The AkuDreams development team has locked up $33 million

An attack and a smart contract problem have disrupted the auction for a highly anticipated NFT project, leaving the team with $33 million that cannot be accessed.

Over 11,500 Ether (ETH) worth nearly $33 million was locked forever within a smart contract, inaccessible even to the development team, in the highly anticipated nonfungible token (NFT) project Akutars over the weekend due to both an exploit and a bug.

Exchange: Click here to check the best crypto exchanger

The exploit, on the other hand, was carried out by someone who wanted to expose a flaw in the project rather than take money through a hack.

On Friday, the project went live with a Dutch Auction, a sort of auction in which the price drops until a bid is received, with the first bidder winning the sale as long as the price is over the reserve.

0xInuarashi, a creator of many NFT projects, revealed in a Saturday Twitter thread that Akutars’ smart contract was built such that reimbursements to bidders had to be processed first before the team could withdraw any cash.

The contract said that the team must submit a certain number of offers before being allowed to withdraw, however the minimum number of bids was set to equal the number of NFTs available for auction.

Unfortunately, the conditions of the contract imply that the approximately $33 million in ETH will never unlock due to some bidders minting several NFTs in the same offer.

Developers reached out to the Akutars warning that their contract may be attacked, according to a now-deleted tweet provided by DeFi developer foobar, but they appeared to dismiss them totally, labeling the possible vulnerability a “feature.”

During the mint, an unidentified person performed a “griefing contract,” which prevented the Akutars contract from processing refunds to underbidders. The individual even sent a message to the Akutars team on the blockchain, stating that the contract will be terminated:

Well, this was amusing; I had no intention of profiting from it. I wouldn’t have used Coinbase otherwise. I’ll remove the barrier as soon as you guys openly confirm that the exploit exists.

Akutars quickly replied by accepting responsibility for the code, claiming that the attack “was not done maliciously” and that the individual “wanted to raise attention to acceptable practices for highly public projects.”

Micah Johnson, the project’s founder and former pro-baseballer, apologized to the community in a tweet the same day, saying that despite letting them down, he will “continue to build brick by brick” and strive relentlessly to avoid any future troubles.

Related: Check out the latest crypto news

The company also said that pass holders would receive 0.5 ETH refunds and that successful bidders will receive the NFT through airdrop.

The team announced in a Sunday update that they have rebuilt their minting contract, which was then inspected by numerous developers, and that they plan to mint on Monday.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x