NFT Watchdog’s Own Collection Has Been Exploited
- NFT watchdog Rug Pull Finder, which specializes in prevention of hacks, frauds, scams, and exploits related to NFTs, saw its latest collection get exploited by hackers.
- The new collection by Rug Pull Finder was titled Bad Guys and was based on bad actors stealing NFTs from the holders of these blockchain-based tokens.
Irony is a deep-seated virtue of nature, and when it comes to the world of non-fungible tokens, NFT watchdog Rug Pull Finder, which specializes in prevention of hacks, frauds, scams, and exploits related to NFTs, saw its latest collection get exploited by hackers.
There is a significant surge in the number of such attacks being implemted in 2022 as recently, we saw the Discords of popular collections being attacked by hackers and it seems that the NFT industry is still not secure enough for crypto enthusiasts.
The new collection by Rug Pull Finder was titled Bad Guys and as the name suggests, the collection was based on bad actors stealing NFTs from the holders of these blockchain-based tokens. According to a series of Twitter posts, there was a flaw in its smart contract that caused attackers to make away with the money.
The flaw in the smart contract allowed two people to mint 450 NFTs instead of the permissible one NFT per wallet.
“An exploit was shared with us 30 minutes before mint went live. After reviewing it with 3 different dev teams, we did not believe the credibility of the information sent to us,”said Rug Pull Finder in a Twitter post on September 2, 2022.
Interestingly, a Twitter user pointed out that Rug Pull Finder had promised to use alphabot to prevent the users from prevent botting. The flaw was also pointed by another Twitter user as seen in the Twitter post below.
“Looks like if you haven’t minted yet you can pass an arbitrary quantity to the mint function without any issue,”said RugDoctor, a Twitter user in a post.
While Rug Pull Finder announced the attack itself in a Twitter post, adding that they were informed of the attack by a developer but cross-checked it 3 other developers and “did not believe the credibility of the information” that was sent to them.
There were several crypto and NFT community members who made fun of the Rug Pull Finder NFT project and also of the development team. The irony of the situation accelerated by the overconfidence of the team became a laughing stock for many.
According to a Twitter user OKHotshot who is also an NFT on-chain data analyst, this was not a hack but rather the contract allowed attackers to mint the 400 NFTs. However, it was still unethical to do so. He pointed out that “this is cause the mint function is missing required checks. Security checks, gas optimizations also missing.”
Another Twitter user pointed out that this means that it is “okay to cheat as long as nobody catches you.”