NFT Marketplace Quixotic Confirms $100k Exploit via Offering Feature Breach

Quixotic, a non-fungible token (NFT) marketplace built on layer-2 scaling solution Optimism, on Friday confirmed an exploit that resulted in the loss of $100,000 worth of ERC-20 tokens. 

The attacker tampered with a recently updated smart contract on Quixotic, thereby utilizing the Offer feature on the marketplace, which enables a buyer to propose an amount to buy an asset from the seller, to conduct the exploit.

Users were urged to safeguard their funds and assets from the impact of the attack by revoking their access to the project’s smart contract using the URL: revoke.cash

The exploit was discovered and acted upon only after a member of the Quixotic community made a complaint that his funds had been wiped and he also did not receive a non-fungible token (NFT) he sought to purchase.

Quixotic Promises to Refund Users

While all transactions on the marketplace have been halted, the project team noted that it will refund the stolen tokens of users affected by the exploit in “the coming days.” It added that no NFT in the marketplace was stolen and only ERC-20 tokens were affected by the hack.

Optimism Recent Fund Fumble

Optimism, the Ethereum layer-2 scaling solution that houses Quixotic, recorded an exploit that resulted in the loss of $16 million worth of funds. While the fault came from crypto market maker Wintermute, the bad actor got to the assets first and withdrew them to a separate account.

Currently, however, the hacker has returned over 90% of the funds to the custody of Optimism. The remaining $2 million with the hacker is now considered a bounty by the Optimism team.

Hackers Target DeFi and NFT Projects

DeFi and NFT projects are increasingly becoming targets for hackers. Earlier this year, the popular NFT marketplace OpenSea suffered multiple phishing attacks that led to the theft of assets worth millions. 

Last month, blockchain network Harmony Protocol reported a $100 million loss in an exploit. A week later, the hackers moved $22 million from the stolen fund to Tornado Cash.

Source: https://coinfomania.com/quixotic-confirms-100k-exploit/#utm_source=rss&%23038;utm_medium=rss&%23038;utm_campaign=quixotic-confirms-100k-exploit