A Review of the Absurd Moments in the Crypto Space in 2022

Written by: iambabywhale.eth, Foresight News

The year 2022 is coming to an end, and this year the Web3 world has plunged into a low point alongside the global economy. In addition to the macro environment, the successive collapses of institutions such as Terra, Three Arrows Capital, Celsius, and FTX have dealt a more severe blow to the already impacted Web3 sector.

The market trend continues to decline without signs of recovery even as the year ends. In what is likely to continue as a "crypto winter," let us review the absurd moments of many Web3 projects this year with a light-hearted attitude as we welcome the upcoming 2023.

Image source: Foresight News

Parameter Error, Rewards Paid "Early"

At the beginning of the year, the ILO of the NFT market X2Y2 attracted considerable attention, with a model that allocated all transaction fees to token holders, leading to expectations of X2Y2 as a "decentralized OpenSea." While the NFT market was still hot at the beginning of the year, the X2Y2 token saw a brief rise before plummeting. When everyone was surprised, the project team discovered the issue during a halving of staking: an error occurred in setting the initial parameters of the staking reward contract, resulting in X2Y2 distributing 56% of a total reward of 200 million in the first 30 days instead of the initially planned 18%.

The upper part of the image shows the planned reward amount, while the lower part shows the actual reward amount.

This mistake left many users who had high hopes for it feeling hard to accept. Subsequently, X2Y2 also initiated a token burn plan to mitigate the consequences of this error as much as possible. Today, X2Y2 has developed into a mainstay in the NFT market, and the initial mistake has gradually been forgotten.

Wrong Transfer Address, 120 Validators Failed to Notice

At the beginning of this year, two projects in the Cosmos ecosystem, Evmos and Juno, briefly gained attention for airdropping to ATOM stakers, but both projects faced significant difficulties with their airdrops and mainnet launches. Juno, in particular, made outrageous moves more than once.

First, a whale who received millions of JUNO tokens was targeted by the Juno community after cashing out part of their holdings, leading to a ridiculous proposal that reduced the whale's holdings from 3 million to 50,000 tokens, which ultimately passed. However, considering that the whale exploited a loophole in the airdrop rules to acquire a large number of tokens and continued to sell after promising to stake most of them, such a "centralized" proposal was somewhat understandable.

Then, an even more astonishing incident occurred. A developer mistakenly transferred 3 million JUNO tokens to the wrong address that should have gone to the community, and even more absurdly, none of the 120 validators on the network noticed the error in the receiving address. The community had to submit another proposal to transfer the funds back to the community address, bringing this farce to an end.

Code Vulnerability, User Nearly Becomes "World's Richest"

As the issuer of the NEAR native over-collateralized stablecoin USN, Decentral Bank created the shortest lifespan for an algorithmic stablecoin: 6 months. FTX and Alameda Research, as one of NEAR's main investors, went bankrupt, causing NEAR's price to plummet, leading to insufficient collateralization for USN, and ultimately resulting in NEAR abandoning USN.

In a deteriorating market environment with an uncertain future, NEAR's decision to cut costs may not have been a bad choice, but today we are not discussing the event itself.

On July 8 of this year, just over two months after the official launch of USN, a significant vulnerability was discovered that nearly "wiped out" USN. The vulnerability occurred when users attempted to exchange USN for USDT through Decentral Bank; if the user's wallet did not have USDT, the transaction would fail, and due to a counting error during contract refunds, the refund amount was inflated by a trillion times. A user attempting to exchange 5 USN for USDT found that due to the vulnerability, after two attempts, the contract refunded nearly 10 trillion USN.

Fortunately, this vulnerability was not widely exploited, preventing irreparable losses. As the security of algorithmic stablecoins faces increasing scrutiny, while stablecoins hold significant strategic value, the timing and decision to launch them must be carefully considered.

Wintermute Loans to Wrong Receiving Address

The airdrop of the Ethereum Layer 2 network Optimism was one of the few highlights during this bear market, but some subsequent actions left this billion-dollar financing star project in disbelief.

The first outrageous action occurred in June, but the protagonist was not Optimism, but the market maker Wintermute, which borrowed 20 million OP tokens against a collateral of 50 million dollars for market making. Due to an internal team error, Wintermute provided Optimism with a Gnosis Safe multi-signature wallet address deployed on the Ethereum mainnet instead of the pre-prepared Optimism address. This ridiculous mistake allowed a hacker to steal the 20 million OP tokens through a replay attack. The hacker then traded 1 million OP for Ethereum, sent 1 million to Ethereum founder Vitalik Buterin's address, and returned 17 million OP. In the end, Wintermute stated it would return the remaining 2 million OP, and the story concluded there.

Annual Inflation Rate Mistakenly Increased by 10 Times, Optimism Urgently "Wipes Zero"

Continuing from the previous story, the second incident occurred in October when Optimism announced on Twitter that the total supply of OP tokens would inflate at a rate of 2% per year, but when deploying the contract, this rate was mistakenly set to 20%. Later that day, they announced that the contract logic would be updated to the expected 2%. Fortunately, OP's inflation was set to begin in 2023, so it did not cause too much impact.

Optimism, Wintermute, Juno, and X2Y2 all made such basic errors of incorrect addresses or parameters, reminding us that for irreversible on-chain transactions, we should be serious and cautious.

Withdrawal Amount Mistakenly Recorded Account Number, User Wins Millions

As one of the first cryptocurrency exchanges to be FUDed after FTX filed for bankruptcy, Crypto.com temporarily "survived" by publicly disclosing reserve information, but this year the exchange also made some "stupid mistakes."

The first incident, although not occurring this year, still remains unresolved. In May 2021, two female users in Melbourne received 10.5 million AUD instead of the 100 AUD they withdrew from the crypto exchange Crypto.com, which was only discovered by Crypto.com during the annual audit in December 2021. According to Crypto.com, an employee mistakenly entered the withdrawal amount as the account number during payment, resulting in a large sum being incorrectly transferred to their bank account. Subsequently, Crypto.com filed a lawsuit, and the Supreme Court of Victoria ruled in August that the funds must be returned to the company.

Hundreds of Millions of Assets "Transferred Wrong"?

If the first incident can be somewhat understood, the second incident raises many doubts. On November 13, Twitter user @jconorgrogan tweeted that on-chain data showed that a certain address of Crypto.com had transferred approximately 285,000 ETH to the exchange Gate.io in October, and a few days later Gate.io returned it to another address of Crypto.com, but both addresses subsequently appeared on the list of cold wallet addresses for offline storage of user assets published by Crypto.com. Crypto.com CEO Kris responded that "this should be a new cold wallet address, but it was sent to a whitelisted external exchange address. We worked with the Gate.io team, and the funds were subsequently returned to our cold wallet. To prevent this from happening again, we have implemented new processes and features."

From Kris's statement, it seems that Crypto.com mistakenly transferred Ethereum worth hundreds of millions of dollars to Gate.io. If this is the case, such a mistake is indeed outrageous and could directly lead to Crypto.com's downfall. However, many speculate that this move might have been a borrowing action for reserve proof, and the real situation may only be known to the parties involved.

Attacking Oneself to Prevent Being Attacked

On November 4, Beijing time, Gala Games' token pGALA, which was cross-chained to BNB Chain via pNetwork, suddenly plummeted to nearly zero. Subsequent on-chain information revealed that an unknown address had minted pGALA tokens worth 1 billion dollars out of thin air on the BNB Chain, nearly exhausting the pGALA/BNB liquidity pool.

Everyone initially thought this was a typical hacker attack until two days later…

On November 6, Beijing time, the pNetwork team noticed a configuration error in the pNetwork cross-chain bridge for GALA. Due to this configuration error, the ownership of the pGALA smart contract deployed on the BNB Chain had been taken over by hackers. The funds involved in this pool amounted to 400,000 dollars, and the attacker who gained ownership of the smart contract did not launch any attacks.

Subsequently, pNetwork contacted Gala Games and decided to suspend the cross-chain bridge and drained the pGALA/BNB PancakeSwap pool liquidity through a white hat operation, attempting to retain BNB so that funds could be returned to its liquidity providers once the situation was under control.

What followed was the massive issuance and price collapse we witnessed. Regardless of whether pNetwork's method of draining the liquidity pool was reasonable, its failure to clarify the situation immediately led to Huobi being arbitraged due to not closing the deposit channel in time. Such self-righteous behavior is indeed undesirable.

600 Million Dollars Stolen, Project Team Realizes Too Late

In March of this year, the Ronin Network of Axie Infinity was hacked, resulting in the theft of 173,600 ETH and tens of millions of USDC, totaling over 600 million dollars in assets. The attacker took nearly two months just to transfer the stolen assets. This incident is suspected to be the work of a North Korean hacker group, which gained control of some of the Ronin Network's validator nodes by infiltrating the computers of technical staff through a fake offer, ultimately gaining control of the liquidity funds.

The most puzzling aspect of this incident is that the theft occurred on March 23, but the project team only realized the funds were stolen on the 29th when they attempted to cross-chain and found no liquidity, thus missing the best opportunity to recover the stolen funds. Although some funds were intercepted by the project team and law enforcement, most of the funds still fell into the hands of the hackers.

Of course, the so-called "prophet" of this incident did not benefit either. Crypto KOL Cobie tweeted that six days prior, he discovered that the Ronin Network of Axie Infinity had been hacked for 600 million dollars and shorted AXS with high leverage. Since no one noticed the hacker's presence for six days, he was liquidated within 24 hours after shorting.

Ukraine: The First Country to Raise Funds through Airdrop Expectations

Clearly, the Ukrainian government is not a Web3 project, but its method of attracting donations through airdrop expectations is undeniably professional.

Back to the beginning of the year, a war broke out between Ukraine and Russia. Subsequently, the Ukrainian government and some third parties opened cryptocurrency donation channels. The Ukrainian government then announced that it would airdrop to donors and declared a snapshot would take place at 00:00 on March 4, Beijing time. On the day the snapshot time was announced, the donation amount exceeded 50 million dollars, with many cryptocurrency users who had no intention of donating participating in the donation frenzy just for the "airdrop."

Just as everyone eagerly awaited the airdrop distribution, Ukrainian Deputy Prime Minister Mykhailo Fedorov tweeted the day after announcing the snapshot that after careful consideration, they decided to cancel the airdrop and would soon announce a plan for issuing NFTs to support the Ukrainian armed forces.

While this move may not have affected those who genuinely wanted to help Ukraine, it left many donors who contributed for the airdrop feeling very dissatisfied. Subsequently, the Ukrainian government introduced various "playful" methods for fundraising, but the flip-flopping behavior clearly turned many people off, leading them to jokingly claim they had been "reverse scammed."