NFT

Did a CryptoPunk NFT Just Sell for $500 Million? Sort of, in a Transaction That Illuminates How the NFT Market Differs From the Art Market – artnet News

Published

2 years ago

November 7, 2021

The transaction took place using a “flash loan.”
Amy Castor, November 1, 2021
On Thursday night, a CryptoPunk with wild hair and black lipstick, traits that aren’t particularly rare as far as the pixelated NFT characters go, sold for an eye-popping half a billion dollars—in crypto, of course.
A Twitter bot that tracks CryptoPunk sales announced the news shortly before 8 p.m. E.S.T., sending crypto Twitter abuzz and making people wonder what the heck just happened. Was this massive money laundering, or what?
If this were a real art sale, it would have made CryptoPunk 9998 the most expensive NFT ever, far surpassing Punk 7523, which sold for $11.8 million in June, and leaving the Beeple NFT that sold for $69 million in March in the dust.
But this wasn’t a real art sale. It wasn’t money laundering or an exploit either. It was simply crypto traders trading as they do. The owner of Punk 9998 was having a little fun with crypto derivatives. In other words, the transaction was a prank.
Even Larva Labs, the creator of the pixelated alien creatures, crossed out the sale, meaning it doesn’t actually count.
So what exactly happened? For starters, the seller and the buyer in this translation are one and the same. In traditional finance, this is known as a wash trade—a type of illegal market manipulation meant to make an item appear more valuable than it actually is.
Second, the funds for the wash trade came via a “flash loan.” If you’re not familiar what a flash loan is—and why would you be?—it is a type of unsecured lending that has become hugely popular in the world of decentralized finance, or DeFi for short.
Larva Labs, CryptoPunks 2, 532, 58, 30, 635, 602, 768, 603 and 757. Photo courtesy Christie’s.
Ethereum-based DeFi exchanges, such as Compound and Uniswap, make available a ton of their liquidity which anyone can “loan” for the duration of a single transaction. Flash loans use smart contracts (bits of computer code uploaded onto a blockchain) to set out the conditions and terms of the loan.
The idea is this: You borrow the funds, construct a complex transaction doing whatever you want using the funds, and pay it back at the end of the transaction. The contract checks whether the “loan” has been paid back. If it hasn’t, the transaction is reversed, as if it never happened, and the funds are returned to the lender.
It all sounds like a low-risk proposition for lenders and borrowers, but the truth is flash loans are commonly used by hackers to exploit loopholes in poorly written contracts and steal millions of dollars. Just last week, hackers made off with $130 million from DeFi protocol Cream Finance using a large flash loan transaction.
“Flash loans only exist for manipulative purposes,” Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley who has followed crypto since 2011, told Artnet News. “The primary usage is to provide enough money to launch an exploit, but doing wash-trading seems like a perfectly cromulent use as well.”
Here is how the wash trade went down with Punk 9998: On Thursday, the person in charge of the Ethereum address beginning with “0xef76” sent the CryptoPunk NFT to another Ethereum address starting with “0x8e39.” You can see that transaction here.
A short time later, “0x8e39” sold the NFT to an address starting with “0x9b5a” for 124,457 Ether, worth $532 million.
Where did the buying address get the money from? It flash borrowed a massive amount of crypto from three sources, but most of it (87,000 Ether) came from Compound. (You can see its flash loan contract here.)
The selling address then immediately sent the 124,457 Ether back to the buyer, who paid off the loans. Once that was done, the buyer returned the NFT back to where it all started, and the NFT was put back up for sale again—for double the amount of the wash trade!
If it sounds a tad dishonest, well, yes. You could call it performance art if you’re feeling indulgent. Without knowing who controls those addresses, we’ll never know the real motivation behind the stunt. The owner didn’t make any money off the trade, although it did cost them about $800 in transaction fees.
“PSA: This transaction (and a number of others) are not a bug or an exploit, they are being done with ‘Flash Loans,’ Larva Labs said in a Tweet Thursday night. “In a nutshell, someone bought this punk from themself with borrowed money and repaid the loan in the same transaction.”
Apparently, this wasn’t the first time people have used flash loans to try and purchase CryptoPunks. “Some recent large bids were done the same way,” Larva Labs said. “So, while technically briefly valid, the bid can never be accepted. We’ll add filtering to avoid generating notifications for these kinds of transactions in the future.”
In the meantime, if you want to buy Punk 9998, it could be yours for $1 billion (250,000 Ether), the current price the owner is now offering it for. Sadly, you likely won’t be able to purchase it with a flash loan though.

Share
By In partnership with 50 United Nations Plaza, Oct 15, 2021
By , Nov 4, 2021
By , Oct 20, 2021
©2021 Artnet Worldwide Corporation. All Rights Reserved.var w = Math.max(document.documentElement.clientWidth, window.innerWidth || 0),
h = Math.max(document.documentElement.clientHeight, window.innerHeight || 0),
pagetype = document.querySelector(‘meta[property=”og:type”]’).getAttribute(“content”),
pagetypeurl = document.URL,
pagetypeforce = pagetypeurl.substr(pagetypeurl.length – 3);
isnewsletter = pagetypeurl.includes(“?page_1”);
w = pagetype + 20 * Math.round(w / 20), h = pagetype + 20 * Math.round(h / 20), googletag.cmd.push(function() {
googletag.pubads().setTargeting(“width”, w), googletag.pubads().setTargeting(“height”, h), 1 == isnewsletter && googletag.pubads().setTargeting(“isfirstpage”, [‘Y’, pagetypeforce] )
});
(function defernl() {
if (window.jQuery) {
if (jQuery(window).width() > 619) {
setTimeout(function() {

var cookieSettings = {
recentlyShown: {
expiration_minutes: 5
},
signedUp: {
expiration_days: 14
},
closedSignupBar: {
expiration_days: 5
}
};

var generalSettings = {
loadFontAwesome: false
};

if (!window.jQuery) loadJQuery();
var $ = window.jQuery;

function addCss(fileName) {
var head = document.head
, link = document.createElement(‘link’);

link.type = ‘text/css’;
link.rel = ‘stylesheet’;
link.href = fileName;

head.appendChild(link);
}

‘;

$(‘body’).append(signup);
}

var paywallPagesRegex = /^/subscribe|subscribe-confirm|my-account(/|$)/;

function initNewsletterSignup() {
// don’t show it on paywall-related pages where the user might be in the process
// of subscribing, or managing their account
if (paywallPagesRegex.test(window.location.pathname)) {
return;
}

// Append ouibounce to page
var ouibounceScript = ”;
$(‘body’).append(ouibounceScript);

// Add animation css
addCss(‘https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css’);

if (generalSettings.loadFontAwesome) {
addCss(‘https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css’);
}

// Check if ouibounce exist before calling ouibounce
var initOuibounce = setInterval(function() {
if (typeof ouibounce !== ‘undefined’) {
appendNewsletterSignup();

var $modal = $(‘#ouibounce-modal’);
SignupForm.init($modal.find(‘form’), function onSuccess() {
//hide form fields and show thank-you message
$modal.find(‘.form-row’).hide();
$modal.find(‘.newsletter-signup-thank-you’).fadeIn(‘fast’);

setNewsletterCookie(‘signedUp’, 1);

//after successful signup, hide the signup bar after 5 seconds
setTimeout(function() {
closeSignupBar();
}, 5000);
});

// Handler for close signup button
$(‘body’).on( ‘click’, ‘.close-signup’, function(){
setNewsletterCookie(‘closedSignupBar’, 1);
closeSignupBar();
});

ouibounceAPIaccess = ouibounce(
$modal[0], {
aggressive: true,
sensitivity: 50,
callback: function() {
slideInModal(‘Down’);
}
}
);

clearInterval(initOuibounce);
}
}, 100);
}

function slideInModal(upOrDown) {
$(‘#ouibounce-modal’)
.removeClass(‘slideOutDown slideOutUp’)
.addClass( ‘slideIn’ + upOrDown );

setNewsletterCookie(‘recentlyShown’, 1);
}

function setNewsletterCookie(cookieName, value) {
//exdays*24*60*60
var settings = cookieSettings[cookieName];
var expirationMinutes = settings.expiration_minutes;
if (!expirationMinutes) {
expirationMinutes = daysToMinutes(settings.expiration_days);
}
setCookie(cookieName, value, expirationMinutes);
}

function daysToMinutes(numDays) {
return numDays * 24 * 60;
}

/**
* Generic setCookie() method, used by setNewsletterCookie().
* There is probably no need to call this directly – use setNewsletterCookie().
*/
function setCookie(cname, cvalue, expMinutes, prefix) {
//default prefix is ‘artnet_newsletter_’
if (prefix == undefined) {
prefix = ‘artnet_newsletter_’;
}
var d = new Date();
d.setTime(d.getTime() + (expMinutes*60*1000));
var expires = “expires=”+d.toUTCString();

//console.log(prefix + cname + “=” + cvalue + “;” + expires + “;path=/”);
document.cookie = prefix + cname + “=” + cvalue + “;” + expires + “;path=/”;
}

function closeSignupBar() {
var $modal = $('#ouibounce-modal');
$modal.addClass( $modal.hasClass('slideInUp') ? 'slideOutDown': 'slideOutUp' );
}

function loadJQuery() {
var script = document.createElement('script');
script.src = "https://code.jquery.com/jquery-3.1.1.min.js";
script.integrity = "sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=";
script.crossorigin = "anonymous";
document.body.appendChild(script);
}

function checkCookies() {
//if any of these cookies are found, we don't show the modal.
var cookieNames = ['recentlyShown', 'signedUp', 'closedSignupBar','signup_cookie'];
var i = cookieNames.length,
found = false;
while (i–) {
if (getCookie(cookieNames[i]).length) {
found = true;
break;
}
}

if (!found) {
initNewsletterSignup();
}
}

var SignupForm = {
regex: {
email: /^([a-zA-Z0-9_.-])+@(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]{2,4})+$/
},

// Init – Anything you want to happen onLoad (usually event bindings)
// ——————————————————————-
init: function (formElement, onSuccess) {
var ctx = this;
ctx.customSerializer();
if (!onSuccess) {
throw Error('onSuccess callback is required');
}

var $form = $(formElement);
$form.submit(function(e){
e.preventDefault();

var $email = $form.find('.signup-email');
var valid = ctx.validate( $form, $email);
if(valid){
// Hide the errors
$form.find('.errors').children().hide();
// Submit the form
ctx.submit($form, onSuccess);
} else {
// Focus on the email input box
$email.focus();
// Show email validation error and hide other errors
$form.find('.invalid-email').show().siblings().hide();
}
});
},

// FUNCTIONS
// ===================================================================

// Signup validation
// ——————————————————————-
validate: function( $form, $email ){
var ctx = this;
// Does the email match our regex?
return ctx.regex.email.test( $email.val() );
},

// Signup submission
// ——————————————————————-
submit: function($form, onSuccess) {
var ctx = this;
$.ajax({
type: $form.attr('method'),
url: $form.attr('action'),
data: JSON.stringify( $form.serializeFormJSON() ),
// dataType: 'json',
contentType: 'application/json; charset=UTF-8',
crossDomain: true,
timeout: 10000
})
.done(function(data, textStatus, jqXHR) {
onSuccess();
})
.fail(function(jqXHR, textStatus){
// Show signup failure error and hide other errors
$form.find('.signup-failed').show().siblings().hide();
});
},

// Extends jQuery with a function to serialize to JSON
// ——————————————————————-
customSerializer: function(){
$.fn.serializeFormJSON = function () {
var o = {};
var a = this.serializeArray();
$.each(a, function () {
if (o[this.name]) {
if (!o[this.name].push) {
o[this.name] = [o[this.name]];
}
o[this.name].push(this.value || '');
} else {
o[this.name] = this.value || '';
}
});
return o;
};
}
};

//show automatically after delay
setTimeout(function(){
var $modal = $('#ouibounce-modal');
//if there are cookies indicating that we shouldn't show the signup bar, then the modal won't have been added to the page
//and we can just return here.
if (!$modal.length) {
return;
}
//don't run this function if the user has already triggered the modal by leaving the viewport
if ($modal.hasClass('slideInDown')) return;

//position at bottom of screen
$modal.css({
top: 'auto',
bottom: 0
});

slideInModal('Up');
$modal.show();

},20000); //20 seconds

$(function() {
checkCookies();
});

}, 7500);
}
} else {
setTimeout(function() { defernl() }, 250);
}
})();

source