Connect with us

NFT

By Leveraging Marketplace Exploit

, Attacker Hacks Arbitrum’s Treasure DAO for More Than 100 NFTs

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit

A non-fungible token market platform built on top of Arbitrum called Treasure DAO was hacked on March 3 at 7: 33 a.m. (EST), according to a post mortem analysis authored by the security-focused firm Certik. The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the marketplace’s “buyer buy item” function.

Post Mortem Analysis by Certik Shows Arbitrum NFT Trading Platform Treasure DAO Exploited for More Than 100 NFTs

The leading Arbitrum NFT marketplace Treasure DAO was attacked on Thursday after an attacker discovered an exploit that resulted in the loss of “more than 100 NFTs from unsuspecting users.” The post mortem analysis of the attack was sent to Bitcoin.com News from the blockchain security firm Certik, a company that analyzes, monitors, and assesses smart contracts, blockchain tech, and decentralized finance (defi) protocols.

An unknown attacker exploited Treasure DAO to steal NFTs from Arbitrum’s trading platform. Certik’s analysis explains. “The exploit resulted in the loss of more than 100 NFTs from unsuspecting users. Many stolen NFTs were recovered .”

after an initial analysis and trace of the hacker’s wallet via Twitter.

Attacker Hacks Arbitrum's Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit
“The attacker took advantage of an error in the marketplace’s Buyer.buyItem function, which allowed them to set the _quantity equal to 0,” Certik’s post mortem says. “With a quantity equal to 0, totalPrice also equals 0, since totalPrice = pricePerItem quantity. This means that the attacker did not pay for the NFTs they allegedly purchased. This bug could be resolved by requiring a greater than 0 value for the _quantity variable.”

Additionally, Certik’s analysis of the Treasure DAO situation notes that the protocol’s native token MAGIC shed over 40% in losses against the U.S. dollar. Treasure DAO co-founder John Patten also tweeted about the event after the attacker stole the funds. “Treasure market is being exploited. Please remove your items from the Treasure Marketplace. Patten stated that we will pay for the exploit costs. He also said that he would give up all his Smols in order to fix this. Co-founder of Treasure DAO, Patten added:

I cannot fathom what subhuman targets a fair launch marketplace for robbery, but they will not defeat the community.

Certik – On-Chain Analysis, Pre-Deployment Audits and Future Blockchain Protocol Exploits

Certik security experts say no one knows the source of the exploit, but they add that many users would “just be glad to see their stolen NFTs back.” A post-mortem review by the company concludes that even one line of code can cause significant losses. Firm believes that pre-deployment audits and on-chain monitoring can prevent future vulnerabilities.

” This hack once more highlights the multi-million-dollar ramifications that one line of code can have,” Certik’s final report states. Web3 projects should conduct a thorough pre-deployment audit, which is paired with on-chain analysis, to show their security commitment and assure customers that their funds are safe .”

What do you think about the Treasure DAO hack and Certik’s post mortem report? Please comment below to let us know your thoughts on this topic.

Jamie Redman

Jamie Redman, the News Lead at Bitcoin.com News, is a Florida-based financial journalist. Redman has been an active member of the cryptocurrency community since 2011. Redman is passionate about Bitcoin, open-source codes, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This article is not intended to be a solicitation or offer to buy or sell any products or services. Bitcoin.com does not provide investment, tax, legal, or accounting advice. The author and the company are not responsible for any loss or damage resulting from or in connection to the content, goods, or services discussed in this article.

Read More

NFT

NFT Sales Climb 7.33%, Mythos, Blast, and Solana Lead the Charge

Non-fungible tokens (NFTs) had quite the boost this week, with sales climbing by 7.33% compared to the previous one, totaling $77.13 million. The number of NFT sellers skyrocketed by 95.68%, while buyers surged 137.48%, giving the market a noticeable lift. NFT Gains: Digital Collectible Buyers Increase by 137% as Sales Hit $77.13M After several weeks [……
Read More

Continue Reading

NFT

SEC Hits Flyfish Club With Charges for Unregistered NFT Offering

The U.S. Securities and Exchange Commission (SEC) has charged Flyfish Club for conducting an unregistered offering of crypto asset securities through non-fungible tokens (NFTs), raising $14.8 million for an exclusive restaurant project. “Flyfish agreed to a cease-and-desist order, to pay a $750,000 civil penalty, and to comply with certain undertakings,” the regulator noted…
Read More

Continue Reading

NFT

NFT Sales Drop 7.91% as Buyers and Sellers Pull Back Sharply

Over the past seven days, non-fungible token (NFT) sales have dipped once again, sliding 7.91% compared to the previous week. The number of NFT buyers has taken a notable hit, plummeting 73.46%, and sellers are following suit, down 61.18% from last week. NFT Sales Total $74.86M in a Week Marked by Buyer Decline In the [……
Read More

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.