Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

Futureverse announces restructuring two years after raising $54 million

In 2023, there was no shortage of buzzy press coverage for Futureverse, which promised to build a metaverse and gaming-focused blockchain. They partnered with Ready Player One author Ernest Cline to build the "Readyverse". They partnered with the estate of Muhammad Ali to build an "AI-powered" boxing game (with NFTs!) They partnered with Rebook to build a "virtual sneaker design experience", where customers could design sneakers to equip to their Fortnite or Roblox characters. That year, the company had raised $54 million in a Series A round led by 10T Holdings and Ripple Labs. They made even more money from token sales to retail investors.

As recently as this year, Futureverse was earning spots on "most innovative company" lists. In April, they announced they'd be acquiring Candy Digital, an NFT company created by Mike Novogratz, Gary Vaynerchuk, and others (which itself had raised a $100 million series A in 2021, and another funding round in 2023). "NFTs will be back in a big way one of these days", wrote Axios, covering the sale in April 2025.

But now, Futureverse has announced they've "made the difficult decision to begin a restructuring of the business". Focusing only on the AI portion of their business, and conspicuously omitting any mention of blockchains, NFTs, or metaverses, the company says they "recognize that adjustments are needed to ensure the long-term sustainability of our vision."

Futureverse locked comments on the post, likely to try to dodge angry community members who accused the company of stealing from them or rug-pulling.

Theme tags: Bummer
Tech tags: metaverse

Hypervault rug pulls for $3.6 million

Only days after the Hypervault yield farming platform announced on Twitter that they'd surpassed $5 million in total value locked, the platform suddenly shut down its website and social media accounts. Simultaneously, the crypto security firm PeckShield observed an "abnormal withdrawal" of a large quantity of various crypto assets priced at around $3.6 million, which were swapped to 752 ETH (~$3.1 million) and laundered through Tornado Cash.

The project had attracted customers by advertising yields of 76–95%.

Theme tags: Rug pull
Tech tags: DeFi

SBI Crypto likely suffers $21 million theft

Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through instant exchanges and Tornado Cash, in ways zachxbt observed were similar to tactics of North Korean crypto thieves.

SBI Crypto has not made any public statements addressing the apparent theft.

Theme tags: Hack or scam

Griffin AI exploited for $3 million one day after launch

One day after Griffin AI launched its GAIN token on Binance Alpha, an attacker minted 5 billion fake GAIN tokens on the Ethereum blockchain, then exploited a cross-chain endpoint to trick the bridge to the Binance chain into recognizing them as the real thing. The attacker was only able to sell a small fraction of their tokens, but they made off with approximately $3 million as the token plunged in price. According to CEO Oliver Feldmeier, the exploit was enabled by "a misconfigured layer Zero (cross-chain messaging) set-up and compromised key".

Griffin AI promises to allow customers to "build, deploy, and scale autonomous AI agents for crypto finance". These are essentially AI-powered bots that perform various functions — some of Griffin's advertised examples include a "robo-adviser" to provide "tailored investment strategies", and bots to do arbitrage trading or manage staked assets.

Theme tags: Hack or scam
Blockchain tags: Blockchain: BNB Chain, Ethereum

Seedify launchpad project suffers bridge exploit

An attacker exploited bridges for SFUND, the token issued by the Seedify launchpad and incubator. It appears the exploiter has profited around $1.7 million from the theft. Seedify issued a statement announcing the theft, and said the bridge contracts that were exploited had been deployed for three years. The SFUND token crashed in price by around 80% before recovering somewhat.

Seedify has been a launchpad for blockchain games, NFT projects, and other web3 products. The team recently has embraced "vibe coding" — a practice in which people rely heavily on AI to generate code.

Theme tags: Hack or scam
Blockchain tags: Blockchain: BNB Chain, Ethereum, Polygon

UXLINK exploited for around $28 million, then hacker gets phished

The "AI-powered web3 social platform" UXLINK was exploited by an attacker that gained control of the project's multisignature wallet, then minted billions of the project's UXLINK token. Though the tokens were worth hundreds of millions of dollars on paper, low liquidity and a crashing token price means the attacker cashed out around $28 million.

Shortly after the hack, the attacker apparently approved a phishing contract, perhaps in their rush to swap tokens before the price crashed further or before exchanges could freeze the tokens. Around 542 million of the UXLINK tokens were sent to a phishing address as a result, though it doesn't appear the phishing wallet has been able to sell the tokens.

Theme tags: Hack or scam

Yala stablecoin depegs after $7.6 million theft

The YU bitcoin-backed stablecoin lost its intended dollar peg after what they described as "an attempted attack", later writing that there was an "unauthorized transfer of funds". Although they initially wrote that "All funds are safe", they later stated that they "identified the stolen assets on-chain and are actively working with law enforcement to pursue recovery." Research firm Lookonchain observed a large mint of the YU token that may have been related — if so, the attacker successfully stole at least 1,501 ETH ($6.75 million), and holds a substantial quantity of YU they still haven't sold.

Despite the project's attempted reassurances, the YU stablecoin lost its $1 peg, plummeting as low as around $0.20. As of writing, about a day later, the stablecoin is still well below its peg, at around $0.94.

Theme tags: Hmm
Blockchain tags: Blockchain: Bitcoin
Tech tags: stablecoins

Shibarium bridge hit with $2.4 million flash loan attack

A bridge for Shibarium, the layer-2 network for the Shiba Inu project, was exploited for approximately $2.4 million in funds. The attacker bought 4.6 million BONE tokens (the governance token for Shibarium) using a flash loan, then used compromised validator signing keys to take control of the majority of validator power. Then, they used that control to drain around 225 ETH and 92.6 billion SHIB, together priced at around $2.4 million at the time of the theft.

The project has paused staking on the network, freezing the BONE tokens borrowed by the attacker, which may limit the attacker's profits.

Theme tags: Hack or scam
Tech tags: DeFi

Thorchain founder exploited for $1.35 million

John-Paul Thorbjornsen, the founder of Thorchain and Vultisig, suffered a wallet drain, reportedly after experiencing a video meeting scam from an attacker who had exploited the Telegram account belonging to one of his friends. According to JP, the scammer used a malicious video call link to place malware on his computer, which then exfiltrated private keys for one of his crypto wallets. Some questioned whether he had made up the story, as he immediately began using the story to promote his Vultisig product.

Later that week, Thorbjornsen apparently suffered another loss — this one confirmed on-chain to be around $1.35 million.

According to crypto sleuth zachxbt, the attackers appeared to be a part of North Korean crypto hacking operations. "JP is one of the people whose has greatly benefited financially from the laundering of DPRK hacks/exploits. So it’s a bit poetic he got rekt here by DPRK," he wrote.

Theme tags: Hack or scam

$41.5 million stolen from SwissBorg in Kiln API exploit

Thieves stole 192,600 SOL (~$41.5 million) from a wallet belonging to the Swiss cryptocurrency exchange SwissBorg. The attack is being blamed on a vulnerability in the API of Kiln, a staking partner used for SwissBorg's "Earn" program.

SwissBorg announced that they would be reimbursing impacted customers using treasury funds, and working with security firms and law enforcement to try to recover the stolen assets.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.