Hackers stole NFT monkeys on top Ethereum layer 2

The Arbitrum-based NFT marketplace Treasure has been hacked. Developers froze trading after hundreds of NFTs from the Smol Brains and Legions collections were stolen.

Treasure, the biggest NFT marketplace on the Ethereum Layer 2 solution Arbitrum, was hit by an attack early Thursday morning, resulting in hundreds of NFTs being stolen. Hackers found a way to acquire NFTs listed on the Treasure marketplace without paying for them. Treasure developers quickly reacted by freezing trading on the marketplace to avoid further damage. 

Treasure is the hub for NFTs in the TreasureDAO NFT ecosystem. Instead of using Ethereum or stablecoins to buy and sell NFTs like on OpenSea, Treasure only lets users transact using MAGIC tokens, the ecosystem’s native currency. According to blockchain security company PeckShield, an attacker found a way to manipulate the price of listed NFTs on Treasure, allowing them to buy NFTs for 0 MAGIC tokens. 

PeckShield estimates more than 100 NFTs were stolen from the marketplace before developers froze trading. One address appears to have stolen 17 pixel-art monkeys from the Smol Brains collection. If purchased for the original listing prices, these NFTs would have cost a buyer over $1.4 million worth of MAGIC tokens at the time of the hack. Since Smol Brains and another popular collection called Legions are currently the most valuable and actively traded NFTs on Treasure, they appear to have borne the brunt of the exploit. The cheapest Smol Brains normally trade for around $9,500 today. 

As news of the exploit circulated online, the price of the MAGIC token dropped sharply, bottoming out at a 33% loss before posting a slight recovery. MAGIC is currently trading at $3.03. 

MAGIC/USD (Source: CoinGecko)

TreasureDAO’s GoudaGaarp took to Discord in response to the exploit to comfort the Treasure community.

“Our deepest and most sincere condolences to anyone who have been affected by today’s exploit,” they added. TreasureDAO had suspended the Treasure marketplace pending a complete code review, according to GoudaGaarp.

TreasureDAO will also play a key role in redistributing NFTs to their original owners, with plans to present a number of alternatives to ensure that users are compensated. As the situation evolved, however, it looked that many of the hackers had changed their minds.

Hundreds of NFTs stolen from Treasure have been returned to their original owners, according to transaction data from Arbiscan, according to a Twitter user with the handle @Br0keboy96.

Because TreasureDAO has frozen trade, it’s likely that the hackers learned the stolen NFTs couldn’t be cashed out, and they’re planning to blacklist all stolen NFTs.

As the popularity of NFTs has grown, so have the number of exploits and attacks aimed at NFT marketplaces. Using phishing emails, a hacker was able to steal millions of dollars in NFTs from unsuspecting OpenSea customers last month.

Hackers have traditionally targeted DeFi protocols and cross-chain bridges, but as non-fungible tokens expand in value and popularity, more assaults against applications like Treasure are anticipated.

Source: Crypto Briefing