According to Certik, a security firm that specializes in cybersecurity analysis, a non-fungible token-market platform called Treasure DAO which was built on Arbitrum was attacked on March 3, at 7:33 AM (EST). The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the marketplace’s “buyer buy item” function.
Certik’s Post-Mortem Analysis reveals that Arbitrum NFT Trading Platform Treasure was Exploited by the DAO for more than 100 NFTs
The leading Arbitrum NFT marketplace Treasure DAO was attacked on Thursday after an attacker discovered an exploit that resulted in the loss of “more than 100 NFTs from unsuspecting users.” The post mortem analysis of the attack was sent to Bitcoin.com News from the blockchain security firm Certik, a company that analyzes, monitors, and assesses smart contracts, blockchain tech, and decentralized finance (defi) protocols.
“Treasure DAO, an NFT trading platform on Arbitrum, was exploited by an unknown attacker who took advantage of a flaw in the platform’s code,” Certik’s analysis details. “The exploit resulted in the loss of more than 100 NFTs from unsuspecting users. After some initial analysis and tracing of the hacker’s wallet on Twitter, many stolen NFTs were returned.”
Additionally, Certik’s analysis of the Treasure DAO situation notes that the protocol’s native token MAGIC shed over 40% in losses against the U.S. dollar. John Patten is also a Treasure DAO cofounder. tweetedAbout the attack that stole funds. “Treasure marketplace is being exploited. Your items should be removed from the Treasure Marketplace. We will cover the costs of the exploit—I will personally give up all of my Smols to repair this,” Patten said. He was also co-founder of Treasure DAO.
Although I am unable to fathom why a subhuman would choose a fair marketplace for robbery as he launch market, they won’t defeat the community.
Certik says that ongoing On-Chain analysis and pre-deployment audits can help prevent future blockchain protocol explorations
Certik security analysts say that no one knows who was behind the exploit but added that many users were “simply be glad to have their stolen NFTs returned.” The company’s post mortem summary of the situation concludes by adding that significant losses can happen by simply exploiting one line of code. Firm believes that on-chain monitoring specific blockchain protocols, and pre-deployment auditors, can prevent future vulnerabilities.
“This hack once again highlights the million-dollar ramifications that a single line of code can have,” Certik’s report concludes. “A thorough pre-deployment audit paired with ongoing on-chain analysis is the best way for Web3 projects to demonstrate their commitment to security and assure their customers that their funds are safe.”
What do you think about the Treasure DAO hack and Certik’s post mortem report? Please comment below to let us know your thoughts on this topic.
Images CreditsShutterstock. Pixabay. Wiki Commons
DisclaimerInformational: This article is not intended to be a solicitation or offer to sell or buy any product, service, or company. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. The author and the company are not responsible for any loss or damage caused or alleged caused by the content or use of any goods, services, or information mentioned in the article.