The optimism-based non-fungible token marketplace, Quixotic, has come under attack. The platform took to Twitter to announce that its contract got compromised by hackers. It said the hacker stole ERC-20 tokens from its platform.
Not So Much Details Yet
However, Quixotic is yet to reveal specific details about the attack. The platform, however, assures its users that the NFTs are safe and unaffected. Furthermore, Quixotic said it will refund all the stolen ERC-20 tokens.
That said, Quixotic has placed a hold on all activities on its platform for now. The Quixotic platform tweeted further and said users don’t have to take any action. It was in the same tweet it said the affected contract is permanently paused.
For users, the refund for their lost tokens will be sent in the coming days.
Apetimism came up with a tweet to explain the cause of the recent Quixotic exploit. It said the exploit was possible through offer features. The marketplace has a feature where users can make offers on NFTs.
Apetimism said the hackers deployed a contract that bypassed some Quixotic smart contract logic. The deployed contract, thus, beat the system’s logic over the offering feature. The event will allow them to move all available tokens used in offers on Quixotic.
Retreat on Offers
Users have, therefore, been advised to cancel all offers they have made immediately. This will enable the system developers to restore order. It will also prevent the hackers from taking further advantage.
Importantly, Apetimism was able to identify the attackers’ wallet address. However, the address had been cleaned of all funds at the time of the report. Nevertheless, Apetimism said the value of the heist is over $100,000.
Coincidentally, this heist is coming just days after Optimism reported an attack. The said attack was caused by mistakenly sending tokens to the wrong destination. As a result of this latest attack, the layer-2 scaling has lost 20 million OP tokens. It is reported that 1 million out of them were sent into Vitalik Buterin’s wallet.
A Long History of Exploits
Exploits are becoming too damaging for NFT space as each event occurs. In January, a bug was exploited and OpenSea users lost $1 million worth of NFTs. This was even less than their actual market value.
Elliptic was able to uncover five of the beneficiaries of the exploit at that time. They took advantage of a loophole in OpenSea’s codes at that time. They were then able to beat down prices and buy NFTs at far lower prices.
The victims include Mutant Ape Yacht Club and Bored Ape Yacht Club. Others are Cyberkongz NFTs and Cool Cats, according to Elliptic.
For instance, on the 24th of January, a BAYC NFT was bought at 0.77 ETH. That was an approximate $1,800 then. That family of NFTs sold for $198,000 back then.
After twenty minutes, the hacker went ahead to sell it for 84.2 ETH ($196,000). They got a profit of $194,000 in the process.
Another hacker identified simply as “jpegdegenlove” bought seven NFTs for $133,000. They later quickly sold the NFTs for $934,000 in Ethereum. The Ethereum was sent into Tornado Cash after five hours to get mixed.
Source: https://crypto.news/nft-marketplace-quixotic-exploit-attack/