The Akutar Mint Pass series launched on the Ethereum blockchain last week. However, the collection was affected by a major flaw in its smart contract design, which resulted in $34 million or 163 million reais being frozen.
Locked funds have not been stolen or compromised in any way, but have become inaccessible. That is, they can no longer be used by the creator or purchaser of the NFT.
Akutar is a collection of avatar NFTs created by former American baseball player Micah Johnson. The protagonist is Aku, a young black boy who dreams of becoming an astronaut. According to Johnson, the character was inspired by his nephew’s dream.
15,000 NFTs were randomly created on Ethereum. The first 9,500 NFTs were spoofed by users, and the remaining 5,500 were released on Friday (22nd). Works started trading at 3.5 Ether (around $10,350 at press time), but the price has gradually declined.
About the project
However, a Twitter user named Hasan warned of problems with smart contracts hours after the series was published. He warned about the problem but claimed he was accused of making mistakes and causing panic among investors.
The Akutar team also stated that there are safeguards against such eventual failures. But another user named User221 took advantage of this issue and attacked the contract. The attack apparently prevented Ethereum withdrawals and contract refunds.
People think I’m doing this for confusion, influence
There is a worrisome bug in the contract, not sure if anyone has exploited it, but I’ve posted a PoC since it’s closed. https://t.co/6GxvvGb59z
— Hassan (@notchefbob) April 22, 2022
prove me right
However, this attack was not intended to steal platform funds. Instead, attackers aim to warn contracts of risks. Funds are not stolen, but locked in smart contracts.
So much so that the attacker left a note to project developers stating that the block contained the vulnerability. The note urges Akutar developers to “please bounty those who find bugs in their contracts or at least audit them.”
The author of the attack, User221, sent a separate note attached to the Ethereum transaction. He confirmed he was responsible and said he could unlock the 163 million reais captured. However, he made an unusual request.
“Well, that’s funny, I have no intention of really exploring that lol,” he scoffed. “Otherwise, I wouldn’t use Coinbase. As soon as you publicly admit to being flawed, I will delete the block immediately.”
In short, the user intercepts only to prove he is right, and the collection team ignores the risk. In fact, Akutara’s contract was released some time later.
The project started working again, but then another glitch occurred. Affecting developers’ smart contract code, teams cannot handle multiple NFT tasks in the same transaction. Therefore, the contract requires the numbers to line up correctly to activate any form of withdrawal.
Ultimately, the end result was 11,539 ETH locked in automated smart contracts. Only this time instead of a test or an alert, it’s the actual block. At the time of writing, the creators of Akutar were unable to withdraw any funds from the sale.
The glitch also affected NFT owners who lied about the NFT Akutar Mint Pass. None of them can receive the 0.5 ETH refund they promised before minting. The average price of NFTs that were once over 4 ETH fell to just 0.11 ETH.
- Akutars NFT drops after contract fails. Source: OpenSea.
Aku’s next step
The Akutars team confirmed the failure via their Facebook account on Friday. Twitter. According to the developers, user User221 was simply trying to help diagnose a flawed smart contract.
“The exploitation in the contract was not malicious. The person intended to draw attention to the highly visible design and best practices of the new mechanism. They actually quickly released the contract and took ownership after we discovered it,” the source said.
In addition to funds unavailable to NFT owners, the creators of Akutar will refund ETH through funds withdrawn from the treasury separate from previous sales. The team has also prepared a separate new smart contract, the code of which has been released to the public. This contract will allow access to the collection of NFTs.
Also read: Polkadot is primed for a massive drop, traders point out
Also read: Central African Republic is the first country in Africa to adopt Bitcoin as a means of payment
Also read: Bitcoin falls to $38,000, cryptocurrencies are in the red. Token rose 5% in 24 hours, attracting market attention