Part 1

Being a UMich student the source of this photo was a quick Google search away. However, if someone did not recognize this photo they could have possibly turned to Google reverse image search.
On to the next step:

Sorting by new we find a comment by “wolvsec account” giving us a domain to connect to…

Unfortunately, I forgot to record a screenshot of the output so I’ll have to borrow the parts helpfully archived over here.

Notably, the “hackers” of our connection request for us to “send 500,000 Goerli here:
0x08f5AF98610aE4B93cD0A856682E6319bF1be8a6”. At this point, I started tracing this address for transactions. However, I should have paid attention to the message “Also all of you John OSINTs on twitter need to leave us alone” at the end of the terminal output. This would have led me to John OSINT on twitter who tweeted the base64 encoded flag wctf{uhhh_wh3r3_d1d_4ll_0ur_fl4gs_g0?}