NFT watchdog gets hacked hours after launching its own NFT collection
In a rather ironic turn of events, an NFT company focused on identifying fraud in the Web3 space has fallen victim to a security breach.
Rug Pull Finder’s NFT contract was compromised last week, allowing two people to mint 450 NFTs instead of one per wallet. According to a Friday post on Twitter, the malicious actors exploited a technical flaw in the project’s free NFT mint that allowed them to mint more than the maximum number of NFTs per wallet.
As discussed on our Twitter space's earlier today -
— Rug Pull Finder (@rugpullfinder) September 2, 2022
We messed up. We messed up big. Our contract had a flaw that allowed 2 people to scoop up over 450 NFTs.
Here is what we are doing to fix it 🧵
Rug Pull Finder (RPF) tried to remedy the situation by offering one of the bad actors a bounty of 2.5 ETH (or about $3944 as of press time) to recover 300 of the stolen NFTs. One of the exploiters agreed, with the RPF team noting that the hackers “did negotiate in good faith and allow us to come to a reasonable solution with them.”
Dubbed “Bad Guys,” the free mint is a collection of “scammers accidentally let loose on the blockchain.” The collection is a whitelist for members ahead of an upcoming 10,000 NFT series this fall. Holding a Bad Guy NFT will provide exclusive access to the RPF’s main drop.
Meanwhile, the watchdog group was warned about the flaw. The group admitted that it had received an anonymous tip from an unknown source 30 minutes before its mint went live. “After reviewing it with three different dev teams, we did not believe the credibility of the information sent to us... We were clearly wrong, and we are truly, truly sorry,” RPF said.
Admitting a mess up is rare and accountable. Bravo RPF. You are to be commended. The last few months I have seen token contracts with flaws, bad code and as of yesterday suspect code for anyone to take advantage of and not one of those devs said what you guys just stated 💯👏🏼💪🏼
— Figs (@CryptoRoog) September 2, 2022
The incident was met with mixed reactions from the crypto community. While some lauded the NFT investigator for admitting its fault, others questioned how a company that is supposed to detect Web3 fraud failed to conduct proper checks on its own project.
