TreasureDAO Marketplace Suffers Exploit, 153 NFTs Stolen

TreasaureDAO Marketplace Suffers Exploit, 153 NFTs Stolen

A bug allowed hackers to purchase NFTs for 0 MAGIC

The Arbitrum-based TreasureDAO NFT Marketplace suffered an exploit, allowing hackers to purchase NFTs without spending any MAGIC tokens, effectively stealing them. The exploit was uncovered by NFT enthusiasts on Twitter, and TreasureDAO quickly set out to reimburse affected users. 

According to the team behind virtual world Isolite, a total of 153 NFTs were stolen from the marketplace. The majority of them belonged to the Smol Brains collection, which is the most expensive project on the platform. At the time of writing, the cheapest Smol Brains NFT costs 2,469 MAGIC, or about $8,400.

About 24 hours after the exploit was revealed, TreasureDAO shared a thankful post, announcing that there are only 50 NFTs that still have to be found and hopefully returned. The TreasureDAO team quickly shut down the smart contract that allowed the exploit, which successfully limited the damages users sustained. 

Why did this happen with the TreasureDAO Marketplace?

A Crypto Twitter deep-dive reveals that TreasureDAO marketplace users started noticing zero price transactions going out of the marketplace. With team effort, users revealed that the underlying code of the platform allowed hackers to purchase previously listed NFTs for a price of 0 MAGIC. 

According to the Isotile team, a greater-than sign was missing in an important line of the code. This essentially allowed NFTs that had a quantity value of 0, to be sold for the same value of 0 MAGIC. Exploiting this bug, hackers stole 112 Smol Brains NFTs and 41 Legions NFTs. 

Aside from the losses TreasureDAO users had to sustain, there is another worrying element to this bug exploit. The TreasureDAO Marketplace is among the more popular platforms on Arbitrum. That’s why a lot of developers used its source code to build their own NFT marketplaces. Considering this, the bug might have spread to other platforms as well. 

What’s more, as news of the exploit made its way around Crypto Twitter, the platform’s native token MAGIC saw a staggering drop in valuation. Since then the token has recovered a bit. However, it’s still trading at significantly lower pricing compared to the same time yesterday. 

DappRadar will continue monitoring the NFT space in order to bring you the latest sales data and news. If you want to stay up to date with the latest events, follow us on Twitter. Additionally, you can check out the DappRadar NFT Rankings page to find the most up-to-date on-chain sales data.

Unsubscribe at any time. T&Cs and Privacy Policy

Share this post on social media

Share this Article

Related articles

Related articles

Qi DAO Superfluid Contract Exploited for $13 Million

Superfluid vesting contract targeted in a complex attack
Superfluid contract