Akutars, the highly anticipated nonfungible token (NFT) project, was caused over 11,500 Ether (ETH), worth nearly $33 million, to be locked forever within a smart contract, inaccessible even to the development team.
It has been reported that the exploit was conducted by someone trying to show a vulnerability in the project and not steal funds via a hack. The project went LIVE on Friday with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price is above the reserve.
However, the auction opened at 3.5 ETH with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an “Aku Mint Pass” were also given a 0.5 ETH discount on each minted NFT.
The report said that 0xInuarashi, a developer of multiple NFT projects, explained Akutars’ smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds. The contract had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.
Likewise, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in ETH forever. Developers reached out to them warning that their contract could be exploited but appeared to shrug them off completely as they labeled the potential exploit a “feature.”
An unknown individual executed what’s known as a “griefing contract,” which locked the ability of the Akutars contract to process refunds to those who underbid. The individual even embedded a message on the blockchain to the Akutars team saying they would stop the contract:
“Well, this was fun, had no intention of actually exploiting this lol. Otherwise I wouldn’t have used Coinbase. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.”
Source: Cointelegraph