Founder of popular Azuki project admits to past rug pulls

A human figure with brown-purple skin and blond hair tied back in a bun, holding a sword over her shoulder. She has a tattoo on her neck and the side of her face, and is wearing a parka with a furred collar.Azuki #2821 (attribution)
In a blog post titled "A Builder's Journey", the founder of the popular Azuki NFT project admitted that he had also been behind the NFT projects CryptoPhunks (note the "h"), Tendies, and CryptoZunks. CryptoPhunks were simply mirrored versions of the early CryptoPunks project. In his telling, he decided to "decentralize the [CryptoPhunks] project by handing over the reins to our community". Many, if not most, others consider CryptoPhunks to be a rug pull—abandoned by its founder in a betrayal of the community. The same is true for the other two projects that Zagabond admitted he ran.

This news came as a shock to many lovers of Azuki NFTs, pricey NFTs which regularly trade for 20–30 ETH (~$45,000–$70,000). Azuki is not without its own controversies, recently facing accusations of insider trading.

TerraUSD (UST) stablecoin dramatically loses its peg

A chart showing the price of TerraUSD in USD from May 4 to May 11. The value hovered very close to $1 until May 9, when it plunged to $0.70 before returning to around $0.90, then plunging as low as $0.30 on May 11TerraUSD ($UST) to USD from May 4–May 11 (attribution)
It's been a rough few days for TerraUSD, one of several popular stablecoins pegged to the US dollar. Unlike many stablecoins like Tether or USDC, Terra is an algorithmic stablecoin, meaning that instead of (ostensibly) being backed 1-1 by various assets, they are based around an algorithm that uses various market incentives to maintain a set price. UST is the largest algorithmic stablecoin on the market at the moment, followed by projects like Fei and FRAX.

The incentives that should keep TerraUSD trading at $1 have been put to the test lately, with a combination of spiraling cryptocurrency prices across the board and some apparent large sell-offs by those holding UST. The coin dipped down to $0.992 on May 7 before some large buys returned it close to its peg. It dipped again by a smaller amount the following day, reaching a low of around $0.994. These values may seem like small changes on the micro scale, but when major stablecoins diverge from their peg by even fractions of a cent they have major effects throughout the cryptocurrency ecosystem.

On May 9, UST saw its most extreme de-peg, plunging to $0.95, then again to $0.84 later that day, despite Luna Foundation Guard liquidating $1.3 billion in Bitcoin reserves to try to restore the peg.

Do Kwon, cofounder of Terraform Labs, initially seemed to be doing his best to portray confidence on Twitter by tweeting things that give the exact opposite impression. "If yall girls are gonna fud, try to do it during my waking hours pls," he wrote on May 7. "You could listen to [crypto Twitter] influensooors about UST depegging for the 69th time. Or you could remember they're all now poor, and go for a run instead", he tweeted, somewhat blithely acknowledging UST's repeated history of losing its peg. His tweets seemed to take a more serious turn beginning the evening of May 8, as the situation grew more dire.

Attacker steals $3 million from Fortress Protocol

An attacker was able to steal 1,048 ETH (~$2.65 million) and 400,000 DAI from the Fortress Protocol borrowing and lending platform in what appears to have been an oracle manipulation attack. The attacker quickly moved their ~$3 million in stolen funds to the Tornado Cash cryptocurrency tumbler to obscure their tracks.

The exploit caused the $FTS token to drop 42%. The creators of Fortress urged people not to supply any assets to the pool as the attack was ongoing, and tweeted "we need the support of all of our partners and key organizations in the community to assist and try to freeze and bring back the funds!"

Cashera makes off with $90,000

Cashera was a project claiming to provide a "banking revolution" with its CSR crypto token. The project did many things to try to appear legitimate, including linking to government records showing a company with their name is registered in the UK and undergoing a smart contract audit by AuditRateTech. Their website boasted "partners" including VISA, PayPal, Netflix, and Spotify.

Despite all this, the project deployer suddenly minted 23 million CSR tokens, which they swapped for almost $90,000 in other assets, crashing the token value in the process by about 70%. The development team also took the project website offline.

Hunter defi project rug pulls for $1.2 million

Under the pretense of a contract upgrade, the Hunter defi project team drained the liquidity from the project, swapping the tokens for assets worth around $1.2 million. The team also took down the project website and closed the Discord server.

The rug pull was first noticed by CertiK, a blockchain security firm that had also audited the project. "We pointed out these major centralization issues in their audit," CertiK wrote on Twitter.

Fury of the Fur rug pulls for $300,000

A 3D model somewhat resembling a bear. Its surface appears to be diamond-embossed black leather, and it has a blue mohawk and is holding a black metal scepter.FuryTed #2597 (attribution)
The Fury of the Fur NFT project was a collection of 3D models that sort of resembled bears. The project advertised that the models were "metaverse and game-ready", and the roadmap promised a merchandise store, animated series, "sandbox hideout", and card game.

However, the NFT launch went poorly—fewer than 2,800 NFTs were minted out of the total supply of 9,671 NFTs. The project tried to relaunch but failed to drum up much more interest, so the creators apparently decided to call it quits—while keeping the money, of course. The project founder left a long message to the community, in which they said that they would be shutting the project and spoke at length about how difficult it had been for them.

Coinbase's new NFT marketplace hasn't had more than 200 transactions in a day since its public launch

Coinbase is a big name in the crypto exchange world, enjoying the highest trading volume in the United States. The company decided to enter the NFT trading space, first releasing an NFT marketplace to a small group of beta users, then opening it to the public on April 20.

Although the company claimed to have 3 million users on its waitlist, the public marketplace release has gone shockingly poorly given Coinbase's existing reputation. The platform has yet to see more than 200 transactions in a given day (compared to OpenSea, which regularly sees more than 100,000 transactions a day, or its smaller competitor LooksRare which sees more than 1,000 daily). Furthermore, the platform has only broken $50,000 in volume traded on five of the days it's been publicly available, with some days seeing only a few thousand dollars traded. OpenSea has been doing over $150 million in daily volume in that same time frame, and LooksRare around $100 million (though it should be noted that the prevalence of wash trading, particularly on LooksRare, makes these numbers hard to evaluate).

U.S. Treasury sanctions cryptocurrency tumbler Blender, the first sanction of its kind

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that they had sanctioned the North Korean cryptocurrency tumbler Blender.io. This was the first U.S. government sanction levied against a cryptocurrency tumbling service. Blender was used to launder more than $20.5 million of the $620 million stolen in March from the blockchain used by the play-to-earn game Axie Infinity. The U.S. government has alleged that the North Korean state-sponsored cybercrime group Lazarus was behind the hack.

The U.S. began sanctioning various wallet addresses belonging to the hackers in mid-April, though have faced obstacles given that it is trivial for the hackers to create new wallets. The use of cryptocurrency tumblers (also called "mixers") has also stymied the government's attempts to limit the DPRK's access to the ill-gotten funds. Blender is not the primary tumbler that Lazarus has been using—that would be Tornado Cash, which they have used to tumble more than $213 million from the hack. Tornado has taken perfunctory steps to comply with sanctions, but nothing that would meaningfully impact Lazarus' ability to use the service.

Someone hijacks a Ferrari domain to host scam NFT mint

A website with the URL forms.ferrari.com, showing the text "Mint your Ferrari! A collection of 4,458 horsepowered NFTs on the Ethereum network"Scam webpage (attribution)
Someone was able to gain control of a ferrari.com subdomain to create a scam NFT mint. Most scam NFT projects rely on eager NFT collectors not noticing a URL that isn't quite right—for example, something like ferrari-nft.com. This one was able to gain some additional legitimacy by using an actual ferrari.com subdomain. Additionally, Ferrari had recently announced an upcoming NFT project, making the scam project seem more plausible.

Sadly for the scammer, the scam was discovered and shut down when they had only managed to scam one person. The unsuspecting collector sent 0.3 ETH ($800), which the scammer transferred to Tornado Cash.

Day of Defeat project rug pulls for $1.35 million

The token associated with the Day of Defeat project, which describes itself as a "radical social experiment token mathematically designed to give holders 10,000,000X PRICE INCREASE" (🚩🚩🚩), suddenly dropped in value by more than 96% as the project rug pulled. More than $1.35 million worth of assets were drained from the BSC-based project and transferred to external wallets.

The project's website is one of the most absurd I've seen, promising that "all final holders will get 10,000,000x gains". Their project roadmap includes a "mystery plan" that results in a 1,000,000x price increase. Their FAQ states, "First of all, we promise that the team will not redeem the fund pool." Apparently projects based on pinky swears aren't great investments.

After the funds were drained, the project claimed that they had been compromised by an external actor, and had "reported to Binance and local authorities".

OpenSea Discord hacked

The OpenSea Discord server was compromised, allowing a scammer to post a seemingly-official announcement that OpenSea was partnering with YouTube on a line of NFTs. They urged people to act quickly to snag one of only 100 free NFTs that would offer "insane utility".

Given OpenSea's prominence, it's surprising that the hacker managed to obtain relatively few NFTs of much value. The wallet appeared to have successfully stolen only 13 NFTs, none of which were from high-value collections, that are worth a collective $20,000 if resold at the collections' floor prices.

OpenSea tweeted several messages acknowledging the hack and urging users not to click any links. They have not yet confirmed that they've conclusively re-secured their server.

"Double your money" scam using an old livestream of Elon Musk, Jack Dorsey, and Cathie Wood earns crypto scammers $1.3 million in 24 hours

A screenshot of a YouTube video, showing a panel with Elon Musk highlighted and three others speaking alongside. Around the video are a fake tweet from Musk and blocks of text advertising a "double your money" scam. The website URL has been blurred.Scam livestream (attribution)
Crypto scammers on YouTube rehosted a "live" panel discussion—actually from "The ₿ Word" conference in July 2021—in which Elon Musk, Jack Dorsey, and Cathie Wood discussed "Bitcoin as a Tool for Economic Empowerment". The scammers added a frame around the video that advertised "giveaways" and "double your money" scam websites. The websites promised that if you sent cryptocurrency to the address, you would receive twice as much in return—a classic scam I remember from the Runescape days, which has also enjoyed success in crypto markets for years. The scammers inflated YouTube subscriber and active watcher numbers to add legitimacy to their streams, and some of them faked screenshots of tweets from Musk.

McAfee identified 26 scam websites that were linked from the YouTube livestreams, which altogether took in $1.3 million in Bitcoin and Ether in a 24 hour period.

Mining Capital Coin CEO indicted for $62 million investment fraud scheme

The Department of Justice unsealed an indictment on May 5, showing that Mining Capital Coin's CEO and founder Luiz Capuci Jr. was charged with orchestrating a $62 million investment fraud. Capuci allegedly misled investors about MCC's program, which he said would use investors' money to mine new cryptocurrency and would generate guaranteed returns. Instead, Capuci put the funds into his own crypto wallets, and used them to fund his own lifestyle of Lamborghinis, real estate, and a yacht. Capuci also allegedly ran a pyramid scheme of promoters, to whom he promised luxury gifts including iPads and luxury cars.

Capuci was charged with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering. If convicted on all counts, he could be sentenced to up to 45 years in prison.

Pragma defi protocol developers rug pull for $1.5 million

The Pragma defi project on the Fantom blockchain announced that their treasury and project wallets had been drained for around $1.5 million in $FTM.

The rug pull appeared to have been perpetrated by one team member, although several other team members had to sign off on the transaction in order for it to go through.

The team had had their real-life identities verified by Obsidian, and remaining team members said they were working with Obsidian to try to investigate those behind the theft. Third-party KYC verification like the service Obsidian provides is often used by crypto projects to increase trust, though Pragma is hardly the first project with this kind of verification that stole funds anyway.

Juno accidentally transfers $36 million in seized funds to inaccessible wallet address

A protracted discussion and two different votes ended with the Juno project deciding to confiscate all but 50,000 of the 3 million $JUNO accumulated by one individual. When the discussions began, the 2.95 million $JUNO to be confiscated were worth a combined $121 million. However, the $JUNO price has dropped from the then all-time-high of around $40 to under $13, putting the value of the tokens to be confiscated closer to $38 million.

Juno intended to transfer the seized tokens from the individual whale's wallet to a community-controlled wallet. However, the person making the transfer accidentally copied and pasted the wrong value, resulting in the funds being sent to a wallet address that no one can access—effectively burning the tokens.

Daniel Hwang, who helps run one of the Juno validators, said to CoinDesk, "We fucked up big time". He also offered an unusual opinion: "Validators should have due diligenced for ourselves to actually check the code we’re executing and running".

Shortly after the botched transaction, the Juno community began voting on a proposal to hard fork a second time to fix their mistake.

Attacker compromises MM.Finance to redirect $2 million in crypto assets to their own wallet

MM.Finance, a group of crypto projects based on the Cronos blockchain, suffered an attack that allowed a hacker to redirect more than $2 million worth of crypto assets that were being exchanged through the project's website to their own wallet. Although MM.Finance described the attack as "DNS hijacking", it seems unlikely this is an accurate description of the attack, which seems more likely to involve phished credentials to their domain service providers.

"Please do not perform any transactions or your funds will be sent to the exploiter wallet," MM.Finance tweeted shortly before taking the website offline. Three days earlier, MM.Finance had published a blog post to address "FUD" in their ecosystem stemming from a popular Reddit post that described MMF as an "inverse pyramid of derivatives" that the author believed would "topple", and outlined the project's "rosy future".

The project promised to try to compensate users, with its developers foregoing 45 days of trading fees to reimburse users. They also appealed to the OKC crypto exchange to intervene to help recover funds from someone they believed to be the attacker, and threatened the attacker with the FBI. "With all these information, we have more than what we need to bring this information to the FBI," they wrote on Twitter. "So here’s the deal, return 90% of the funds you stole and we will let this go, no questions asked. You have 48 hours to return these funds."

ape holders can use multiple slurp juices on a single ape

a lotta yall still dont get it

ape holders can use multiple slurp juices on a single ape

so if you have 1 astro ape and 3 slurp juices you can create 3 new apes

Tonight's slurp juice mint event is essentially a minting event for both Lab Monkes and Special Forces

Video game company Square Enix agrees to sell much of their Western IP so they can go into the blockchain market

Cover of a copy of Tomb Raider for XBOXTomb Raider (attribution)
Video game company Square Enix, the creators of titles including Deus Ex and Tomb Raider, agreed to sell off the intellectual property rights to those games, as well as other games and their respective game studios. The move, they said, was so they could invest more heavily in "blockchain, AI, and the cloud". This didn't come as an enormous surprise, as in January, Square Enix CEO announced these intentions in a letter that acknowledged that that (apparent subset) of players who "play to have fun" wouldn't be thrilled with their blockchain plans.

The sale agreement announcement came at a tough time for Square Enix, as it was published the same day as a report from the Wall Street Journal that "NFT Sales are Flatlining".

NFT sales drop 92% from peak, says Wall Street Journal

The Wall Street Journal reported that "the NFT market is collapsing", citing data from NonFungible that showed daily average sales of NFTs had dropped 92% from their September peak. They also reported that active wallets had dropped 88% from their November peak, suggesting fewer people were regularly trading NFTs. This may reflect growing disillusionment with a sector that's increasingly earned its reputation as full of scams and opportunities to lose money.

However, the article must be taken with a grain of salt. It's very difficult to determine in the moment what's simply a temporary lull rather than a death spiral, and notoriously inconsistent NFT and crypto data sources can tell wildly different stories.

The Vatican plans a metaverse NFT gallery

A grid of four rendered humanoid figures with very shiny skin. The women have large breasts and tiny waists, the man is muscular and slim. The top left woman is wearing a shiny white bodysuit and an iridescent complex harness around her breasts and midsection. The top right woman is wearing a translucent pink bra with large nipple rings, and fishnet pantyhose under purple pants. The bottom left man is wearing no shirt but an iridescent chest harness, and ashiny blue bottoms. The bottom right woman is wearing a very small orange crop top that reveals the bottom half of her breasts, tiny orange underwear, and a translucent pink waist harness.Can't wait to roll up to the Vatican museum in my metaverse avatar (attribution)
A press release from metaverse developer Sensorium announced a "VR and NFT gallery" that would host art and content for the Vatican. The project will allow VR, PC, and mobile interactions, and enable people to "build unique NPCs and communicate with them". That part is a promising prospect for anyone interested in watching the Roman Catholic Church try to deal with the challenges of moderating metaverse shenanigans, and made altogether more amusing by the fact that Sensorium's current collection of example metaverse avatars are all hypersexualized, apparently covered in oil, and wear skimpy or sheer outfits apparently made from mesh, latex, and various harnesses.

For now it sounds like the project doesn't involve selling NFTs, which raises the question of why NFTs are required at all when the goal seems to just be to display artwork online—something the Vatican already does. Personally, until I can own the Popemobile in the metaverse, I'm not interested.

Juno whale threatens to sue network validators if community confiscates his tokens

The Juno community has officially voted to confiscate over 2.95 million $JUNO owned by one whale who they believe gamed the airdrop to obtain more than his fair share. This follows a long community discussion about his actions, and formalized a previous community poll on what to do. When the discussions began, the 2.95 million $JUNO to potentially be confiscated were worth a combined $121 million. However, the $JUNO price has dropped from the then all-time-high of around $40 to $11.30, putting the value of the tokens to be confiscated closer to $33 million.

The whale has repeatedly appealed to the community not to revoke his tokens, even trying to claim that the Juno developers had been secretly selling off $JUNO and damaging the community. Unfortunately for him, he didn't succeed in swaying the community, who voted on April 29 to confiscate his tokens.

The whale has threatened to take "legal action against each validator" if the community burns or locks the tokens that previously belonged to him, and which he claims to have been managing on behalf of clients in an investment scheme.

Wikimedia Foundation stops accepting cryptocurrency donations

The Wikimedia Foundation, the non-profit organization that owns and operates Wikipedia and related projects, announced that they would no longer accept donations in cryptocurrency. The announcement followed a formal request from the community that the WMF no longer accept such donations, a request that came from three months of discussion among members of the community.

The Wikimedia Foundation has accepted cryptocurrency donations since 2014, accepting donations in cryptocurrencies including Bitcoin, Bitcoin Cash, Ether, Ripple (XRP), Litecoin, Dogecoin, and the DAI and USDC stablecoins. However, it has made up a small portion of the non-profit's donation revenue—they received only $130,000 worth of crypto donations in the last fiscal year, which made up 0.08% of their revenue.

There has been strong pressure from crypto advocates on the WMF to accept crypto donations—both in 2014 when it was initially implemented, but also via brigading of the recent community discussion.

Phishing sites appearing to be the "Otherside" Bored Ape land project steal NFTs valued at $6 million

In what should surprise nobody, some of the historically phishing-prone fans of the pricey Bored Apes project fell for scams that pretended to be the Bored Apes' new land project, called "Otherside". In collectors' hurry to mint the metaverse land NFTs, some fell for phishing sites pretending to be the real deal.

Blockchain sleuth zachxbt found one such address that had netted around $1 million in NFTs just today, and tracing its transactions led to two other scammer wallets containing $5.1 million of other stolen NFTs.

Popular NFT mint spikes Ethereum gas prices; OpenSea transaction fees exceed $3,500

A pixel-art image of a blue goat sitting in a red bowlGoat Soup #3672: $275 for the NFT, $3,850 for the fee (attribution)
The much-awaited Bored Ape Yacht Club "Otherside" metaverse land sale began, and its popularity just about wrecked Ethereum for everyone else. Gas fees, which increase based on network congestion, spiked to shocking levels, with an average OpenSea sale costing more than 1.25 ETH ($3,500) in gas.

Most trading on OpenSea during this period was for the much-anticipated Otherside land deeds, which sell for around 5 ETH ($13,500) plus gas. However, some people oddly continued to buy and sell cheaper NFTs, including one person who bought a 0.1 ETH ($275) NFT and paid $3,850 in transaction fees.

Solana goes down again

On April 30, NFT minting bots began flooding the Solana network with 4 million transactions per second, causing the network to lose consensus. The project tweeted that "Engineers are still investigating why the network was unable to recover, and validator operators prepare for a restart." The network was offline for seven hours.

This is hardly the first instability the network has demonstrated, much to the chagrin of its users. Transaction flooding is an issue on Solana in part because of the low transaction fees compared to networks like Bitcoin and Ethereum, which have relatively high gas fees that would make flooding extremely expensive.

"Official" Teenage Mutant Ninja Turtles NFT project buys a fake IP rights contract

Illustration of a Teenage Mutant Ninja Turtle holding a boombox to its earTMNT NFT Twitter profile picture (attribution)
A project to create Teenage Mutant Ninja Turtles NFTs stirred up a lot of excitement, garnering more than 100,000 Twitter followers on a verified Twitter account that described itself as "The Official TMNT NFT". Crypto research project "Rug Pull Finder" wrote on March 29 that they didn't believe the project owned the IP rights they needed. The TMNT project posted later that day same day, "Let's make it clear: we own the NFT digital rights of the Original Teenage Mutant Ninja Turtles 1987". Rug Pull Finder followed up with a detailed thread in late March outlining their belief that the project didn't own the proper rights to create the NFTs, writing that, "unless they can get cooperation from Viacom for the release of their collection, it will absolutely be a rugpull".

In late April, the Twitter account was suddenly suspended. On April 30, the TMNT project announced in their Discord that they had discovered that they had been sold a "fake IP rights contract", which they learned after communication from Paramount. They, probably overly optimistically, wrote that they would be pausing the project but they were hoping to "continue the project hand in hand" with Paramount.

Saddle Finance loses more than $11 million to hack

An exploiter used a flash loan attack to pull 3,933 ETH (~$11 million) from the "decentralized automated market maker" Saddle Finance. Shortly after the attack, the hacker began moving the stolen funds through the Tornado Cash tumbler to launder the money.

Saddle Finance had lost money once before, right after it launched in January 2021. An individual was able to arbitrage Saddle Finance pools for a profit of around $275,000.

$80 million stolen from Fei Protocol and Rari

A hacker attacked multiple Rari liquidity pools relating to the Fei Protocol, exploiting a known re-entrancy vulnerability that exists on forks of the Compound protocol. The attacker stole more than $80 million from the projects.

Fei Protocol tweeted that they had paused borrowing to avoid further thefts, and offered a $10 million bug bounty if the hacker returned the money.

SEC files fraud complaint against NASGO organizers

The SEC charged four individuals with fraud violations in relation to their actions with NASGO, a company that created various tokens that the SEC has since described as unregistered securities. The defendants allegedly made claims that one of the tokens would increase in value by 10¢ every week, plus another 10¢ each time a new business joined their platform. The defendants also engaged in various other shady business, including hiring traders to trade the tokens amongst themselves to give the appearance of investor demand. This worked only until investors actually decided they wanted to cash out, causing the whole thing to fall apart because the market demand was faked. According to the SEC, NASGO misappropriated almost $4 million in investor funds.

Deus Finance exploited for $13.4 million in the second hack in two months

The defi project Deus Finance was hit with a flash loan attack that netted the hacker $13.4 million. The loss to the protocol was likely larger than what the hacker was able to withdraw, though Deus announced that no users had been liquidated and that "the loss is on the protocol".

Deus had suffered a similar attack in March, with an attacker using a flash loan attack to steal more than $3.1 million. Deus reimbursed users who were liquidated in the incident.

According to Deus' CEO, the exploit in this incident was not the same one used in the previous attack. He wrote on Twitter that the exploit was "the first of its kind, a zero-day exploit on Solidly [decentralized crypto exchange] swaps".

Central African Republic adopts Bitcoin as legal tender

The Central African Republic became the second country to adopt Bitcoin as legal tender, after El Salvador did the same in September 2021. It's a strange move, in a country where only 4% of people have Internet access, whose currency (the Central African CFA franc) is fairly stable, and which already has access to digital currencies via services like Orange Money.

The Bank of Central African States (BEAC) has expressed surprise at the CAR's choice, saying that they only learned about it along with the rest of the public. Two former prime ministers of the CAR co-authored a letter stating that adopting Bitcoin as legal tender without guidance from the BEAC was a "serious offence".

Scammers create fake Louis Vuitton NFT project

OpenSea page of a Louis Vuitton branded collection, showing a profile photo with a blue checkmark on the image itselfLouis Vuitton scam page (attribution)
Scammers created a project on OpenSea with Louis Vuitton branding, which invited individuals to visit an external site to mint exclusive NFTs. They placed a blue checkmark on the project profile image to try to trick people into believing the project was verified, and they were able to manipulate the floor price to make it appear at a glance as though the NFTs could be traded for tens of thousands of dollars more than they cost to mint.

The project airdropped these NFTs to NFT whales, causing some trackers used by people who follow and imitate whales' behavior to believe the whales themselves had minted the NFTs. The site then used a random counter to make it appear that the NFTs were quickly selling out, causing people to quickly mint their NFTs in fear of missing out. One NFT collector recounted her experience falling for the scam, buying five of the NFTs for a total of 0.6 ETH (~$1700) in hopes of striking it rich on a newly-launched project before it became widely known.

An examination of the website source code shows that the project is reusing code from a different scam based around World Cup themed NFTs.

Representative Madison Cawthorn faces accusations of insider trading and disclosure violations related to Let's Go Brandon coin

Instagram post of Madison Cawthorne posing with several others. Caption by jameskoutoulas reads "Never get sick of a @madisoncawthorn bro out". A comment by madisoncawthorn reads, "Tomorrow we go to the moon!"Cawthorn, pictured in an Instagram post by LGBCoin project leader James Koutoulas (attribution)
North Carolina Representative Madison Cawthorn was one of several influential people who helped to promote the "Let's Go Brandon" memecoin, which has since become the subject of a class-action lawsuit due to a reported pump-and-dump scheme. Cawthorn is not named in the lawsuit, but he may face his own troubles: although he has claimed to own the currency, he has never publicly disclosed any stake in the coin as is likely required by ethics legislation. Cawthorn also commented "Tomorrow we go to the moon!" on a post about the coin from his official Instagram account, the day before the team of NASCAR driver Brandon Brown announced the cryptocurrency would be the primary partner for the 2022 season. "This looks really, really bad," said governmental watchdog group member Dylan Hedtler-Gaudette. "This does look like a classic case of you got some insider information and acting on that information. And that's illegal."

Fidelity plans to allow people to put retirement savings into Bitcoin

Financial services company Fidelity announced its intentions to allow people to put some of their retirement savings into Bitcoin in the near future, despite the Department of Labor's urgings otherwise. It is concerning to see a large financial helping to normalize the idea that cryptocurrencies are an "investment".

The Employee Retirement Income Security Act of 1974 requires plan fiduciaries to act solely in the financial interest of plan participants, and the U.S. Department of Labor issued guidance in March reminding plan fiduciaries of this duty, urging them to "exercise extreme care before including direct investment options in cryptocurrency". In a blog post shortly after, the DoL wrote that they had "serious concerns" about plans that would expose participants in cryptocurrencies and related products, outlining risks including valuation concerns, obstacles to making informed decisions, price volatility, and a still-developing regulatory landscape.

A Fidelity executive said that the company "believe[s] they should withdraw that guidance".

MetaDocs NFT project wants TikTok-famous doctors to diagnose you, but they don't have a license

TikTok screenshot of a doctor wearing black scrubs, mid-sentence. There is overlaid text that says "Ear Candling" and a MetaDocs logo.MetaDocs TikTok video (attribution)
Buy the $570 NFT and you'll get access to "celebrity doctors" who have amassed followings on apps like TikTok. Promising to "provide access quality doctors without all the usual red tape", the project has lofty dreams including one day providing metaverse diagnoses with remote examinations delivered using haptic suits... somehow.

Whether they actually get close to that dream very much remains to be seen. The project has faced several setbacks, including complaints from doctors whose likenesses were used without permission, and lack of any telemedicine license that would allow doctors to actually provide remote medical services. The project has also faced criticism for hosting "Ask a Doc" chats where physicians answered various questions without clarifying they weren't providing medical advice, for listing "physicians" in their whitepaper who were still completing residency, and for pledging to donate its first $1 million in revenue to an autism-related charity which has promoted the false claim that vaccines cause autism and has described autism as a disorder that needs to be "cured".

Reggie Fowler pleads guilty to fraud in Crypto Capital case

Fowler pictured from the shoulders up, wearing a suitReggie Fowler (attribution)
Reggie Fowler, a businessman and former pro football player who worked for the Panama-based Crypto Capital Corp., pled guilty to various charges involving bank fraud, wire fraud, and conspiracy. Crypto Capital Corp. was a shadow bank that allegedly enabled crypto exchanges and criminal enterprises to access the traditional banking system. At the time, crypto exchanges were largely excluded from traditional finance due to the potential exposure to money laundering. CCC is perhaps best known for its ties to Bitfinex, and for losing funds in an incident that Bitfinex was fined for attempting to cover up.

After initially rejecting a plea offer that would have allowed him to plead guilty to one felony if he forfeited up to $371 million, Fowler ultimately decided to enter an open plea to the charges against him and skip a trial. He pled guilty to five charges: bank fraud, conspiracy to commit bank fraud, operating a money transmitter business, conspiracy to operate a money transmitter business, and wire fraud. Fowler faces a maximum sentence of 90 years in prison.

FTX founder Sam Bankman-Fried tries to explain yield farming and it's just a ponzi

Sam Bankman-Fried pictured from the shoulders upSam Bankman-Fried (attribution)
Sam Bankman-Fried, one of the most well-known crypto execs and the founder of the popular FTX crypto exchange, appeared for an interview on Bloomberg's Odd Lots podcast alongside finance journalist Matt Levine. When asked by Levine to explain yield farming, Bankman-Fried launched into an explanation in which he compared it to a box that "they probably dress up to look like [it's] life-changing" but it "does literally nothing". He explained how people put money into the box "because of, you know, the bullishness of people’s usage of the box". "So they go and pour another $300 million in the box and you get a psych and then it goes to infinity. And then everyone makes money."

Levine responded, "I think of myself as like a fairly cynical person. And that was so much more cynical than how I would’ve described farming. You’re just like, well, I’m in the Ponzi business and it’s pretty good."

133 NFTs valued at $2.4 million stolen when hacked Bored Apes Instagram advertises fake land airdrop

An illustrated ape with green fur covered in sores, wearing an orange beanie and 3D glassesBAYC #7203 (attribution)
The Bored Ape Yacht Club's Instagram account was compromised and used to advertised a fake airdrop for metaverse land. This was particularly believable, as the much-anticipated project announced it would be launching this week.

The post invited people to visit a website that prompted users to connect their wallets in order to receive the airdrop. Users who did so found their NFTs transferred out of their wallet to the scammer. So far, 44 people have fallen for the scam site, transferring a total of 133 NFTs with an estimated value of around $2.4 million. The stolen NFTs included items from pricey collections including Bored Apes, Mutant Apes, Bored Ape Kennel Club, and CloneX. Several of the NFTs had previously been sold for over $100,000 each.

Epoch Times writers mass-mail unsolicited "newspaper" promoting crypto

Photograph of the front page of a newspaper, titled "Wall Street Today" and with the headlines "Why Investors Are Making a Killing with Cryptocurrency" and "Slashing Bitcoin Costs by Up to 75%"Wall Street Today front page (attribution)
Bob Byrne and Tim Collins, two prolific contributors to the far-right Epoch Times, have expanded their grift to crypto. A twenty-page-long "newspaper" titled Wall Street Today appeared in many mailboxes, featuring misleading charts and a multi-page-long advertisement for a Bitcoin mining company—evidently hoping that its recipients might invest in crypto or in the penny stock for the mining firm. A small-print disclosure on page 17 revealed that the firm, Creek Road Miners, paid $1.9 million for the glowing "review".

Byrne and Collins published the paper via their co-founded company Streetlight Equity. The firm has also published ostensibly economic-focused articles that include conspiracy theories about how U.S. sanctions on Russia are all a part of a plan to "force the left's green agenda", and rail against pandemic lockdowns.

This is not the first unsolicited newspaper from the Epoch Times or its associates; the Falun Gong-associated and strongly anti-Chinese Communist Party publication previously distributed an unsolicited "special edition" which described COVID-19 as the "CCP virus". This led to pushback from Canadian postal union, who urged the Canadian government to ban its distribution as hate speech they feared would endanger Asian Canadians. Epoch Times have also spread QAnon and anti-vaccine conspiracy theories, spread false claims of fraud in the 2020 United States presidential election, and promoted far-right politicians in Europe.

Binance gave Putin regime information on users who donated to opposition leader Alexei Navalny

Alexei Navalny, pictured from the shoulders up, wearing a navy scarf and coatAlexei Navalny (attribution)
Binance, the largest cryptocurrency exchange, shared customer data with the Russian government according to a Reuters special report. Reuters detailed how Binance provided the Russian government's financial monitoring service with data on Binance users who donated to Alexei Navalny, an anti-corruption activist and prominent opponent of Putin. Reuters reported this was part of a broader effort by Binance to form allegiances with Russian governmental agencies as it worked to expand its footprint in Russia.

Navalny has been imprisoned in Russia since returning in January 2021, shortly after recovering from poisoning: an attempt on his life reportedly ordered by Putin. While in prison, Navalny's foundation has encouraged people to donate cryptocurrency using Binance. They have raised more than 670 Bitcoin ($28 million) so far, despite the Russian government outlawing the foundation and labeling it a terrorist organization. Donors to Navalny's cause now face potentially serious danger as they've been identified to the Putin regime by Binance.

Crypto proponents have long promoted the technology's potential to fund individuals who are targeted by oppressive regimes, and to allow anonymous and untraceable donations.

AkuDreams NFT project earns $34 million that its team will never be able to withdraw

A 3D rendering of a person with an astronaut helmet that has planets orbiting it, wearing a white suit with a heart on the front and a red cape, holding up a small globe in their handAkuDreams NFT (attribution)
Micah Johnson, an artist and former professional baseball player, launched an astronaut-themed NFT project called AkuDreams. The auction was based around a Dutch auction, with the added twist that the lowest bid would set the final price for the NFT and all who bidded higher would be refunded.

The contract suffered from several flaws, however. The first allowed an exploiter to stop all refunds and withdrawals from the contract. Luckily for the team, the exploiter was well-intentioned and only intended to highlight the issue; they removed the block shortly after, leaving a message urging the team to have their contracts audited before release.

AkuDreams were not so lucky with the second issue. A bug in the code failed to account for users minting multiple NFTs in a single transaction, which made it so that the claimProjectFunds function that would allow the team to withdraw their earnings can never successfully execute. This means that the team can never withdraw the 11,539 ETH ($34 million) earned from the NFT sales—it is stuck there forever.

Hacker pulls $1 million from defi project, then destroys contract without withdrawing the funds

An attacker targeted the ZEED defi projects, successfully using a flash loan attack to pull just over $1 million from the project. With the funds transferred to the attack contract, the hacker then called the contract's self-destruct function, making it impossible for the funds to ever be withdrawn. It's unclear if this was intentional and done as a sort of statement, or if the attacker intended to take the profit for themselves but forgot to do so before destroying the contract.

Scammers phish $4.3 million from Terra users in ten days using Google Ads

A screenshot of Google results for the search "astorport" showing an advertisement resembling the proper Google result, with an arrow reading "SCAM"Phishing results in Google ads (attribution)
Scammers ran Google ads for popular search queries relating to the Terra ecosystem. When users searched for things like "Anchor protocol" or "Astroport", the first result was actually a Google ad purchased by scammers impersonating the real protocols. The scammers were even able to make the domains resemble the correct domains, though these changed once the users clicked the advertisement. Users were then prompted to enter their seed phrases to connect their wallets, after which point the scammers were able to empty the wallets.

52 different people fell for the scam, losing a total of around $4.3 million in assets. The scammers appeared to be targeting high-value wallets, with only two accounts transferring less than $1,000. 24 individual wallets were scammed for more than $10,000 each, 7 wallets lost more than $100,000, and one user lost almost $1.4 million.

Rogue Society team resurfaces after being called out for rug pulling $5.5 million

A blue robot with an open mouth and shoulder-length blonde hair with a pink bow, on a pink backgroundRogue Society Bot #5639 (attribution)
The Rogue Society NFT project launched in September, with an ambitious roadmap that included a theme song, comic book series, 3D figurines, an augmented reality app, and an animated series. The project sold out its 15,777 NFTs, which minted at 0.09 ETH each ($355), for a total profit of around $5.5 million. The team stuck around for a while, but by December had gone completely silent. No tasks on the roadmap had been completed. The founder has withdrawn $3.4 million of the funds.

Following a thread by zachxbt outlining the team's rug pull, the project founder made the first post in the project Discord since December, announcing a theme song competition with no acknowledgement of the team's absence and lack of progress.

This event once again shows how it is people like zachxbt who are left to try to hold project creators accountable in the absence of reasonable regulation or enforcement.

Binance adds a branded hashtag to Twitter that closely resembles a swastika

Screenshot of the "#Binance" hashtag, showing an emoji next to it consisting of the diamond-shaped Binance logo on a yellow square, with four lines emerging from the sides in a way that resemble a swastikaTwitter's Binance branded hashtag (attribution)
Binance, the world's largest crypto exchange, used Twitter's branded hashtag feature to add a custom emoji to Twitter when people use the hashtags #Binance or #BNB. The hashtag closely resembled the Hindu swastika, though it's not clear if this was an intentional choice by Binance or a coincidence. The Hindu swastika is distinguished by the four dots within the arms of the symbol, and represents good luck and prosperity. Though Binance may have hoped the dots would distinguish it from the symbol used by the Nazi party, perhaps they (somehow) didn't realize that this distinction is not well-known to many particularly in the West, or that the single-pixel-wide dots are not particularly prominent at emoji size. In Germany the symbol is banned except when used in explicitly religious contexts; several German users confirmed they could see the hashtag.

More than a few people expressed shock at seeing what they believed to be a hate symbol on their Twitter feeds from a large brand. The date of release only made things worse—April 20 is celebrated among fascists because it is Hitler's birthday. Tweets from Binance's official Twitter account and the Twitter account of founder and CEO Changpeng Zhao (known as "CZ") were quickly deleted, though the emojis remained. Several hours later, Binance changed the emoji to a globe with the Binance logo.

Twitter doesn't publicly list how much it costs to obtain a branded hashtag, though most articles I could find listed the price at around $1 million. I'm not sure if this is per hashtag or per emoji—the new emoji appears on several related hashtags.

Rich Bulls Club team resurfaces after being called out for rug pulling $3.7 million

An illustration of a brown bull, with a pile of poo on its head, on a toilet-paper-esque background. The text "BANNED!" is stamped above it."Banned" Rich Bull NFT (attribution)
Crypto sleuth zachxbt researched the Rich Bulls Club, an NFT project that launched in December with NFTs priced at 0.3 ETH (~$1,350) a pop. The project included a clause where "selling under our minimum selling price agreement is forbidden"—anyone who sold a Rich Bulls NFT for less than 3 ETH ($13,500) would find the NFT image modified to a bull with a poo emoji on its head, with the text "BANNED!" stamped across it in red. The project roadmap promised networking and business opportunities enabled by its community members, exclusive events, opportunities to win supercars or hundreds of thousands of dollars, and a "real-life Squid Game event" where one person would win $1 million. Needless to say, none of this transpired, and the project quietly deleted its website and Instagram accounts as the founder cashed out over $3 million.

Two hours after zachxbt published his research, the team made their first post in three months, with multiple excuses for the issues zachxbt highlighted.

NFT influencer 0x_fxnction suffers $240,000 wallet compromise

NFT influencer 0x_fxnction reported that his wallet had been compromised, and 2349 SOL (~$240,000) had been stolen. The money had primarily been profit from the DeGods project, he said, and was unwisely stored in one hot wallet because it was "meant to help buy a house and was being withdrawn in the next weeks".

He said he hadn't used the wallet to mint any NFTs since October, and said he had revoked all access to minting websites since then. He wrote that he was unsure how the compromise had happened: "My best guess: an old minting site from October still had access to my wallet, even after 'revoking' happened in Phantom.... But honestly, it's just a guess."

Developers drain over $1.1 million from $CHEDDA

The price of the $CHEDDA token suddenly plummeted 50% when a developer removed $1.17 million from the project. The withdrawal was accomplished with a function only available to privileged wallets—that is, those belonging to the project team or its developers.

Members of the Chedda team claimed on Discord that they were not behind it, and that it had been done by an outsourced development team who was working on the projects farming and staking. "They technically should've been within contract, but they robbed us," wrote Discord moderator Ali Michelle (referring to legal contracts rather than smart contracts). "They were in contract so it would be illegal and full on theft, i believe". Despite the devastating loss, Michelle urged remaining members of the community to "hodl and help us bring this back to life!"

The project had been audited by CertiK, who were quick to note that the contract containing the function used to drain funds was "not in CertiK’s audit scope".

Atari cuts ties with their "Atari Token" partner

A press release from Atari announced that the company would be cutting ties with ICICB Group. In addition to Atari granting ICICB hotel and casino licenses, the original deal had also resulted in the creation of the "Atari Chain" and "Atari Token" ($ATRI).

Atari Token was described as "decentralized cryptocurrency that was created to become the token of reference for the interactive entertainment industry". It launched in November 2020, tanking in price immediately on release. Despite a brief boom around March 2021, the token has mostly traded below its launch price.

In the press release, Atari wrote, "Atari disclaims any interest in the [...] Joint Venture, currently promoted as Atari Tokens, and related websites, whitepapers and social media channels are unlicensed, unsanctioned and are outside the control of Atari." They also wrote that they would be replacing existing $ATRI tokens with new tokens in the future. Atari wrote that the termination of the hotel and casino agreements resulted in an €11 million ($11.8 million) write-off, but that financial impact of the token changes wouldn't be disclosed until the FY22 report.

$650,000 phishing attack against MetaMask user reveals that credentials are automatically backed up to iCloud

An ape with fur resembling magma and volcanic rock, with a green muzzle, with leeches coming out of its nose and mouthMutant Ape #28478 (attribution)
Some MetaMask users using iOS were shocked to discover that their MetaMask credentials were automatically being stored to iCloud today, after MetaMask acknowledged this was the case in the wake of a costly phishing attack. Domenic Iacovone lost cryptocurrency and several pricey NFTs after a successful social engineering attack by scammers pretending to be Apple support earned them access to his iCloud account. From there, they were able to access his iCloud data, and use the stored MetaMask credentials to drain his wallet. The trader lost $650,000 worth of cryptocurrency and NFTs, including Mutant Apes and Gutter Cats, to the attack.

It's not yet clear if others have been affected by the same type of attack, but MetaMask tweeted instructions for iCloud users on how to turn off the automatic backups. Most people seemed to have previously been unaware that this data was being backed up in iCloud. MetaMask turned off replies on their tweet announcement, apparently anticipating the outrage from their users. Iacovone was among the outraged, writing, "Keep exposing MetaMask until they do what is right and take care of this issue and the people affected by it".