Quixotic, the largest NFT marketplace on Optimism, announced on July 1 that a recent contract update was exploited, leading to the loss of ERC-20 tokens.
The team assured users that lost funds would be returned and that NFTs listed on the platform were unaffected. But as a precautionary measure, all marketplace activity is paused as devs further investigate what happened.
We can confirm that a recent update to our marketplace contract was exploited, allowing a hacker to steal approved ERC-20 tokens
1. We will be refunding all stolen ERC-20 tokens
2. NFTs remain safe and are not affected by the exploit
3. All marketplace activity remains paused https://t.co/wBYt903QVO— Quixotic 🔴✨ – Optimism NFT Marketplace (@quixotic_io) July 1, 2022
Quixotic users are not required to act as the vulnerable contract has been halted, and refunds will go out “in the coming days.”
More details on the Quixotic NFT exploit
The exploit was first noted by the team at NFT project Apetimism, who duly alerted the community with a tweet in the early hours of July 1 (BST). It pinpointed the offer feature as the source of the vulnerability, suggesting members cancel open offers to protect themselves.
“Some attacker is attacking the “Offer” feature. Therefore we suggest you to cancel all the offers immediately if you have one.“
Expanding further, Apetimism said, based on their analysis, it appears that the hacker was able to transfer offers made on NFTs to their own wallet. They surmised that the hacker deployed their smart contract to overrun the existing logic to exploit the offer function.
How? An attacker deployed a contract to bypass some logic on Quixotic’s smart contract over the offering feature. This would let them steal all the tokens used in any offer on Quixotic in any currency.
— Apetimism 🔴 | Sold Out (@apetimism) July 1, 2022
Apetimism reported that $100,000 had been lost so far. However, since that tweet went out, an analysis of the hacker’s wallet shows several…
Click Here to Read the Full Original Article at Ethereum – CryptoSlate…
