The AkuDreams development team seizes $33 million as a result of a smart contract bug

An attack and a smart contract problem have disrupted the auction for a highly anticipated NFT project, leaving the team with $33 million that cannot be accessed.

The highly anticipated NFT project Akutars was damaged by an exploit and a glitch over the weekend, resulting in the permanent locking of over 11,500 Ethereum (ETH) worth over $33 million within a smart contract, making it unreachable to even the development team.

However, the exploit was carried out by someone attempting to demonstrate a vulnerability in the project, not to steal funds via a hack.

The initiative launched on Friday, April 22, with a Dutch Auction, a sort of auction in which the price decreases until a bid is received, with the highest bid winning the sale as long as the price exceeds the reserve.

The auction began at 3.5 Ethereum, with only 5,495 of the available 15,000 NFTs available for purchase and a smart contract in place to repay underbidders. Additionally, holders of a “Aku Mint Pass” received a discount of 0.5 Ethereum on each minted NFT.

 

The $33 Million Bug

In a tweet on April 23, 0xInuarashi, a developer of numerous NFT projects, said that Akutars’ smart contract was written in such a way that reimbursements to bidders had to be processed before the team could withdraw any funds.

The contract had a clause requiring a minimum number of bids before the team could withdraw, however the minimum number of bids was set to equal the number of NFTs available for auction.

Regrettably, due to certain buyers minting several NFTs in the same bid, the contract’s provisions dictate that it will never unlock, effectively locking away approximately $33 million in Ethereum for good.

The heist

According to a now-deleted tweet published by DeFi developer foobar, the Akutars were contacted by developers warning that their contract may be exploited but appeared to shrug them off totally, referring to the potential exploit as a “feature.”

During the mint, an unknown individual executed a “griefing contract,” preventing the Akutars contract from processing refunds to underbidders. The individual even included a note on the blockchain instructing the Akutars team to terminate the contract:

“Well, this was enjoyable; I had no intention of abusing this in any way.” Otherwise, I would have stayed away from Coinbase. Once you openly disclose the existence of the exploit, I will instantly remove the barrier.”

Akutars then responded swiftly by accepting responsibility for the code and claiming that the vulnerability “was not done maliciously” and that the individual “wanted to draw attention to recommended practises for highly public projects.”

Micah Johnson, the project’s founder and former professional baseball player, apologised to the community in a tweet the same day, adding that he will “continue to construct brick by brick” and work relentlessly to avoid similar errors in the future.

Additionally, the company stated that it will be refunding 0.5 Ethereum to pass holders and airdropping the NFT to successful bidders.

In a Sunday April 24 update, the team stated that it had updated its minting contract, which was then audited by various developers, and intends to mint on Monday April 25.

 

Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.

Leave a Comment

Your email address will not be published. Required fields are marked *

Facebook
Twitter
Telegram

Recent Posts

Follow Us