Meter Passport, another blockchain bridge, is exploited for $4.3 million

A bug in the Meter Passport smart contract allowed an attacker to pull 1400 ETH (~$4.2 million) and 2 wrapped Bitcoin (~$83,000) from the Meter Passport blockchain bridge. This was the second hack of a blockchain bridge in three days, following the enormous Wormhole Network exploit. Meter urged its users not to trade any meterBNB, which are currently unbacked, and wrote that they were "working on compensating funds to all affected users."

Trader trying to cash out their rewards from a DeFi platform loses more than $35,000 to a Twitter support scammer

A person using the TraderJoe DeFi platform to yield farm encountered issues when trying to "harvest" their rewards. They tweeted at the platform (@traderjoe_xyz) to get support, only to receive a reply from a very similarly-named account (@traderjoe_xyz_) asking them to message them. The trader did so, and when the scammer instructed them to connect their wallet to supposedly help the dev team troubleshoot, they did. When the scam account blocked them, they realized what they had done, and saw that the scammer had drained the holdings in their wallet and liquidated all of their active positions.

The trader reported that they lost more than $35,000. They wrote in a Reddit post, "I was unemployed and literally solely yield farming to hedge my student loan. I deposited almost the same amount of my debt, and was leveraging the fact that the return I was getting was higher than my loan's APR. While trying to earn $8-9 more, I lost $35k and my financial freedom."

Former Gumroad freelancer tweets that he no longer works for the company because the company was planning to get into NFTs, Gumroad founder has a bit of a meltdown

Tweet conversation. First tweet from Jacob van Loon: "your social media presence ranks among some of the worst ive ever seen for a company like yours. never used gumroad, never going to." Tweet reply by Gumroad: "According to your bio's email address, you already have."Tweet by Gumroad (attribution)
Brian Box Brown, an artist who had previously worked for the digital self-publishing platform Gumroad, tweeted that he was ramping up his original art sales because "my former regular freelance employer has let me know they'll be...Embracing NFTs so...we had to part ways." Gumroad founder, Sahil Lavingia, responded on the official 130,000-follower Gumroad Twitter account by sharing what appeared to be private messages between himself and Box Brown, and claiming that Box Brown had only refused to work on NFTs out of a fear of being "canceled" — a claim that apparently missed what appeared to be Box Brown trying to let the founder down gently in a message where he also wrote "I do not want to lose [my job]". Lavingia also lashed out with the Gumroad account at a person who criticized Gumroad's treatment of Box Brown. When the commenter wrote "never used gumroad, never going to", Lavingia appeared to leak private customer data when he replied, "According to your bio's email address, you already have."

By that evening, the tweets attacking their former employee and leaking customer data were all deleted, and the Gumroad account had pinned a tweet saying, "If and when we do anything related to crypto/NFTs, you'll hear it from us first. For now, no plans."

Someone tries to take out a loan against their Bitcoin holdings to get a mortgage, loses over $300,000

A prospective house-buyer wanted to pad their bank account to try to convince their bank to approve them for a mortgage. Their bank didn't consider Bitcoin holdings when evaluating a person's suitability for a mortgage (can't imagine why), and so the person decided to take out a loan on the BlockFi platform, putting up $600,000 worth of Bitcoin as collateral for a $300,000 loan. However, the borrower had bought their Bitcoin from a private source (rather than through one of the major exchanges), and it turned out the Bitcoin had previously come through a cryptocurrency mixer. Because of what BlockFi described to the borrower as "indirect mixing exposure", BlockFi called back the loan and the borrower "lost more than half of [their] BTC holdings, have a huge tax bill, and was screwed out of a fortune".

Even if things had worked out as this person planned, it seems like the bank might have wanted to know where $300,000 suddenly came from, and I don't know how "I took out a sketchy loan against my Bitcoin holdings, which you already don't think can qualify me for a mortgage" would have shaken out.

Hackers steal $1.9 million from KLAYswap crypto exchange

Some sophisticated hackers managed a BGP hijack on the servers powering KakaoTalk, a marketing and customer service application used by the South Korean KLAYswap cryptocurrency exchange. The hijacking enabled the hackers to serve malicious JavaScript that allowed hackers to intercept funds as a user initiated a transaction. Over a two-hour period, the hackers stole cryptocurrency totaling ₩2.2 million (about $1.9 million) from 325 customer wallets. The exchange acknowledged the hack the same day, and promised to compensate affected users.

Nike sues StockX for selling unauthorized NFTs of their shoes

A rendering of a card, showing a photograph of a red high-top sneaker. The card has the branding "StockX" on it, as well as "Vault NFT ERC-1155"NFT of a Nike Jordan 1 sneaker (attribution)
Nike filed a lawsuit in New York federal court against StockX, an online reseller that decided to get in on NFTs in January. StockX started selling "NFTs tied to physical products", and say that buyers are also purchasing the "opportunity to take possession of [the corresponding physical item]" at any time". Nike has objected to this, stating that the NFTs infringe their copyright, are likely to cause confusion among customers, and have hurt their reputation. According to the complaint, StockX has already sold more than 500 NFTs of Nike products. The StockX site shows that some Nike NFTs have traded for thousands of dollars. Amusingly, although the NFTs exist on the Ethereum blockchain, "cryptocurrencies are not an acceptable payment method for NFTs at this time" and NFTs can't be transferred or traded outside of the StockX platform. According to their FAQ, "StockX maintains custodial authority of all NFTs traded on the platform".

This lawsuit is somewhat similar to the January lawsuit by Hermés against artist Mason Rothschild, who has been selling "MetaBirkin" NFTs (though MetaBirkins describes itself as an art project, and promises no physical items).

Miami mayor Francis Suarez's MiamiCoin gambit lands the city $5.2 million, investors not so lucky

Miami mayor Francis Suarez eagerly hyped "MiamiCoin" ($MIA), a cryptocurrency created by a private company and not actually controlled by Miami. Suarez appeared on CoinDesk TV to say that MiamiCoin has "been mainstreaming significantly faster than bitcoin", despite trading for pennies, and not being listed on any exchange aside from the Singaporean OKCoin.

On February 2, Suarez excitedly announced that they had received their "first-ever disbursement... totaling $5.25M". He didn't mention that the coin is trading at 90% below its all-time-high and 35% less than its initial price of $0.01. Both the OKCoin exchange and the coin creator previously advertised that buyers could earn "430% APY" by participating in some sort of staking program with the coin. All current holders of the coin, such as the Miamians Suarez encouraged to invest, have lost money even when factoring in staking rewards, says Protos.

Wormhole, a cross-blockchain bridge, is hacked for more than $320 million in one of the largest hacks to date

The Wormhole Network is a blockchain bridge between Solana and various other blockchains, allowing assets to be traded across the different and not otherwise interoperable chains. After an attacker was able to spoof a guardian account, Wormhole was exploited on February 2 for 120,000 wETH, or about $326 million. The network was taken down for maintenance, and Wormhole promised that "ETH will be added over the next hours to ensure wETH is backed 1:1". The parent company of Wormhole, Jump Trading, replaced the funds that had been drained; meanwhile, Wormhole offered a $10 million bounty to try to tempt the attacker into returning the funds. The hack was the fourth-largest cryptocurrency theft of all time, trailing behind the $480 million Mt. Gox theft in 2014, the $547 million Coincheck theft in 2018, and the $611 million Poly Network theft (that was later returned) in 2021.

Game studio behind Worms games series does a quick U-turn on their NFT project after massive backlash

A glittery rainbow worms character, holding some sort of spherical object, on a base that says 'Colonel'MetaWorms NFT (attribution)
Team17, the studio behind the many Worms games, announced their plans for "MetaWorms": NFTs based on the characters from the games. The announcement on January 31 apparently blindsided development teams who've published with Team17 — shortly after the announcement, three teams published statements condemning NFTs. One team, Aggro Crab, also announced they wouldn't be working with Team17 going forward. The three statements also all urged fans not to harass Team17 staff and community managers, with one announcement by Playtonic saying they were "unwittingly affected by NFT announcements". Backlash from fans had been swift and fierce, and in some cases extreme. The following day, Team17 wrote that they were ending the project and "step[ping] back from the NFT space".

HitPiece catches heat for selling song and album NFTs without seeking consent from the artists

Two listings for sale on the HitPiece website: "Tokyo DisneySea Theme Song" and a German-language Star Wars song, "Die Belagerung von Lothal - Teil 2 - Kapitel 6"You have to admit they have guts for so prominently listing stolen IP from the notoriously-litigious Disney (attribution)
The industrial band Choke Chain tweeted, "Yo a bunch of industrial scene acts (including me) have NFTs for sale on the site hitpiece.com I did not put it online and I assume you probably didn't either, fucked up". A look through the site shows that it is chock full of almost certainly unauthorized NFTs of music not just from industrial bands, but from contemporary pop music artists, k-pop groups, Disney, and many others. The group appears to be simply scraping Spotify and publishing everything as NFT auctions.

The project's website writes, "Each time an artist's NFT is purchased or sold, a royalty from each transaction is accounted to the rights holders account." They do not write about how this is supposed to work when the artists have had zero involvement in the NFT being created to begin with, or have no cryptocurrency wallets at all. The FAQ also includes a hilariously handwavy answer to the question most people learning about NFTs have: "What utility does owning an NFT give me?" HitPiece writes, "Artists provide NFT owners access and experiences."

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.