FixedFloat exchange hacked for $26 million

The FixedFloat cryptocurrency exchange was exploited for around 409 BTC (~$21.17 million) and 1,728 ETH (~$4.85 million) for a total loss of just over $26 million. FixedFloat is a decentralized cryptocurrency exchange that doesn't require user registration or Know Your Customer, making it popular for hackers looking to launder stolen funds.

FixedFloat first wrote that they had "encountered some minor technical problems", then acknowledged that there had been a hack. FixedFloat is non-custodial, so no user funds were impacted, however some have reported frozen transactions and missing funds from using the service on social media.

Yuga Labs acquires Moonbirds amid speculation of insider trading

Pixel art of a white owl with one squinting eye, wearing a forest ranger hat, on a light green backgroundMoonbirds #768 (attribution)
On February 16, the NFT giant Yuga Labs announced it would be acquiring the Moonbirds NFT project. This adds to list of blue-chip NFT collections controlled by Yuga Labs, which already included their original Bored Ape Yacht Club and spin-off NFT collections, and the CryptoPunks and Meebits collections they acquired in March 2022. Decentralized!

Anyway, after the acquisition was announced, prices for Moonbirds spiked, as was to be expected.

What wasn't expected was a notable spike in trading in the days leading up to the acquisition announcement, in which some wallets began accumulating large amounts of Moonbirds and related NFTs. One such wallet purchased 80 Moonbirds, 71 Moonbird Mythics, 28 Oddities, and 13 Mythic eggs in the week leading up to the announcement, and enjoyed several hundred thousand dollars in profits after the acquisition was announced.

Trader loses $4.5 million in phishing attack

A trader known as kirilm.eth fell victim to a phishing attack, losing over 180 million BEAM tokens to a scammer. BEAM is a token belonging to the Beam blockchain gaming network, built by the Merit Circle DAO.

The stolen tokens were notionally priced at around $5.14 million, although the sale of the stolen tokens resulted in a price drop that meant the attacker ultimately was only able to trade them for 1,629 ETH (~$4.5 million). The BEAM price dropped around 10%.

YouTuber KSI accused of pump-and-dump

Crypto sleuths Coffeezilla and zachxbt teamed up on an investigation into YouTuber and crypto promoter KSI, accusing him of pumping up interest into the XCAD project and then dumping tokens priced at $850,000 shortly after, when some of his millions of followers had likely bought in and pumped the price.

Although the token dumping occurred in March 2022, zachxbt waited until now — when KSI returned to his dormant Twitter account — to release the evidence he'd collected.

KSI had previously claimed to followers that he was "holding his bags", meaning not selling the XCAD tokens he'd purchased or been given. zachxbt determined this to have been a lie. The XCAD founder later came to KSI's defense, claiming he had bought more tokens than he sold, as though that somehow justifies the behavior.

"Decentralized" social network Farcaster criticized after confiscating channel name to be used by influential crypto podcasters

Conversation with Dan Romero
hey there
/bankless wants their channel :)
can I refund you $25 worth of USDC on Base

Dan with all due respect, bankless is a brand using a common word that has been in our space for a decad
If I was using their logo and perpetrating like I was them, that would be different
This sets a really poor precedent.

Do you have examples of where you are using Bankless?
happy to be convinced otherwiseConversation between the accused squatter and Farcaster co-founder Dan Romero (attribution)
One of the promises made by proponents of crypto-focused decentralized social networks like Farcaster is that you can't be de-platformed by centralized companies, and you maintain control over your own presence on these platforms.

This made it a bit of a shock when the co-founder of the a16z-backed Farcaster blockchain-based social network messaged a user to inform them that he would be taking away the channel name he had registered, whether he agreed to it or not. According to the co-founder, Dan Romero, the popular Bankless crypto podcast had requested the bankless channel name, which the user he was messaging had already registered.

After the user argued back against Romero's offer of $25 in USDC to reimburse him for the channel name, and said it set a poor precedent, Romero stated: "ok this isn't productive. do you want USDC for the refund or warps" (referring to the non-crypto points used by the Warpcast client for Farcaster).

On one hand, some criticized the user who had registered the name for allegedly squatting on the channel name and trying to resell it. Romero defended his decision by arguing, "I never said channels were decentralized yet" (though the platform does generally claim to be "sufficiently decentralized"). Others argued the action set a bad precedent, and flew in the face of the ethos supposedly motivating these types of web3 social networks.

Romero has promised on Twitter that Farcaster channels "will be onchain later this year and like [user identifiers] won't be able to be touched." When pushed on the precedent this sets, he replied, "So let the squatter extort money?" Romero clearly needs to grapple with the fact that, like it or not, squatting is a feature of systems that take a hands-off approach to managing access to identifiers. This should not be news to anyone remotely familiar with the web, where "domaining" emerged out of the relatively laissez-faire structure of DNS — though unlike with fully decentralized identifiers, there can be some intervention when domain name speculation enters the realm of cybersquatting.

Creator of "Robotos" NFT project, once collaborating on a TV series with TIME studios, accused of rug pull

A doodle of a robot with a gold crown, a blue suit jacket over a white shirt and black tie, and pink eyesRoboto #2767 (attribution)
Pablo Stanley, an artist who created the "Robotos" generative NFT collection, posted two final messages from the Robotos Twitter account. First, "it was a good run! thank u, all!", then an image of the Twitter log-out button with "forever and ever".

Rewind to November 2021, when it was announced that TIME Magazine's film and production studio would be collaborating with Stanley to develop a children's animated TV show based on the Robotos NFTs. The announcement helped to drive interest in the NFT collection, which reached a peak floor price of around 1.5 ETH (~$5,000 at the time).

Since then, no show has materialized, and the collection's floor price has dwindled. NFTs from the collection have recently sold for around 0.015 ETH (~$42). In the project Discord, Stanley claimed that TIME had lost interest in the project after the writer's strike. He also wrote that he had lost faith in web3: "Glad you still believe. It's hard for me to believe in it anymore." He explained that he had viewed Robotos as a "personal side project", and that he was "sorry if that's not enough for most people, but that's all I have the appetite for, and that's all I can offer."

Duelbits crypto casino exploited for $4.6 million

The Duelbits crypto casino and sports betting website was drained of around $4.6 million on both the Ethereum and BNB Chain blockchains. The funds were quickly bridged or exchanged to ETH.

It appears that the thief got access to a Duelbits wallet, perhaps through a private key compromise.

Yuga Labs bungles "free" Otherside NFT drop

An illustration of a grey cylinder, seemingly made from stone, with glowing gold light inside it appearing through some cracks and designsyuga-ship-part (attribution)
Some fans of Yuga Labs (the company behind Bored Apes and the much-anticipated Otherside metaverse gaming project) are questioning how much progress the company can really have made on the as-yet-unreleased flagship Otherside gaming project, if they managed to screw up an NFT design this badly.

Yuga released a new NFT, intending to function as ship parts that could be combined to create a ship to be used in the game. Players who had completed an Otherside minigame would be eligible to mint these NFTs for free. However, the "free" NFT cost around $30 in gas fees to mint. Worse still, the parts were meant to be repeatedly traded and combined to make new parts and ships, leading fans to wonder why on earth they decided to release the project on a blockchain where each transaction often costs tens of dollars.

Apparently realizing they'd made a mistake, Yuga first responded by announcing they would gift people free "Catalyst" NFTs to make it up to them. This only sparked further rage, though, as it was seen to dilute the value of the Catalyst NFTs and throw off incentives.

Yuga later reversed course on this decision, instead deciding to reimburse the gas fees.

This was not Yuga Labs' first gas-related fiasco, after they caused gas fees to spike into the thousands of dollars across the entire Ethereum network in April 2022 during the initial Otherside land sale.

One observer wrote, "[W]hat's the plan for the marketplace in Otherside that is supposed to support millions of daily microtransaction? I'm afraid this means Otherside is much less developed than we would like to hope. These decisions are entry level mistakes, not mistakes we should see from the biggest company in the space developing a metaverse. If the Otherside mint wasn't an eye opener, then this wont be either."

PlayDapp crypto gaming platform exploited, spurring misleading headlines

The South Korean blockchain gaming platform PlayDapp was hacked on February 9, and an attacker minted 200 million $PLA tokens. These were notionally priced at around $36.5 million, although because only 577 million $PLA were in circulation before the unauthorized mint, there would not have been sufficient liquidity for the attacker to sell them at around that price.

Days after the initial attack, on February 12, the attacker minted another 1.59 billion $PLA. This has led to news reports that the platform was exploited for "$290 million". However, this value is being naively calculated based on the token price without taking into account the massive supply inflation, and ignoring that that dollar figure is more than 2.5x the total claimed market cap of the token. Even reputable outlets like Bleeping Computer have printed the figure in their headline (though Bleeping Computer later changed the headline to a more accurate one).

PlayDapp sent on-chain messages to the attacker, offering a bounty, but the offer was ignored.

Solana goes down for five hours

They were doing so well! After suffering a slew of outages during 2022, Solana had seemed to get their act together in 2023 with only one major outage. Now, however, Solana has gone offline again for five hours.

With blockchains promising to become "world computers" upon which anyone can create projects ranging from mere toys to critical infrastructure, uptime is crucial, and a five-hour-long outage is devastating.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.