NFT Watchdog took advantage immediately after minting of its own collection
As bad actors continue to carry out hit-and-run attacks on projects in the crypto space, it was inevitable that watchdogs, auditors and the like would also become more sought after.
One such auditor is Rug Pull Finder, an NFT watchdog that investigates alleged scams on demand and attempts to keep the community updated via Twitter.
Unfortunately, it appears that the community was unable to revise any of the protocol’s own work until it was minted in its own NFT collection.
Whitelist Mint compromised
Recently, the RPF decided to create a collection of NFTs called “Bad Guys”, meant to represent NFT fraudsters in various tongue-in-cheek situations. This digital art was intended to act as a whitelist for another NFT drop coming later this fall. Due to its intended function as a whitelist, embossing should be limited to one per wallet.
Unfortunately for RPF, the coin was compromised by exploiters who managed to obtain over 450 NFTs out of a total of 1221 in a short period of time.
As discussed on our Twitter space earlier today –
We messed up. We made a big mess. Our contract had a bug that allowed 2 people to accumulate over 450 NFTs.
Here’s what we’re doing to fix it 🧵
— Rug Pull Finder (@rugpullfinder) 2 September 2022
Developers responsible for the kerfuffle apparently have been let go Meanwhile. The team at Rug Pull Finder has also admitted that they did not invite an independent third party to audit the project, which resulted in the compromised whitelist. However, the team has already reached out to the exploiters, who have apparently acted in good faith and reached some kind of agreement with the RPF.
NFTs are mostly returned to the RPF’s possession
Of the 450 NFT minted via an exploit, 366 will be returned to the RPF shortly in exchange for 2.5 ETH.
“We have come to an agreement with the wallets that used the contract and agreed to pay them 2.5 ETH to buy the remaining 366 NFTs. While they may have found an advantage, this is not a hack or fraudsters etc. They found a flaw and they used it for profit”.
Although this is a significant blow to the project – and to their reputation as auditors – this should ensure that the main coin that arrives in the autumn will be able to proceed as planned.
The community has, on the one hand, praised the RPF for its transparency and quick resolution of the problem, and on the other, shed light on the situation – with the irony of an auditor failing to follow basic audit protocols that is not lost on Twitter. followers.
The remaining exploited 84 NFTs will for the time being remain in the possession of the wrongdoers.
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to receive up to $7,000 on your deposits.