The NFT market built on Arbitrum – TreasureDAO was hacked yesterday. The attackers gained access to hundreds of different non-exchangeable tokens due to a bug in the protocol that allowed you to knock out NFT for free.
In the last year, NFTs have soared in popularity among investors. However, they also attracted a slew of fraudsters and crooks, as is customary. This time, they made use of TreasureDAO, a non-exchange token market built on the Layer 2 Arbitrum protocol.
According to the cybersecurity firm, hackers gained access to over 100 different NFTs. The hack was supposed to be caused by “a mistake in the buyItem() method that wrongly calculates the price of ERC721 as ERC1155 with a (untrusted) provided amount of 0”.
The actual magnitude of the losses is unknown at the moment. Nonetheless, multiple social media posts indicate that one of the hack’s addresses extorted 17 Smol Brains NFT.
The total worth of these NFTs, according to the Treasure platform’s values, is around 426.5 thousand MAGIC – the protocol’s native token. This amount of MAGIC is currently valued at $1.4 million. The token fell from $3.82 to $2.55 following the attack before quickly rebounding to $3.3.
TreasureDAO co-founder John Patten confirmed the attack:
The protocol’s creators apologised for their mistake, revealing in a Discord post that the vulnerability was caused by a previous fix and should have been spotted sooner.