OpenSea users lose a collective $1.8 million to an issue allowing people to buy NFTs at low prices from old OpenSea listings the sellers thought they'd deleted

Bored Ape illustration: light brown ape with a laurel crown, coins over its eyes, and an army jacket on a light blue background.Bored Ape #9991 (attribution)
A horrified (former) owner of a Bored Ape tweeted that his NFT had just unexpectedly sold for a measly 0.77 ETH (about $1,700) and that "I cant financially afford that loss". The purchaser netted a handsome profit by quickly reselling the NFT for 84.2 ETH ($190,000). It appears that the buyer took advantage of the fact that they could still purchase NFTs that had previously been listed for sale at a lower price, even once the owner thought they had removed the listing. In about 90 minutes, the person was able to exploit the issue by buying and selling several different NFTs for a total profit of about $880,000.

A software engineer investigating the incident attributed it to OpenSea's choice to do many of their operations off-chain to save on the expensive gas fees required for any Ethereum blockchain transaction, saying this introduced a disparity where updates were not reflected on-chain. Another person investigating the apparent issue reported that this looked to be the same "glitch" as earlier this month, where users tried to avoid paying the gas fees to delist their NFT sales by swapping them out of their wallet and back again, not realizing the listing would still be active when the NFT was returned.

OpenSea added an "Inactive listings" page to allow people to view listings that are still associated with NFTs that have been transferred out of the wallet, though the feature doesn't seem to have been widely publicized and it's not clear when it was released. They also later reimbursed users who suffered losses from this exploit, to the tune of about $1.8 million.

Solfire Finance rug pulls for $4.8 million

The Solana-based asset management protocol Solfire attracted users with its promises of over 500% APY. Partnerships and mentions from other prominent Solana projects helped the project earn legitimacy, and they enjoyed over $12 million TVL at the project's peak.

However, on January 23, the project developers drained around $4.8 million from the project before deleting the project's website and social media accounts.

Co-founder of the team behind CryptoPunks v2 sells all 40 of his v1 Cryptopunks shortly before the team announces they view them as worthless

A pixel art character with pale skin and black hair on a purple backgroundV1 Punk #7276 (attribution)
The enormously popular Cryptopunks project, created by the LarvaLabs group, is actually on its second version. A bug in the original smart contract allowed users to retrieve their money after buying the original NFT, allowing people to "steal" the v1 NFTs, and so the project largely faded into obscurity in favor of the patched version 2. However, recently the NFT marketplace LooksRare allowed a project where people "wrap" their original punks and can trade them properly without encountering the bug. This apparently didn't go over so well with LarvaLabs: on January 31, the project tweeted, "PSA: 'V1 Punks' are not official Cryptopunks. We don't like them, and we've got 1,000 of them... so draw your own conclusions." However, @NFTethics noticed that one of the LarvaLabs founders sold all 40 V1 punks that he owned between January 23 and 25. Trading them shortly before the project released the tweet declaring they viewed them as worthless sure looks a lot like insider trading. The trades earned the founder a handsome total of 260 ETH (about $625,000). Fortunately for buyers of the wrapped V1 punks, LarvaLabs' announcement doesn't appear to have impacted trading price very much.

A surgeon tries to sell an NFT of an x-ray of a terror attack victim without the victim's consent

French surgeon Emmanuel Masmejean minted an NFT of an x-ray image of a bullet embedded in the fractured forearm of a person who was shot in the November 2015 Paris Bataclan attack. The NFT, which was listed on OpenSea for a starting price of around $2,800, was created without the consent of the victim. The doctor quickly took down the listing after it was noticed by media, and the head of Paris's public hospital system announced that the doctor would be facing criminal and professional complaints.

A conservationist and wildlife photographer decides the way to battle people "exploiting nature for personal gain" is by minting NFTs on the Ethereum blockchain

A photograph of a gorilla"Congo" NFT from the collection (attribution)
Conservationist and wildlife photographer George Benjamin tweeted about his new project, "The NFT Conservation Fund". "Over the last decade I've seen first-hand the devastation that our Earth is currently enduring, oftentimes feeling completely helpless," he writes. The project involves minting NFTs of his wildlife photography on the notoriously high-emissions Ethereum blockchain, and then contributing a measly 15% of profits to... get more wildlife photographers to do the same. Good news, though — the paper on which the limited-edition prints will be printed is "Forest Stewardship Council-approved"!

NFT creators announce an NFT collection to "honor" Kurt Cobain

A black and white photo of Cobain singing and playing guitar, with another guitarist next to himOne of the NFTs (attribution)
An NFT group announced that they'd be releasing NFTs created from photographs of a 1991 Nirvana show they performed shortly before Nevermind rose to popularity. The NFTs go on sale on what would have been Kurt Cobain's birthday if he was still alive. The creators say they seek to "honor" Cobain by releasing these NFTs, which makes you wonder if they've ever heard Cobain speak before.

Investors on Solana-based defi platforms experience mass liquidations caused by yet another outage

Tweet from aeyakovenko: "lol" with a screenshot of a spike in network trafficAnatoly Yakovenko's tweet during the outage (attribution)
Solana was so overloaded with bot transactions that users couldn't transact. As the cryptocurrency market in general continued to tank, users rushed to top up the collateral they had provided to keep their loans from being liquidated and found they couldn't get the transfers to go through. One user reported spending eight hours trying unsuccessfully to add collateral, before eventually getting liquidated and losing 500 SOL (about $47,500). It took Solana 24 hours to even identify the cause of the issue, and another 24 before they were able to resolve it. Traders watching their loans get liquidated were not impressed when Solana Labs co-founder tweeted "lol", with a screenshot of a Solana node showing high amounts of duplicate packets.

Scammers set up a new server at the URL previously used by Ozzy Osbourne's NFT project, stealing thousands

A brown pixel art bat with a toothy smile and a halo, on a teal backgroundCryptoBat #1783 (attribution)
Ozzy Osbourne's NFT project, CryptoBatz, changed to a slightly different Discord URL ("cryptobatz" rather than "cryptobatznft") some time after the new year. However, they forgot to take down at least one tweet mentioning the previous URL, and scammers were able to set up a new server at that location. Users were instructed to "verify", which redirected them to a phishing site where the contents of their wallets were stolen.

McDonald's steals an artist's work to present to Twitter as a proposed NFT profile picture

Screenshot of a tweet by Sarah Burssty, which has a pixel art version of the Twitter logo and says "you've come to the right place, one ponzi scheme coming up"The original tweet (attribution)
Shortly after rolling out their hexagonal NFT profile pictures, @twitter posted "gm, looking for an nft pfp". The next day, McDonald's German language communications account, @McDonaldsDENews, replied "Say no more!" with attached pixel art of the Twitter bird logo holding a McDonald's bag in its beak. After further investigation, the art was found to be nearly identical to an image from a tweet by @SarahBurssty, which ironically was created to criticize Twitter's support of NFTs.

MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"

Security researchers publicly disclosed a critical privacy vulnerability with the popular cryptocurrency wallet Metamask, where a malicious attacker can easily create an NFT and airdrop it to a victim to obtain their IP address (and thus potentially their location). Metamask founder Dan Finlay acknowledged that "this issue has been widely known for a long time", and that the researchers were "right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.