It has been reported that the attacker, 0xNietzsche, teased the exploit on Twitter on Saturday morning, saying he anticipated making “$300,000 per hour” throughout the duration of the attack. He has since deleted the Tweets, saying that they came off as “douchey.”
Definitely sent out some regrettable tweets in the last few hours. After coming down & processing it all they do sound VERY douchey. — 0xNietzsche (@0xNietzsche) May 8, 2021
However, his attack essentially centered on “rerolling” his Meebit mints until the contract gave him one he wanted. The Meebits contract includes a zipped Interplanetary File System file, one which reveals the characteristics of each Meebit’s ID. The IDs of the remaining Meebits are public knowledge, but until knowledge of the IPFS leak spread, their characteristics were not.
As a result, 0xNietzsche simply needed to make a list of desirable IDs, and design a contract that minted Meebits over and over, but cancelled the transaction if he didn’t get a favorable ID. An Etherscan address shows 345 total transactions, hundreds of which are failed “rolls” to obtain desirable Meebits. The only successful roll appears to be for Meebit 16647, a “visitor” or alien. 16647 was bought by the collector-whale Pranksy for 200 ETH. Per Opensea, the next lowest-price Visitor Meebit is listed for 300 ETH.
The report said that in a pinned post in their Discord, Larva Labs announced that they have since shut down the marketplace.
The announcement read:
“We have temporarily paused community minting and trading in the Meebits contract. The contract is safe, all Meebits are safe, and trading is working just fine.”
Likewise, while the Meebits minting period was scheduled to conclude yesterday, some CryptoPunk and Authglyphs owners may not have redeemed theirs yet. As a result, the Larva Labs team plans to “provide a form where you can use your wallet to sign a message that proves ownership of your punks/glyphs, and we’ll mint the Meebits for you using the ‘devMint’ function,” allowing users to continue to mint through the weekend while preventing others from utilizing the exploit.
An attacker used a combination of a data leak and a clever contract to nab a Meebit worth over $700,000 this morning — but what does it mean for the price of other Larva Labs projects? @Blockanalia reports. https://t.co/aWMmsvABvI — Cointelegraph (@Cointelegraph) May 8, 2021
By 0xNietzsche’s own estimations, his exploit could have been far more successful. Per posts in the Discord, given the length of the attack before the market shutdown, he felt he “should’ve gotten two meebs in that time.”
He also noted that his contract cost “~$20k an hour in gas fees” and that he had to purchase punks with unredeemed Meebits in order for the exploit to work, meaning his total haul was reduced due to associated costs. In a now-deleted Tweet, he said he raked in “50 ETH and 5-floor punks” from the exploit.
Thus, the community has publicly debated what this will mean for prices across the Meebits and wider Larva Labs space, as many believe that the exploit could, paradoxically, increase floor prices for the projects due to “narrative.”