Connect with us

NFT

By Leveraging Marketplace Exploit

, Attacker Hacks Arbitrum’s Treasure DAO for More Than 100 NFTs

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit

A non-fungible token market platform built on top of Arbitrum called Treasure DAO was hacked on March 3 at 7: 33 a.m. (EST), according to a post mortem analysis authored by the security-focused firm Certik. The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the marketplace’s “buyer buy item” function.

Post Mortem Analysis by Certik Shows Arbitrum NFT Trading Platform Treasure DAO Exploited for More Than 100 NFTs

The leading Arbitrum NFT marketplace Treasure DAO was attacked on Thursday after an attacker discovered an exploit that resulted in the loss of “more than 100 NFTs from unsuspecting users.” The post mortem analysis of the attack was sent to Bitcoin.com News from the blockchain security firm Certik, a company that analyzes, monitors, and assesses smart contracts, blockchain tech, and decentralized finance (defi) protocols.

An unknown attacker exploited Treasure DAO to steal NFTs from Arbitrum’s trading platform. Certik’s analysis explains. “The exploit resulted in the loss of more than 100 NFTs from unsuspecting users. Many stolen NFTs were recovered .”

after an initial analysis and trace of the hacker’s wallet via Twitter.

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit
“The attacker took advantage of an error in the marketplace’s Buyer.buyItem function, which allowed them to set the _quantity equal to 0,” Certik’s post mortem says. “With a quantity equal to 0, totalPrice also equals 0, since totalPrice = pricePerItem quantity. This means that the attacker did not pay for the NFTs they allegedly purchased. This bug could be resolved by requiring a greater than 0 value for the _quantity variable.”

Additionally, Certik’s analysis of the Treasure DAO situation notes that the protocol’s native token MAGIC shed over 40% in losses against the U.S. dollar. Treasure DAO co-founder John Patten also tweeted about the event after the attacker stole the funds. “Treasure market is being exploited. Please remove your items from the Treasure Marketplace. Patten stated that we will pay for the exploit costs. He also said that he would give up all his Smols in order to fix this. Co-founder of Treasure DAO, Patten added:

I cannot fathom what subhuman targets a fair launch marketplace for robbery, but they will not defeat the community.

Certik – On-Chain Analysis, Pre-Deployment Audits and Future Blockchain Protocol Exploits

Certik security experts say no one knows the source of the exploit, but they add that many users would “just be glad to see their stolen NFTs back.” A post-mortem review by the company concludes that even one line of code can cause significant losses. Firm believes that pre-deployment audits and on-chain monitoring can prevent future vulnerabilities.

” This hack once more highlights the multi-million-dollar ramifications that one line of code can have,” Certik’s final report states. Web3 projects should conduct a thorough pre-deployment audit, which is paired with on-chain analysis, to show their security commitment and assure customers that their funds are safe .”

What do you think about the Treasure DAO hack and Certik’s post mortem report? Please comment below to let us know your thoughts on this topic.

Jamie Redman

Jamie Redman, the News Lead at Bitcoin.com News, is a Florida-based financial journalist. Redman has been an active member of the cryptocurrency community since 2011. Redman is passionate about Bitcoin, open-source codes, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This article is not intended to be a solicitation or offer to buy or sell any products or services. Bitcoin.com does not provide investment, tax, legal, or accounting advice. The author and the company are not responsible for any loss or damage resulting from or in connection to the content, goods, or services discussed in this article.

Read More

NFT

Melania Trump Unveils Personalized Mother’s Day Jewelry Plus Solana NFT

Former First Lady Melania Trump has announced a customizable $245 necklace, “Her Love & Gratitude,” to celebrate Mother’s Day on May 12, 2024; the necklace comes with a flower pendant, an adjustable chain, and options for personalization with names, initials, or dates. Buyers of the necklace will also receive a limited-edition digital collectible minted on [……
Read More

Continue Reading

NFT

Bitcoin.com Announces Launch of Verse Voyager NFTs With Exclusive Airdrop — Public Sale to Start April 24

Bitcoin.com, a trailblazer in the cryptocurrency domain since 2015, is thrilled to unveil the highly anticipated Verse Voyager NFT collection, which has officially launched with an exclusive airdrop of nearly 10% of the collection’s supply to early community participants. The public sale is scheduled to commence on April 24th at https://voyager.verse.bitcoin.com/
Read More

Continue Reading

NFT

Stepn Partners With Adidas to Issue Genesis Sneakers NFTs

Stepn, a lifestyle and move-to-earn application, partnered with Germany-based apparel company Adidas to issue the Genesis Sneakers NFT collection. The collection, which marks the start of a one-year collaboration between these organizations, comprises 1,000 NFTs inspired by Adidas’ “most iconic” running silhouettes and cobranded by the two companies…
Read More

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.