“Honeypot Bitch”: How Crazy Guys Tricked Bots into Spending $250,000 on Fake NFTs
by James · April 24, 2023
Crazy boys is talking about NFT world right now, and will be the busiest mint for any profile picture project (PFP) in months and tops the broader market this weekend. But the decline itself proved dramatic, as bots overwhelmed the coin and forced a 24-hour delay.
However, the “Mad Lads” behind the project lived up to their namesake and fought back, tricking scammers into spending over $250,000 worth of SOL on a fake coin. It was all refunded, but the move apparently kept more of the NFT drop supply for people who actually wanted to be part of the project – and away from those who were trying to make as many NFTs as possible as a quick flip for profit.
“We decided we had to fight the bots,” Coral CEO Armani Ferrante told me Decrypt“and we had to do it for the sake of the project.”
Ferrante said that as the mint approached early last week, he began receiving Telegram messages from an unknown party attempting to blackmail Coral, claiming they could “take down” Coral’s Backpack app and botch the fall.
According to Ferrante, the person effectively threatened a distributed denial-of-service (DDOS) attack to overwhelm the coin with requests, and demanded payment to withdraw.
“We didn’t have the money. We are strapped for cash – we are fighting to survive,” said Ferrante, referring to over 70% of the funds that Coral raised in its $20 million strategic round last autumn is unavailable due to FTX’s collapse.
But Ferrante also described the dilemma as more than just a financial one – it was a struggle for the future of the project, to build an organic community of collectors who participated in the mint.
Coin chaos
High-profile NFT coins are often targeted by users using bots, or automated programs that flood the coin program with requests and attempt to purchase an unreasonable amount of assets. It is usually done to reverse the secondary market in the midst of post-mint buzz.
Bot attacks associated with NFT drops have took down the Solana network earlier, but even when the technology is running smoothly, a bot-dominated coin means that potential collectors and users with a real affinity for the project are sometimes unable to create. Curated approval lists of authorized wallets can help, but introduce their own inequities into the minting process.
Mad Lads held an approval roll on Wednesday and everything went according to plan. But when the public coin for the rest of the NFT supply was set to begin on Thursday, Ferrante said the DDOS attacks began immediately.
The Mad Lads coin was briefly suspended several times on Thursday as Coral attempted to mitigate the attacks. The Solana network remained online, but other chins appeared as RPC providers had issues and CoinGecko’s pricing API Went down. Ferrante described it as a “domino effect” as “billions of requests” were directed at the Mad Lads coin and began to wreak havoc.
“There was basically this cat-and-mouse game that started happening where the attacker was trying to reverse engineer their code,” Ferrante said Decrypt“and we would change the antibody tactics and go back and forth, and back and forth.”
Billions of requests. Things that went wrong.
– crushed by ddos (and extortion)
– coinecko api down
– Twitter whitespace broken
– cloudflare ui broken
– rpc node 1 data center robust
– rpc node 2 cannot handle capacity
– bots trying to incubate the public phaseFuck it.
— Mad Armani 🎒 (@armaniferrante) 21 April 2023
Coral finally pushed the coin by 24 hours until Friday night, instead of just going ahead and letting botters claim an unfair share of the NFTs. Ferrante’s team spent the extra time figuring out how to better protect against botting attacks—including a new type of strategy.
Into the honey pot
When the Friday coin was about to start, the DDOS flood started again. This time, Coral sent two back-to-back updates to the coining app: one that was legitimate and pointed to the real NFT coining process, which was referenced in the public coin interface, and another that could only be found by reverse – development of the code.
It pointed to a “honey pot” – effectively, an isolated distraction designed to trick botters into blowing their SOL on a fake coin and receiving nothing of value in the process. The fake contract soaked up over $250,000 worth of SOL, and those users trying to gain an unfair advantage in the coin were not in the mix when the legitimate public NFT decline began moments later.
“HONEYPOT BITCH,” The Mad Lads Project tweeted Fridayand points to a Solana network account that held the funds obtained from counterfeit mint.
Ferrante told Decrypt that it is possible that some legitimate users were caught by the fake coin. Some users on Twitter said they followed the rules and ended up with a useless NFT, but in the pseudonym Web3 world, it can be difficult to investigate the legitimacy of complaints on social media.
Still, Ferrante said he’s sure it was mostly users trying to gamble the coin. That’s because minters would have had to manually create code to mint the NFTs after reversing the contract code, he said, thus pointing to more sophisticated users going outside the normal process.
Ultimately, the honey jar was designed to distract and thwart botters and not steal funds – so refunds were processed hours after the coin ended.
Whether this type of strategy will work again for future NFT releases is unclear, as the cat-and-mouse game continues. But Ferrante believes the surprise tactic helped Mad Lads reach more of its intended audience, and the drama and excitement no doubt contributed to buzz around the project as it topped the NFT charts at the weekend.
“In real time, we fought against these guys who tried to push us at the beginning of the week,” Ferrante concluded. “And it was kind of this very euphoric, crazy event. It was honestly one of the most stressful times of my life.”