Nifty's was a web3 business backed by the likes of Mark Cuban, Joey Lubin, Coinbase, and Dapper Labs. In 2021, they raised a $10 million seed round, and launched as an NFT-focused company in July 2021 with a collection of Space Jam NFTs to accompany the widely panned box office disappointment, Space Jam: A New Legacy.
The platform later partnered with other companies to produce NFT collections for franchises including The Matrix and Game of Thrones, the latter of which featured hilariously bad artwork. The company then pivoted to a broader web3 focus as the NFT bubble collapse led the broader crypto downturn.
However, their promised web3 platform never materialized, and now the project has reached "the end of [its] runway".
Nifty's is not to be confused with Nifty Gateway, a separate NFT platform run by the embattled Gemini crypto platform.
Uwerx is a nascent project intending to build a blockchain-based freelancer marketplace, because what better concepts to combine than blockchains and the gig economy? Sadly for them, just after completing their token presale, it was hit with a exploit that enabled an attacker to siphon 176 ETH (~$324,000) from the platform.
The project was audited by SolidProof and InterFi. The project announced that they intended to relaunch the token, and asked the exploiter to consider returning 80% of the funds, keeping 20% as a "".
Although Coinbase's Base blockchain is at this stage intended for testing only, people have begun bridging substantial assets to the platform and using various services in anticipation of its official launch.
One such service is LeetSwap, which describes itself as the "The #1 ecosystem for elite built on the leetest blockchains", and which recently launched its service on Base. On August 1, LeetSwap was exploited after an attacker discovered a function that allowed them to manipulate token prices on the project for a profit of around 342 ETH (~$624,000).
LeetSwap attempted to contact the hacker via social media, asking them to return all but 50 ETH (~$92,000, or around 15% of the stolen funds).
A , also called an address poisoning attack, occurs when a phisher creates a blockchain address very similar to that of a target victim's , and sends zero-value token transactions to the victim's addresses from the wallet in hopes that the victim will later mistake the phishing address for the real one and send funds to it. It sounds unlikely to work, but users often fail to verify every character of the destination address they're using, opting instead to copy it from their transaction histories, and this can profit scammers substantially.
Someone intending to transfer Tether amounting to $20 million apparently didn't think it was important to double-check the address, and fell for such an attack.
However, only 51 minutes after the theft, the victim had managed to get Tether to add the thief's address to its blacklist, freezing the assets and thwarting the attack. The rapidity of the freeze led various people to question who the victim might be who could get Tether to intervene so quickly.
A memecoin called $BALD, built on the Coinbase Base test network, appears to have rug pulled for at least $25.6 million. Although the Base network is meant to be used for developer testing, some people have tried to trade on the network before its official launch.
A pseudonymous crypto user called "Bald" announced that they would be selling $BALD tokens on the Base network, and the token — apparently named after the hairless Coinbase CEO Brian Armstrong — quickly skyrocketed in price. However, the token deployer emptied tokens priced at around $25.6 million from the liquidity pool two days after launch in apparent . The token price quickly plunged by around 90%.
Conspiracy theories emerged that the Bald account was in fact operated by Sam Bankman-Fried, the former CEO of FTX who is on house arrest under strict supervision and without access to most websites as he awaits trial later this year.
The SEC filed charges against Richard Heart, the operator of Hex, PulseChain, and PulseX. Despite Heart's best attempts at evading securities laws — including by asking people to "sacrifice" tokens in exchange for PLS and PLSX to avoid using the term "invest" — the SEC says he's been conducting unregistered securities offerings amounting to more than $1 billion.
In addition to the unregistered offerings charge, the SEC alleges Heart and PulseChain misappropriated $12.1 million to fund Heart's lavish lifestyle. Among other things, he purchased a McLaren sports car, five luxury watches, and a $4.3 million 555-carat black diamond called "Enigma", allegedly using funds from the sale.
Some types of Curve factory pools, including one operated by AlchemixFi and one by JPEG'd, were exploited. The attack stemmed from an issue in the Vyper language, a programming language that is similar to Solidity. Early investigations suggested that versions of the Vyper compiler had improperly implemented a guard, leaving some projects vulnerable to that type of attack. Vyper tweeted an announcement that the versions were vulnerable, and urged "projects relying on these versions [to] immediately reach out to us".
Curve itself lost $61 million to the exploit. AlchemixFi was exploited for around $13 million in assets, and JPEG'd suffered a $11 million loss. MetronomeDAO suffered a $1.6 million loss, Ellipsis Finance lost $68,600, and Debridge Finance lost around $24,600.
Altogether, somewhere between $88 million and $100 million was taken, though some exploits appeared to be actions intended to preserve funds. The primary exploiter also later returned some of the stolen funds, refunding the entire amount to AlchemixFi and 90% of funds to JPEG'd in exchange for a 10% "".
The defi yield aggregator project Kannagi Finance rug pulled on July 29 as its creators drained the $2.13 million . Kannagi Finance deleted its website and social media accounts following the exit scam.
Blockchain security firm SolidProof had Kannagi in June.
Traders hoping to get in on the next big memecoin eagerly snapped up a token called Pond0x, a Pepe the Frog-branded memecoin launched by Pauly0x. Pauly0x is Jeremy Cahen, a crypto personality best known for his creation of CryptoPhunks, NotLarvaLabs, and involvement in the Ryder Ripps lawsuit.
However, serious flaws in the Pond0x contract resulted in traders losing at least $2.2 million as people discovered that anyone could transfer coins belonging to other people. People quickly began rushing to steal coins from one another.
Pauly0x responded by blaming the traders who bought and sold the tokens, and spent the following day variously posting on Twitter that he was teaching people a lesson, that it wasn't his fault that people lost money, and suggesting that the flaw was part of a bigger plan for the project. "No one stole your tokens lol. The contract is literally designed as such," he wrote to angry traders accusing him of a . He added to the website a message reading, "GREED KILLS".
A defi project called DeFiLabs was able to for $1.6 million thanks to a backdoor written into the . After traders bought into the project, its creator was able to call the withdrawFunds function to make off with the project's assets.
DeFiLabs claimed on Twitter that the platform "encountered an unexpected issue" while "undergoing maintenance and updates".
DeFiLabs had been by blockchain security firm CertiK.
