NounsDAO on the Brink of Treasury Division Split Amidst 'Rage Quit' Uprising by NFT Holders
Web3 Developers Remain Enthusiastic Despite the Chilly NFT Trading
Reddit Unveils Exciting New NFTs while Crypto Twitter Leaves Threads Unread
In a funny turn of events, Rug Pull Finder (RPF), a watchdog for nonfungible tokens (NFTs) that looks for Web3-based fraud, has fallen victim to its own smart contract exploit.
According to a Sept. 2 post on Twitter by the NFT investigator, two people took advantage of a technical flaw in the project during the free mint stage and stole 450 of the possible 1,221 NFTs, which were only supposed to be given to one wallet at a time.
As discussed on our Twitter space's earlier today -
— Rug Pull Finder (@rugpullfinder) September 2, 2022
We messed up. We messed up big. Our contract had a flaw that allowed 2 people to scoop up over 450 NFTs.
Here is what we are doing to fix it 🧵
RPF says that their smart contract had a flaw in the code that could be used by the bandits to give themselves more than the allowed number of NFTs.
Soon after the exploit, the RPF team took steps to fix the problem. They made a deal with one of the people involved to pay them a bounty of 2.5 Ether (ETH), which was worth $3,944.68 at the time this was written, to recover 330 of the NFTs. This deal was accepted.
The crypto investigators said that the exploiters "did negotiate in good faith and let us come up with a reasonable solution with them."
The free mint, called "Bad Guys," had artworks of NFT "scammers who got loose on the blockchain by accident."
Before the fall 10,000 NFT collection, this collection is a "whitelist" or "pre-sale" for members.
Having a Bad Guy NFT gives you access to the mint, the RPF main drop, and other projects that are still in the works.
Warnings ignored
The watchdog group admitted that the exploit happened because they didn't listen to warnings about the flaw that came from an unknown source 30 minutes before the mint went live.
"After reviewing it with three different dev teams, we did not believe the credibility of the information sent to us... We were clearly wrong, and we are truly, truly sorry," RPF said.
Admitting a mess up is rare and accountable. Bravo RPF. You are to be commended. The last few months I have seen token contracts with flaws, bad code and as of yesterday suspect code for anyone to take advantage of and not one of those devs said what you guys just stated 💯👏🏼💪🏼
— Figs (@CryptoRoog) September 2, 2022
The NFT investigator said that the art and contract work was done by the digital blockchain creative agency Doxxed Media. Doxxed Media admitted that it "did not have our team or an independent third party audit it."
The crypto community has noticed the irony of the exploit. Some have praised the NFT investigator for admitting its mistake, while others have asked how a company that specializes in finding weaknesses in smart contracts didn't do the right checks on its own project.
I think its concerning when security minded projects like RugPullFinder get their discord breached and their code exploited yet they're offering those exact services to customers. What do you think? pic.twitter.com/zJRWUXqic5
— OKHotshot (@NFTherder) September 2, 2022
But RPF has been able to get their NFT project back on track after a rocky start.
RPF talked to their online community and decided to put the recovered NFTs in different places, like the "Bad Guys Vault," a raffle on Twitter, and two more raffles for projects that are friends of Rug Pull Finder and the Rug Pull Finder public sale wallet collection list.
========
