Hundreds of NFTs were stolen in the TreasureDAO exploit, carried out through a series of transactions. The attackers were able to take advantage of a bug in the protocol that allowed them to generate NFTs for free. Shortly after, the platform urged its users to remove their non-fungible tokens from the market.
TreasureDAO exploited
In another big blow to the NFT industry, the latest project to fall victim to a huge beach is TreasureDAO, the largest NFT marketplace on the layer 2 protocol, the Arbitrum.
According to the data by blockchain security and data analytics firm Peckshield, over 100 NFTs were stolen. The hack was due to “an error distinguishing ERC721 and ERC1155 in buyItem(), which miscalculates the price of ERC721 as ERC1155 with the given (unreliable) quantity 0”.
The full extent of the damage is still unclear, however, various social networks publications they suggest that one of the addresses used for hacking allegedly diverted 17 Smol Brains, which turn out to be popular NFTs traded on Arbitrum.
According to the prices listed on the Treasure platform, the total value of these NFTs is worth around 426.5k MAGIC, the protocol’s native token. At current prices, the value amounts to 1.4 million dollars. Following the exploit, MAGIC crashed from $3.82 to $2.55 on March 3 before recovering to the press time price of $3.3, according to data from CoinGecko.
3/ The hack is possible due to an error distinguishing ERC721 and ERC1155 in buyItem(), which miscalculates the price of ERC721 as ERC1155 with the given (unreliable) quantity 0. pic.twitter.com/D09lYbEmRL
— PeckShield Inc. (@peckshield) March 3, 2022
TreasureDAO Course of Action
While confirming the attack, Treasure DAO co-founder John Patten tweeted,
“The treasure market is being exploited. Remove your items from the list. We will cover the costs of the feat; I will personally give up all my Smols to fix this.”
After apologizing for the attack, the developers behind TreasureDAO revealed in a Discord post that the vulnerability was the result of a previous fix and should have been identified earlier.
Currently, the market has frozen and no trades are being executed. The team also clarified that the listings are safe and the code will be reviewed, after which the marketplace will re-implement the fixes.
The developers also confirmed that hackers had returned some stolen NFTs hours after the exploit. Furthermore, TreasureDAO will also propose remuneration options for platform users who do not receive NFTs. These options will be proposed to the community and voted on by the decentralized autonomous body.
SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive) – Use this link to sign up to receive $100 free and 10% off Binance Futures first month fees (terms).
PrimeXBT Special Offer: Use this link to sign up and enter the code POTATO50 to receive up to $7,000 on your deposits.
This post Hackers Exploit Arbitrum-Based Market Treasure: Over 100 Stolen NFTs
was published first on https://cryptopotato.com/hackes-exploit-arbitrum-based-marketplace-treasure-over-100-nfts-stolen/
