's signature move.

Parts of the "Caked Apes" NFT project team both sue each other

A purple dripping ape with a turquoise helmet and green dripping teeth, wearing a pink shirt on a pink and orange backgroundCaked Ape #2487 (attribution)
Two lawsuits were filed nearly simultaneously, each alleging misconduct by the other party with respect to the "Caked Apes" NFT project — a project full of illustrations that were very clearly derived from the popular Bored Apes project, but feature neon colors and psychedelic motifs. Caked Apes so far has done around $1.9 million in sales.

Both lawsuits center on Taylor Whitley and his departure from the project, but they diverge considerably from there. Whitley's suit claims that he was wrongly ousted from the project; the other lawsuit claims that Whitley engaged in "unhinged, destructive, and egotistical acts... to sabotage... "Caked Apes", after Whitley failed to usurp ownership and control of the project entirely for himself". They also allege that Whitley misused DMCA takedowns to have the collection removed from online marketplaces. The lawsuits are liable to be complicated somewhat by the fact that a partnership agreement doesn't appear to have ever been written up.

A Robin Hood-esque attacker steals $52 million from Cashio, then returns smaller amounts and pledges to donate the rest to charity

A hacker was able to exploit an infinite mint glitch in the protocol of Cashio, a Solana stablecoin project. They were able to pull around $50 million out of the platform, while also tanking the value of the $CASH token in the process. The attacker left a note in the input data of their Ethereum transactions that "Account with less 100k have been returned. all other money will be donated to charity."

Saber, the providers of the Cashio liquidity pool, published a postmortem of the attack in which they wrote that "We do not have the money to pay back depositors." The hack was the second largest in Solana history, behind the February Wormhole hack. Saber entreated the hacker to return the funds, writing, "accounts with over $100k are often users' life savings on leverage, and many of us will seriously be affected financially after this incident."

On March 28, the attacker sent a message saying that "the intention was only to take money from those who do not need it, not from those who do", and invited users who had over $100,000 to apply to receive their funds back with "an explanation of the source of this money and why you need it back. more detail is better. money will not be refund to rich american and european that don't need it." Somewhat strangely, Cashio themselves began hosting a website to allow affected users to plead with the hacker to return the money.

VeVe marketplace goes offline for over a day after an exploit results in a "large amount of gems being acquired illegitimately"

The VeVe marketplace has developed a bit of a reputation as the partner of choice for some big names who have dipped their toes into "licensed digital collectible" NFTs, including Marvel, Pixar, and Coca-Cola. It is also notable for using in-app tokens called Gems, which can be purchased with credit cards, but have been impossible to cash out since the mid-2021 launch (though VeVe has very recently said they are beta testing a cashout system).

On March 22, VeVe tweeted that "We have become aware of an exploit of our systems which resulted in a large amount of gems being acquired illegitimately", and that they had closed the market, as well as purchases and transfers of Gems. The market remained closed for over a day as VeVe apparently triaged the problem. It's not clear yet what the impact has been to the platform or its users, though many reported that their NFTs appeared to have plunged in value.

G2 Esports sues NFT provider Bondly, accuses them of using them for publicity

G2 Esports announced a partnership with NFT provider Bondly in June 2021, through which they planned to release profile picture NFTs that would also provide access to membership perks. Nothing has materialized since then, despite their plans to launch in February. On March 22, G2 filed suit against Bondly, accusing them of agreeing to a deal they knew they could not fulfill, but that would lend Bondly credibility and publicity via the association with the G2 brand. According to the lawsuit, shortly after the first invoice was sent for the rights payments that Bondly was due to pay to G2, Bondly wrote that the company was "past the point of being able to successfully deliver an NFT program". G2 has said the failed deal resulted in $5,250,000 in damages.

Team behind the NeoNexus NFT project raises several million dollars, then abandons it

Tweet by Jack Shi, containing a photo of a man sitting in the driver's seat of a sports car with the gull-wing door opened. Text reads "#NewProfilePic This car is so comfortable and worth way more than my house."Tweet by NeoNexus founder Jack Shi (attribution)
NeoNexus was a metaverse NFT project that raised about 25,000 SOL (worth around $2.2 million today; previously worth $3.5 to $4.5 million). The project had sold various "property NFTs", and had plans to create other NFTs representing things like characters and vehicles.

On March 21, the project's founder Jack Shi wrote on Twitter, "It is with a heavy heart that we must inform you that we can no longer continue healthy development of the NEONEXUS project. We would like to hand over the project to our community, or a community-selected party for takeover if that's feasible / possible." Going into more detail on Discord, he said the project had run out of money, which he blamed on waning interest in Solana NFTs.

The reaction to the announcement was overwhelmingly negative, particularly given the project's founder's apparent habit of bragging about his luxury cars. Many users described the abrupt shutdown as a rug pull, and one user even mentioned looking into a class action suit against the project team.

Phishing scheme promising to animate one's apes nets attacker a collector's three pricey Bored Apes

A Bored Ape with leopard print fur, wearing a black bowler hat and American flag shirt with a deep V-neck, with half-closed red eyes, on an orange backgroundBAYC #71 (attribution)
An NFT collector fell for a scam website promising to "turn your BAYC animated". After connecting their wallet, the attacker transferred their three pricey Bored Ape NFTs to their own wallet, then quickly flipped them for resale for a combined total of around 264 ETH ($764,000). Zachxbt, a crypto fraud sleuth who first noticed the scam, estimated the NFTs' actual value at closer to $900,000.

It appeared from the victim's retweets that they had fallen for a scam shared by a verified Twitter account that claimed to be one of the Bored Apes founders. However, a closer look at the Twitter handle showed it was a hacked account with the username "volt_france", which previously had belonged to the French branch of the Volt Europa political movement.

Hacker steals more than $1.5 million after compromising wallets belonging to crypto whale Arthur_0x

CloneX #13992, one of the stolen NFTsCloneX #13992, one of the stolen NFTs (attribution)
Arthur_0x, a crypto investor and NFT whale, had two of their hot wallets compromised. The attacker stole ETH and transferred some big-ticket NFTs out of the wallets, including at least five CloneX NFTs and 17 Azuki NFTs. CloneX NFTs have been selling for an average of 16.76 ETH (about $50,000) over the past 30 days, and Azuki NFTs have been going for 12.5 ETH ($37,600). The attacker had not yet sold all the NFTs they had stolen, but within two hours of the attack they had 545 ETH (about $1.6 million) in their wallet.

Arthur_0x wrote on Twitter that they had previously only ever used a hardware wallet on their PC, but when they started more regularly trading NFTs they'd started using a hot wallet. "Hot wallet on mobile phone is indeed not safe enough", they wrote on Twitter, "Guess no more hot wallet usage then." They also wrote, "The only thing I can say to the hacker is: you mess with the wrong person" and tweeted the wallet address to which the NFTs were being transferred, asking for it to be blocklisted.

Hacker steals $1.45 million from OneRing Finance using code that self-destructs after the attack

A hacker was able to use a flash loan attack to exploit an issue with OneRing Finance. By manipulating the price of tokens in the project's liquidity pool, the hacker was able to draw out 1.45 million USDC, a stablecoin pegged to the US dollar. According to PeckShield, the loss to the protocol was larger than what the hacker actually was able to cash out.

The hacker complicated things somewhat for OneRing by covering their tracks. They used a "self-destruct" mechanism — typically used by developers to destroy smart contracts that are found to have a bug — to destroy the contract they used to carry out the attack, making it more difficult for OneRing to determine which parts of their codebase were vulnerable and led to the attack.

NFT scammers take over the Twitter account of a Florida gubernatorial candidate

Twitter profile of Nikki Fried, showing banner and profile pictures for "Skulltoons", and the name "nikki.eth"Nikki Fried's compromised Twitter profile (attribution)
The Twitter account belonging to Nikki Fried, the current Florida Agriculture Commissioner and a Democratic candidate for the 2022 Florida gubernatorial race, was compromised and repurposed as an NFT shill account. The account, which was verified and had more than 270,000 followers, suddenly underwent what I imagine was a bit of a startling rebrand for her followers: her name was changed to "nikki.eth", and the Twitter bio was replaced with "Mod for SkulltoonsNFT, ThugBirdz, AzukiZen. Web3 Enthusiast". The account also changed its banner and profile pictures to Skulltoons images, and started tweeting about giveaways. By March 20, Fried had apparently regained control of the account, though the account privacy had been changed to protected.

The Fried account compromise is only one instance of what has become a trend on Twitter: Twitter accounts belonging to high-profile individuals, or accounts that are verified or have a large number of followers, being compromised and sold to NFT scammers. On March 11, ESPN baseball reporter Jeff Passan also had his twitter account compromised and repurposed to shill Skulltoons NFTs. Skulltoons distanced themselves from that incident, writing that they believed the hackers were trying to scam their NFT community.

Kaiju Kongz NFT project artificially inflates its floor price by destroying your NFTs if you list them for sale at too low a price

A pixel art image of a large ape creature with green and yellow eyesKaiju Kongz (attribution)
An NFT project's value is often discussed in terms of its floor price — that is, the lowest price at which any given NFT in a collection is listed for sale. The new NFT project Kaiju Kongz decided to take advantage of the fact that you can pretty much do anything you want with a smart contract to ensure that the floor price of its project only increases shortly after the NFTs are launched. They released their project with a "burn schedule" — a list price that gradually increases as time goes on, where if someone lists their NFT below that price, it will automatically be burnt — the closest thing to "destroying" an NFT that's possible. This serves to ensure that the floor price stays above the minimum value the project creators want, which doubles daily from 0.065 ETH (~$190) on the day of launch to 0.64 (~$1900) on March 22.

Some NFT collectors criticized the choice. One described it as "illegal market manipulation tactics", and others said the project should grow the floor "organically". Given the rampant manipulation in the NFT space, one wonders if the real criticism collectors have with the project is that they were too transparent about their price manipulation, and should've just done it quietly like other projects have.

Founder of crypto investment scheme "IGObit" and the sham organization "World Sports Alliance" is convicted of wire fraud

Asa Saint Clair created an organization called the World Sports Alliance, which he falsely described to prospective investors as being closely affiliated with the United Nations (for some reason). Saint Clair convinced more than 60 people that they should invest in his IGObit digital coin offering, stating they would received guaranteed return on investment, but instead he just took the money and used it for his own purposes. Saint Clair was convicted on March 18, and faces a maximum sentence of 20 years in prison.

People briefly borrow Bored Ape NFTs to claim as much as $1.1 million in $APE tokens

The Bored Ape Yacht Club recently created a token called ApeCoin, some of which they announced would be distributed to people who owned various Bored Ape NFTs and NFTs from their related collections. However, because the token distribution didn't use a snapshot of ownership data, but rather distributed tokens per-NFT to the first owner who claimed them, people were able to game the system. Some owners of Bored Ape and related NFTs had put their NFTs into an NFTX vault, which is a setup where someone takes a subset of their NFTs and creates a token that is based on them. The token can then be staked to generate yield, or can be sold, and if someone owns enough of the tokens, they can redeem them for the NFTs. A clever operator found a vault containing five Bored Ape NFTs, which had unclaimed $APE associated with them since they were locked up in the vault. They used a flash loan to purchase a large amount of the vault's token, redeem the five BAYC NFTs, claim the airdropped tokens, return the BAYC NFTs, sell back the tokens, and repay the loan, all in one transaction that cost them nothing but netted them 60,564 $APE, which they then swapped for 399 ETH ($1.1 million).

People were somewhat split on whether this could be classed as a vulnerability in the $APE airdrop, since (as with many crypto hacks and scams) the person was operating completely within the rules set out in code.

Australian regulatory agency begins lawsuit against Facebook over failing to address scammy crypto ads

The Australian Competition & Consumer Commission (ACCC) announced that they had begun federal court proceedings against Facebook, alleging that the company "engaged in false, misleading or deceptive conduct by publishing scam advertisements featuring prominent Australian public figures". The ACCC claims that Facebook ads featured prominent Australian individuals without their approval, and implied that the crypto schemes were associated with or endorsed by those individuals. When a person clicked through the link, they were invited to provide contact information to a group of scammers who reportedly incessantly called the targets to pressure them into putting money into the schemes — in one case, a Facebook user lost more than $650,000. The ACC alleged that Facebook "aided and abetted or was knowingly concerned in false or misleading conduct and representations by the advertisers", but didn't take sufficient action to stop the misrepresentation, even after public figures raised the alarm about their likenesses being used without consent to scam people.

Binance says it will stop operating in Ontario, for real this time, and admits they lied to investors

In June 2021, Binance announced they would stop operating in Ontario after the province introduced new prospectus and registration requirements for crypto exchanges. However, in December, Binance said in an email to Ontarian investors they were allowed to continue operating in the province — prompting the Ontario Securities Commission to release a statement titled "Binance is not registered in Ontario", which said, "Binance represented to OSC Staff that no new transactions involving Ontario residents would occur after December 31, 2021. Binance has issued a notice to users, without any notification to the OSC, rescinding this commitment. This is unacceptable."

On March 16, Binance confirmed that they would actually stop servicing Ontario residents, for real this time. They also admitted to sending an email to investors on January 1 that said that they could no longer trade or onboard to the platform, despite not putting any such restriction in place.

Discord hack targeting Rare Bears NFT project nets attacker $800,000

An illustration of a bear wearing a crown, with laser beams firing from its eyes, with headphones around its neck, holding a molotov cocktailRare Bear (attribution)
After hackers successfully compromised the account of one of the Rare Bears Discord moderators, they posted an announcement that new NFTs were being minted. Those who tried to participate in the mint wound up having their accounts compromised and their NFTs stolen. The hackers sold most of the 179 NFTs they stole, for a combined total of 286 ETH (more than $800,000).

Not only did the attackers post a fake mint link, they took steps to prevent the project from thwarting their attack by banning other members and removing user rights that would have allowed other project members to delete the fake links. They also added a bot to the server that locked channels so people couldn't send warnings that the links were fake.

The Rare Bears team did eventually regain access and secured their Discord server. In an apology posted on their Twitter page, they addressed the multiple security breaches that Rare Bears have faced to date, and said they had "stepped up" and would be having a firm audit their project.

Bored Ape Yacht Club launches their new ApeCoin, which immediately tanks in price

Price of ApeCoin, compared to USD, showing a brief and large spike, followed by a drop and then fairly steady valueApeCoin price (attribution)
Bored Ape Yacht Club decided to release "ApeCoin", a new cryptocurrency token. The token distribution heavily favors current BAYC owners, truly underscoring the fantasy about a fairer distribution of wealth that some people thought crypto would somehow magically bring about. Holders of Bored Ape NFTs — already priced at several hundred thousand dollars apiece — received airdropped tokens in proportion to their holdings of Yuga Labs NFTs; one holder of 12 Bored Apes, 10 Mutant Apes, and 11 Kennel Club NFTs reported receiving 150,964 APE (valued at $1.3 million when $APE was at $8.56).

The $APE price briefly soared to around $40 shortly after launch, before crashing precipitously to around $8.50 not long after, presumably as people cashed out their free money. Even many cryptocurrency enthusiasts were nonplussed by the launch, with many describing it as a "money grab" or an attempt to enrich the founders, which apparently is a bad thing (despite many crypto projects openly doing the same). One angry Redditor wrote, "Owners of Bored Ape NFTs were given the coin first(very rich people), then it was sold to the normies who got FOMO and pumped the price, then it crashed. Yet again, leaving regular people holding bags of pure garbage while the coin pushers wave bye-bye from their lambos."

Winamp joins LimeWire in the emerging "legacy software comes back from the dead to do NFTs" trope

The first Winamp skin, a dark grey interface with buttons resembling those used in Windows 95 or 98Original Winamp skin, which they say will "be the base Artwork for all your derivative needs" (attribution)
A week after LimeWire emerged from cryostasis to announce it would become an NFT platform, Winamp decided to jump in as well. Winamp was a Windows media player that first launched in 1997, and was sold for a hefty sum to AOL in 1999, before fading into obscurity after facing tough competition from iTunes in the early 2000s. Although Winamp has been promising new versions of the software since its 2014 sale to Radionomy, only a single beta release in 2018 has ever materialized. However, on March 16, the Winamp Twitter account announced "the auctioning of Winamp Original Skin as 1/1 NFT AND the launch of Winamp Foundation". The Winamp Foundation, they wrote, would "collect money to help musicians across the world to make the music they love". The response on Twitter was overwhelmingly negative, with a top comment reading, "It is incredible how you took decades of good will nostalgia and removed it with a single tweet."

Official Formula 1 blockchain game suddenly shuts down

A rendering of a blue and white F1 racecar, hovering above a black triangular plastic base that says "Tiberon [sic] Car""Tiberon [sic] Car" NFT (attribution)
F1 Delta Time, a crypto car racing game that was officially licensed with F1 racing, shut down in mid-March. The game had previously generated a lot of hype — one of its car NFTs was the most expensive NFT sold in 2019 (more than $100,000). However, game owner Animoca was unable to renew their license to use the F1 brand, resulting in a sudden and unceremonious shut down. Players were given a single day of notice before the game went offline. Users, of course, keep their NFTs, but their ostensible use is now no more. The developers have tried to placate their players by offering various replacement options, primarily based around Animoca's Polygon-based "REVV Racing" game.

NFTBOOKS enters the race to see who can remake DRM the worst

A pie chart where none of the sections appear to be proportional to the numbered percentages, and are all slightly overlappingNFTBOOKS token distribution chart (attribution)
A project called NFTBOOKS has cropped up, promising to "transform the world of book-readings" by creating an NFT economy of authors, book-lenders, readers, translators, and, of course, investors. A writer named Tiffany Hutchinson contacted the project to politely inquire about how it intended to prevent the theft that is so rampant in the NFT space, and received some pretty disappointing answers. After trying several times to wave her off with vague answers about "there will be a review process" to check ownership of the work, they explained that they would implement "a filter on our system" that would check against identical copies. When she asked how that system would work if the original author was not the first person to create an NFT of the work, or how they would prevent someone from making small changes to the work to trick the filters, the project first gave staggeringly poor answers, then wrote that Hutchinson simply didn't understand, then became combative with her.

Fortunately there doesn't actually appear to be much to the project yet — actually creating a platform and an app to allow people to borrow books doesn't come until the fifth and sixth stages of their roadmap. The project is currently on the fourth step, and has been focusing their attentions on things like "marketing campaign" (stage 1), "aggressive marketing rollout" (stage 2), and "extreme marketing campaign" (stage 3). The stage 3 "extreme marketing campaign" also came with a "website relaunch", which we have to thank for one of the most outrageous pie charts I have ever seen (pictured) (which was later determined to have been a stock photo of a pie chart where they'd just changed the numbers). Perhaps they should focus some of their marketing efforts on coming up with answers to the simplest of questions that they should probably expect from authors — the type of people they're claiming to help.

Hundred Finance and Agave Finance are both exploited for a collective $12 million

An attacker using a flash loan attack targeted two projects on the Gnosis blockchain: Hundred Finance and Agave Finance. Each project paused their smart contracts, but not before the attacker made off with a considerable sum of money. That day, the attacker put the funds through a cryptocurrency tumbler, making it much more difficult to trace the collective 4,479 ETH that was stolen in roughly equal amounts from each protocol.

Hundred and Agave were the second and third defi protocols targeted by flash loan attacks that same day, with Deus Finance losing more than $3 million to hackers using the same class of exploit.

Binance pauses withdrawals and deposits via Polygon

After an extended Polygon outage on March 10, Binance temporarily paused deposits and withdrawals via Polygon on March 15. Although Binance reported it was "due to the network wide issues of the Polygon network", Polygon stated that "Polygon PoS network is stable, and working fine. All funds are safe. Binance is upgrading its nodes, and currently syncing the block data, hence they have paused the deposit and withdrawal." It was unclear why this would happen days after the original outage.

Hackers make off with over $3 million from Deus Finance

Hackers were able to use a flash loan attack to manipulate a price oracle, pulling 200,000 DAI and 1101.8 ETH (totaling almost $3.1 million) out of the Deus Finance defi platform. PeckShield, the analysis firm that identified the vulnerability, wrote that the $3 million number represented the amount the hackers were actually able to withdraw and put through a cryptocurrency tumbler, but that the loss to the project may have been larger. The CEO of Deus Finance subsequently wrote on Twitter that users whose positions were liquidated as a result of the exploit would be repaid.

Sneaky malware replaces Bitcoin addresses in clipboard to reroute transactions

Bitcoin wallet addresses look something like bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq, and so it's not always obvious at a glance if one string of random characters might have been replaced with another. Malware taking advantage of this fact has been spotted in the wild, replacing copied Bitcoin addresses with the address of a scammer, so that if a person pastes in an address to send Bitcoin to, it goes to the scammer instead. One trader learned this the hard way when the 0.255 BTC (about $10,000) they'd tried to send to an exchange never arrived. After looking into it, they saw that the funds had gone to a completely different address than they'd intended, and were able to sniff out that malware was to blame.

Invictus DAO whales quickly vote to shutter the project in its first ever community vote, leaving most others with huge losses

Invictus price history since November 12, 2021, showing a brief spike in late November and then a precipitous drop and slow decreaseInvictus token price in USD (attribution)
The Sol Invictus project was an Olympus DAO-like project on the Solana blockchain, much like the Wonderland project that went up in flames recently. Promising absolutely massive returns, with numbers like 60,000% APY being tossed around, people bought in hoping to see their money skyrocket. The project also partnered with major names in the Solana ecosystem, earning legitimacy.

However, although the project enjoyed a spike in price in November, the token has bled value since then. On March 9, the project leaders began a conversation about team salaries, where they also floated the idea of redeeming the treasury and closing the project. On March 11 they began a vote, which lasted only three days, and allowed members of the DAO to vote on whether the project should close and distribute treasury funds to participants. Much like the Wonderland vote in late January, a relatively small number of whales with a large share of the votes (who bought in early and still stood to make money on the project) were able to pass the vote to close the project, despite a majority of voters selecting to keep the project going. Furthermore, because the Invictus tokens used for voting also themselves hold the value, some people were unable to vote in the poll because their tokens were locked up in lending platforms where they had used them as collateral. Many participants in the project who haven't been actively watching the governance page likely don't even know the vote happened.

Some members of the project wrote on Discord that they felt rugged, with one even speculating that the project had been so eager to implement voting so they could pass a "community" vote to close the project and make off with a profit without damaging their reputations or potentially facing lawsuits. Various members of the project Discord shared how much they had lost: one person said they were down $20,000, another was down $75,000, and a third person reported losing $400,000. One person asked "who else is in the 6 figure loss club" and received three agreement emoji reactions; another person said they'd lost a year's salary. Some people already opted to try to sell their tokens early, worrying that the project leaders might make off with the treasury and not allow people to redeem their $IN; others waited in hopes of the redemption price being higher than the current token price; and some even suggested buying more $IN in hopes that they could make a profit if the redemption price is higher than the current price.

Discord compromise targets fans of the Wizard Pass project in a two-for-one scam that both accepted payments for fake NFTs and stole the NFTs that victims already owned

Wizard Pass is an NFT trading community and package of various software tools that can be joined for a price: a collection of 3,000 NFTs gates access to the community. The NFTs had a successful mint on March 7, and since then have been trading for around 0.3 ETH ($800) on the secondary market. Although the project stated that they would never mint more passes, members of the Discord were excited when the project's founder announced they would be doing a public sale for an additional 1,000 NFTs, at 0.1 ETH ($250) apiece. Unfortunately, there was no such mint, and it turned out the founder's Discord account had been hacked. As of midday on March 14, the hacker had received 66.4 ETH ($169,000) from 290 wallets.

A Twitter thread by SerpentAU suggested that the malicious minting website had not only accepted ETH from victims and provided nothing in return, but had also prompted users to grant full access to their NFT wallet, allowing valuable NFTs to be stolen. It's not yet clear how many NFTs were stolen as a result.

Collector sues artist after spending over $500,000 on an image of Pepe the Frog that others got for free

A trading card style image with an illustration of Pepe the Frog leaning on the edge of a pond, with his buttocks partially exposed. The text area of the card contains Matt Furie's signature.FEELSGOODMAN Series 20, Card 50 (attribution)
Matt Furie is the original creator of the Pepe the Frog cartoon that was later co-opted as an alt-right hate symbol, and which has also been popular among crypto enthusiasts and other online communities. Furie, his company Chain/Saw, and his DAO PegzDAO held an auction on October 8, 2021, and seemed to promise that the NFT would be one-of-a-kind: "500 cards issued, 400 burned, 99 will remain in the PegzDAO, and ONE is being auctioned here". Halston Thayer ended up winning the auction by bidding 150 ETH, then worth $537,084. However, on October 24, 46 of the 99 NFTs that were held by PegzDAO were distributed for free. According to a lawsuit filed by Thayer on March 12, 2022, releasing the 46 additional NFTs "significantly devalu[ed] Plaintiff's Pepe NFT to less than $30,000". The lawsuit seeks reimbursement of Thayer's original purchase, as well as punitive damages. Best of luck to the lawyers trying to describe "Rare Pepes" to a judge, or keep a straight face when saying that yes, the plaintiff did pay more than half a million for a drawing of a rather callipygian cartoon frog.

A trader reportedly makes half a million from a flash crash, then the LATOKEN exchange takes their coins

A trader set very low limit order on Ripple's XRP token, and was delighted to see it executed with XRP very briefly plummeted in value in what's known as a flash crash. The price recovered quickly, and the trader found themselves $458,000 wealthier. However, when they tried to withdraw some of their money from the exchange they were using, LAToken, the withdrawal was declined and their account was restricted for 24 hours for an unspecified terms of use violation. When the trader regained access to their account, the XRP they bought was nowhere to be found.

Report alleges Socios withheld payments owed to advisors and staff to maintain the value of its cryptocurrency

Off the Pitch reported on March 11 that Socios, the sports fan platform, had withheld payments owed to staff, advisors, and others who had signed agreements to endorse the platform's cryptocurrency, chiliZ. Internal messages showed that Socios founder Alexandre Dreyfus repeatedly referred to the payments owed to advisors as "the free money we give them". The reasoning for withholding the payments he'd agreed to? According to internal messages from Dreyfus, "When you give free tokens, people can sell at any price... It doesn't matter for them; so it makes the price going down... and the REAL investors who bought are losing money because of that." Staff members also were not paid the amounts they were owed. Some of them had moved to Malta, where Socios is headquartered, and were stuck there waiting to be paid.

$4 billion hedge fund Fir Tree Capital Management shorts Tether

The large hedge fund Fir Tree Capital Management has decided that the doubts around the stablecoin Tether are serious enough to take out a substantial short position against the project. Tether has faced questions from regulators, many of which center around whether or not the stablecoin is actually backed by the reserves it claims to have. Some of the assets Tether holds are high-yield commercial paper, which Fir Tree evidently believes is substantially tied to Chinese real estate firms. If that is the case, the real estate crisis in China (primarily revolving around Evergrande Group) could cause the value of Tether's reserves to plummet. According to Fir Tree, they've been shorting Tether since July, and expect their bet could pay off within a year. Other commenters and analysts have speculated that if Tether collapses, and that it very well might, there could be enormous ramifications for the rest of the cryptocurrency space.

UK Financial Conduct Authority requires all Bitcoin ATMs to be shut down

A person holds a phone while tapping a screen on an orange Bitcoin ATMBitcoin ATM (attribution)
All 81 functional Bitcoin ATMs in the United Kingdom are operating illegally, says the UK's Financial Conduct Authority (FCA). None of the companies operating them have a license to do so, and the FCA has said that they will take action against the companies if they don't shut down the kiosks.

One company now owns three of the most popular NFT collections: Bored Apes, CryptoPunks, and Meebits

A voxel-style rendering of a human with short black hair and a beanie cap, wearing a tie-die shirt, ripped jeans, and green sneakersMeebit #12742 (attribution)
Nothing really says "decentralized" like one company controlling the priciest and most popular NFT collections! Yuga Labs, the company behind the popular Bored Apes Yacht Club NFTs, announced they had purchased CryptoPunks and Meebits from LarvaLabs. CryptoPunks is one of the oldest NFT collections, and, along with Bored Apes and Meebits, ranks among the priciest collections on the market. Yuga Labs is also the owner of the popular Bored Ape Kennel Club and the Mutant Ape Yacht Club projects.

Facebook bans crypto scammer who pulled in up to $140,000 by impersonating economist David Rosenberg

Facebook comment from someone named Fany Roy Hayes: "I know this may sound unlikely but I just want to share it here for the good of everyone. I've been investing with Sir Ethan David Rosenberg for some week's now, the first investment, to my greatest surprise, I made a withdrawal in just 5days. since then I have been investing with him because of his accuracy. You too can earn big connect with him on the link."A Facebook comment from an account promoting the Rosenberg scam (attribution)
A Facebook profile impersonating an economist named David Rosenberg was discovered by Snopes to have drawn in around 3.4 Bitcoin in deposits, ostensibly from victims who were convinced they were investing with the actual Rosenberg. The fake Rosenberg profile, and others associated with it, posted about how he had reportedly helped them get out of debt or make a lot of money. The scammer's account was originally created in 2012, and when it began to be used in 2021 for the crypto scam, the operators edited old posts to make it appear that the "investment" operation had been going on for multiple years. Facebook banned the account shortly after Snopes published its report.

MeUndies cancels its NFT underwear plans and sells its Bored Ape after community backlash

A grimacing illustrated ape, wearing heart sunglasses and a black cap with a chain around it, to which the MeUndies logo has been addedMeUndies' modified Bored Ape illustration (attribution)
Believe me, I was as shocked as you were to discover that the MeUndies underwear brand has a "community". But that community apparently objected to the brand's purchase of a Bored Ape NFT, which they intended to use as a print on their line of undergarments. "We aren't going to make any excuses, we just didn't do the work we should have to make such an impactful decision", a MeUndies spokesperson wrote on Reddit. The spokesperson wrote that, after learning about the environmental impact of NFTs and cryptocurrency, they would be canceling the planned print, and selling off their Bored Ape. The NFT in question appeared to be BAYC #3986, which most recently sold in January for around 107 ETH ($260,000).

ESPN baseball reporter Jeff Passan has his Twitter account hacked and used to shill NFTs on "the biggest news day of [his] life"

Twitter profile of Jeff Passan, showing banner and profile pictures for "Skulltoons", and the name "Jeff.eth (Jeff Passan)"Jeff Passan's compromised Twitter profile (attribution)
ESPN MLB reporter Jeff Passan was having a great day, as he had been the one to break the news of an agreement between the MLB and the MLB Players Association, who had been deadlocked on labor negotiations. Unfortunately, this was soured a bit by his 800,000-follower, verified Twitter account being compromised and repurposed to shill "Skulltoons" NFTs.

Passan regained control of his Twitter account several hours later. Passan later wrote in a tweet, "hey remember that time i got hacked on the biggest news day of my life". The Skulltoons project distanced themselves from the incident, writing that they believed the hackers were trying to scam the Skulltoons community.

The Polygon network suffers an eleven-hour-long outage

After a network upgrade, Polygon went offline for eleven hours while developers scrambled to diagnose and patch an issue preventing its validators from achieving the 2/3 consensus required by the protocol. Projects and traders alike were affected by the outage, with various projects having to delay planned releases, and users reporting errors and funds stuck in transit. Although the network was able to release a patch to buy them some time, the project had to hard fork on March 18 in order to properly fix the issue.

After someone games the system to acquire a disproportionate amount of airdropped tokens valued at $123 million, Juno community begins a vote to take them away

A blockchain protocol called Juno launched in October 2021, airdropping their $JUNO tokens to members of the Cosmos ecosystem in proportion to how many $ATOM tokens they held. The protocol agreed via community vote that they would cap the amount given to a single individual at 50,000 $JUNO to "ensure fair distribution across the network". However, there is no restriction that one individual only have one crypto wallet, and so one single whale ended up receiving more than 3.1 million $JUNO across tens of wallets, which they later consolidated into one. Because of the enormous value centralized in one wallet — equivalent to around $123 million — if the whale sold off their $JUNO they could wipe out liquidity on decentralized exchanges and tank the price of the token. They could also perform a 51% attack on the network, as they already have half of quorum.

On March 10, a community proposal was submitted, proposing to take away the majority of the whale's tokens (worth around $121 million), and leave them with the 50,000 $JUNO (a little below $2 million) that was originally intended to be the maximum per person. The vote passed, in a major blow to an ecosystem where "your keys, your coins" is taken as gospel — that is, if you control the keys to a wallet, your assets supposedly can't be taken from you.

Bored Apes team asks people to verify their identities for their next project, shortly after making a stink about their own identities being revealed

Two tweets by Bored Ape Yacht Club. First tweet: "fuck it, again. http://somethingisbrewing.xyz". Second tweet: "This has been building over the last seven months. AnimocaBrands will launch the first phase, and there’s more to come. P.S. we don’t like KYCs either, but we think you’re going to want to be a part of this."Tweets by Bored Ape Yacht Club (attribution)
Yuga Labs, the company behind the Bored Ape Yacht Club (BAYC) project, announced a new project in partnership with blockchain gaming group Animoca Brands. The signup required KYC — that is, people were required to verify their real-life identities — something many BAYC fans seemed to bristle at, particularly given they had released absolutely no information about what the project would entail. BAYC themselves wrote, "P.S. we don't like KYCs either, but we think you're going to want to be a part of this."

There was some irony in BAYC requiring their buyers to reveal their identities only a month after some of the BAYC founders' identities were revealed by a journalist (who made the connection based on publicly-available information), which made the BAYC team and many of their supporters absolutely irate.

NFT collector accidentally sells their rock for close to $0 instead of over $1 million

Illustration of a gray rockEtherRock #44 (attribution)
The owner of EtherRock #44 tried to list their NFT for sale for 444 ETH (almost $1.2 million), but erroneously listed it for 444 wei — the fractional unit of ETH typically used for representing transaction fees. A bot programmed to look for listings like this one, where a pricey NFT is listed for far below its average or floor price, quickly snapped up the NFT before the buyer could remove the listing. The buyer of the NFT eventually tried to flip the NFT for 234 ETH, (around $625,000). The trader wrote on Twitter, "In one click my entire net worth of ~$1 million dollars, gone".

Entrepreneurs resuscitate 20-year-old piracy powerhouse LimeWire to turn it into a totally legitimate NFT marketplace, they promise

LimeWire, the filesharing service that was enormously popular in the early 2000s for piracy, has been resuscitated — or at least the brand has. Needless to say they are probably not planning to reuse much of the 20-year-old codebase that existed before public blockchains were even in use, if they even still have it at all. The choice to create an NFT marketplace with the same branding as the service that was shut down by a federal court for rampant copyright infringement seems a bit on the nose to me, for a technology that proponents still try to claim empowers artists and actually mitigates art theft. The duo behind the project claim that they are just trying to capitalize on nostalgia for the brand, but plan to operate above-board (though they would say that, wouldn't they).

Pirate X Pirate blockchain gaming platform exploited, blames its team's "utter carelessness"

The Pirate X Pirate blockchain gaming platform was exploited, with an attacker selling of more than 9.6 million $PXP. They were able to dump the tokens into the market for a profit of around 212 BNB ($78,000). In a blog post following the incident, Pirate X Pirate wrote, "Such attack could happen due to the team's utter carelessness to launch the conversion feature despite of its vulnerability. We deeply regret bypassing the inspection that should have been done by a white hat hacker as we intended to roll out the feature long-suspended as fast as we could. We have decided to dismiss our current developer team and are currently in the process of recruiting a new team to assume the responsibilities." They also announced that they had bought back the total $PXP that were stolen, and would be undergoing an audit.

A trader ends up owing $3600 after an exchange mistakenly deposits 10 Bitcoin in their account

Something apparently went terribly wrong on the trading platform that Twitter user rifftrader was using (though they didn't say which) when 10 BTC (~$385,000) was erroneously deposited to their account. The trader, who was expecting a transfer of $24 USD for Litecoin (LTC) that they had initiated to go through, didn't initially notice that the amount was in BTC when they subsequently converted it to USD. However, when they suddenly saw hundreds of thousands of dollars in the account, they realized what had happened. Not wishing to spend money that wasn't theirs, the trader transferred it back into BTC and contacted their exchange's support email. The exchange subsequently withdrew the erroneously-deposited funds from the trader's account. However, because the trader incurred a cost converting the BTC to and from USD, only 9.8752 BTC went back to the exchange. The exchange then proceeded to demand the trader pay the difference — around $3,600 — and accused them of "trad[ing] on those funds which did not belong to you". The email demanded payment by the following day, and the exchange threatened to send the case to a debt collector the trader didn't send the money.