NFT Watchdog Group Sees Its NFT Collection Exploited
Oluwapelumi Adejumo - BeInCrypto
Rug Pull Finder, an NFT watchdog group that seeks to prevent fraud, hacks, and scams in the non-fungible token space, has seen its own NFT project exploited.
The collection titled Bad Guys is based on bad actors stealing NFTs. But a flaw in its smart contract made it possible for two people to mint 450 NFTs instead of the permissible one NFT per wallet.
Everyone – we are truly sorryAn exploit was shared with us 30 minutes before mint went live. After reviewing it with 3 different dev teams, we did not believe the credibility of the information sent to us…We were clearly wrong, and we are truly truly sorry https://t.co/ch0S7co8dA— Rug Pull Finder (@rugpullfinder) September 2, 2022
Rug Pull Finder announced the development itself, saying it was informed of the exploit 30 minutes before the mint went live, but they “did not believe the credibility of the information sent to.”
Meanwhile, community members made fun of the group’s inability to prevent the exploit, with crypto sec expert OKHotshot pointing out that the 400 NFT mint was technically not a hack or exploit because the contract allowed it.
Today RugPullFinder's nft contract was abused to mint 400 nfts instead of 1 per walletThis is cause the mint function is missing required checks. Security checks, gas optimizations also missingNot a hack or technically an exploit – contract allowed it but unethical still ..— OKHotshot (@NFTherder) September 2, 2022
Another community member took a shot at the group saying “(with a) bio stating ‘Premier source of information’ and ‘Investigating NFT projects’ it kind of blows my mind that they would launch a contract that could allow this to happen.”
Scott Mitchell questioned why the team proceeded with the mint when it got a report of a possible exploit 30 minutes before going live.
An exploit was shared with us 30 minutes before mint went live — What was shared for the 3 teams?It took 1 minute to look at WhitelistMint and see if you ran a tx with `chosenAmount` for a large in a single tx outside of a web UI before that wallet minted any it would work.— Scott Mitchell | sbmitchell.eth (@ScottMitchell18) September 2, 2022
Rug Pull Finder to Buy 366 NFTs for 2.5 ETH
Meanwhile, Rug Pull Finder appears to be finding solutions to the problem. An update shared on the situation confirmed that it has reached out to the wallets that took advantage of the exploit and offered 2.5 ETH to buy back the remaining 366 NFTs.
2/We have reached an agreement with the wallets that took advantage of the contract, agreeing to pay them 2.5ETH to purchase the remaining 366 NFTs.While they may have found an advantage, this is not a hack or scammers, etc. They found a bug, and they used it for profit.— Rug Pull Finder (@rugpullfinder) September 2, 2022
It described the incident as not a hack or scam since the wallets only saw an advantage in the bug and decided to use it for their profit.
It now plans to raffle off all the 330 NFTs it bought back from the wallet that was able to mint 400 NFTs in one transaction.
While Rug Pull Finder says the exploit of its NFTs was not a hack, research from Comparitech showed that malicious players have grabbed NFTs worth over $86 million this year alone.
The post NFT Watchdog Group Sees Its NFT Collection Exploited appeared first on BeInCrypto.
View full text