Connect with us

NFT

By Leveraging Marketplace Exploit

, Attacker Hacks Arbitrum’s Treasure DAO for More Than 100 NFTs

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit

A non-fungible token market platform built on top of Arbitrum called Treasure DAO was hacked on March 3 at 7: 33 a.m. (EST), according to a post mortem analysis authored by the security-focused firm Certik. The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the marketplace’s “buyer buy item” function.

Post Mortem Analysis by Certik Shows Arbitrum NFT Trading Platform Treasure DAO Exploited for More Than 100 NFTs

The leading Arbitrum NFT marketplace Treasure DAO was attacked on Thursday after an attacker discovered an exploit that resulted in the loss of “more than 100 NFTs from unsuspecting users.” The post mortem analysis of the attack was sent to Bitcoin.com News from the blockchain security firm Certik, a company that analyzes, monitors, and assesses smart contracts, blockchain tech, and decentralized finance (defi) protocols.

An unknown attacker exploited Treasure DAO to steal NFTs from Arbitrum’s trading platform. Certik’s analysis explains. “The exploit resulted in the loss of more than 100 NFTs from unsuspecting users. Many stolen NFTs were recovered .”

after an initial analysis and trace of the hacker’s wallet via Twitter.

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit
“The attacker took advantage of an error in the marketplace’s Buyer.buyItem function, which allowed them to set the _quantity equal to 0,” Certik’s post mortem says. “With a quantity equal to 0, totalPrice also equals 0, since totalPrice = pricePerItem quantity. This means that the attacker did not pay for the NFTs they allegedly purchased. This bug could be resolved by requiring a greater than 0 value for the _quantity variable.”

Additionally, Certik’s analysis of the Treasure DAO situation notes that the protocol’s native token MAGIC shed over 40% in losses against the U.S. dollar. Treasure DAO co-founder John Patten also tweeted about the event after the attacker stole the funds. “Treasure market is being exploited. Please remove your items from the Treasure Marketplace. Patten stated that we will pay for the exploit costs. He also said that he would give up all his Smols in order to fix this. Co-founder of Treasure DAO, Patten added:

I cannot fathom what subhuman targets a fair launch marketplace for robbery, but they will not defeat the community.

Certik – On-Chain Analysis, Pre-Deployment Audits and Future Blockchain Protocol Exploits

Certik security experts say no one knows the source of the exploit, but they add that many users would “just be glad to see their stolen NFTs back.” A post-mortem review by the company concludes that even one line of code can cause significant losses. Firm believes that pre-deployment audits and on-chain monitoring can prevent future vulnerabilities.

” This hack once more highlights the multi-million-dollar ramifications that one line of code can have,” Certik’s final report states. Web3 projects should conduct a thorough pre-deployment audit, which is paired with on-chain analysis, to show their security commitment and assure customers that their funds are safe .”

What do you think about the Treasure DAO hack and Certik’s post mortem report? Please comment below to let us know your thoughts on this topic.

Jamie Redman

Jamie Redman, the News Lead at Bitcoin.com News, is a Florida-based financial journalist. Redman has been an active member of the cryptocurrency community since 2011. Redman is passionate about Bitcoin, open-source codes, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This article is not intended to be a solicitation or offer to buy or sell any products or services. Bitcoin.com does not provide investment, tax, legal, or accounting advice. The author and the company are not responsible for any loss or damage resulting from or in connection to the content, goods, or services discussed in this article.

Read More

NFT

Florida Teens Charged in $4M Las Vegas Crypto Kidnapping

Florida teenagers are facing charges of kidnapping and stealing $4 million in cryptocurrency and non-fungible tokens. Teenagers to Be Tried As Adults Three Florida teenagers are reportedly facing charges of kidnapping and stealing $4 million in cryptocurrency and non-fungible tokens (NFTs) from a Las Vegas-based man…
Read More

Continue Reading

NFT

Nike is facing a lawsuit from people who bought its NFTs

Wes Davis

Wes Davis is a weekend editor who covers the latest in tech and entertainment. He has written news, reviews, and more as a tech journalist since 2020.

A group of people sued Nike this week over its decision to wind down its virtual show project RTFKT last year. The buyers of the digital assets accuse Nike of causing “the rug to be pulled out from under them,” and say they wouldn’t have bought its NFTs if they’d known they were “unregistered securities,” reports Reuters.

Filed in New York’s Eastern District, the proposed class action lawsuit seeks “unspecified damages of more than $5 million for alleged violations of New York, California, Florida and Oregon consumer protection laws.”

Nike tried to jump into the NFT game by buying RTFKT in 2021. But, like Starbucks Odyssey, it never quite worked out and the company abandoned the idea, announcing in December via the RTFKT X account that it planned to “wind down RTFKT operations” by the end of January this year.

Since then, RTFKT has seemingly been maintained by a single person named Samuel Cardillo, who spent Thursday posting through the sudden disappearance (and later reappearance) of artwork for its CloneX NFTs project.

Read More

Continue Reading

NFT

Report: SEC Concludes Opensea Probe, Drops Enforcement Threat Over NFTs

The U.S. Securities and Exchange Commission (SEC) has reportedly ended its investigation into Opensea and will not pursue enforcement action against the non-fungible token (NFT) marketplace over allegations that its NFTs constituted unregistered securities, the company confirmed to Bloomberg this week. Following Coinbase, SEC Ends OpenSea Investigation Under Trump’s Regulatory Climate Opensea…
Read More

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.