The highly anticipated nonfungible token (NFT) project Akutars was marred by both an exploit and a bug on the weekend, causing over 11,500 Ether (ETH), worth nearly $33 million, to be locked forever within a smart contract, inaccessible even to the development team.
The exploit, however, was conducted by someone trying to show a vulnerability in the project and not steal funds via a hack. The project went live on Friday with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price is above the reserve.
The auction opened at 3.5 ETH with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an “Aku Mint Pass” were also given a 0.5 ETH discount on each minted NFT.
In a Saturday Twitter thread explaining the whopping $33 million bug, 0xInuarashi, a developer of multiple NFT projects, explained Akutars’ smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds.
The contract had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.
Unfortunately, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in ETH forever.
New York State Senator Kevin Thomas introduced a new bill amendment request to establish certain offenses related to rug pulls and other frauds related to virtual token distribution, misuse of private keys and hidden interests in crypto projects.
The bill drafted by Senator Thomas, Senate Bill S8839, calls for defining, penalizing and criminalizing frauds specifically targeted at developers and projects that intend to dupe crypto investors.
Through the bill, Thomas seeks to provide prosecutors with a clear legal framework against crypto crimes that align with the spirit of the blockchain while combatting fraud. It calls for a law amendment that will imply rug pull charges on developers that sell “more than 10% of such tokens within five years from the date of last sale of such tokens.”
Private key fraud involves disclosing or misusing another person’s private keys without prior affirmative consent. The bill also seeks to charge developers with fraudulent failure to disclose an interest in digital tokens that don’t publicly disclose personal crypto holdings on the landing page of the primary website.
The bill was under committee review to determine its eligibility for floor consideration at the time of writing.
The United States Treasury Department has added three Ethereum wallet addresses to sanctions allegedly linked to the hacker group responsible for the theft of more than $600 million in crypto from nonfungible token game Axie Infinity’s Ronin sidechain.
In a Friday update, the Treasury Department’s Office of Foreign Assets Control, or OFAC, listed three Ethereum addresses to its Specially Designated Nationals restrictions for North Korea’s Lazarus Group. U.S. authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, have targeted the group over its alleged role in taking more than 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) from the Ronin sidechain in March — the tokens were worth more than $600 million at the time.
The U.S. government department hinted in a Friday tweet that the addresses were added to the list in an effort to stop North Korea from evading sanctions imposed by the United States and United Nations. Blockchain records show at least one of the wallet addresses connected to the Ronin hackers sent funds to crypto mixer services including Tornado Cash.
OFAC added 3 virtual currency wallet addresses to the SDN Listing for Lazarus Group. The DPRK has relied on illicit activities like cybercrime to generate revenue while trying to evade US & UN sanctions. Transacting w/ these risks exposure to US sanctions. https://t.co/GMNZkwe1IA April 22, 2022
Chainalysis reported in January that North Korea stole roughly $400 million in cryptocurrency through cyberattacks in 2021, meaning the Ronin theft could represent its largest haul to date. Illicit funds linked to hacking groups from the reclusive nation were primarily in Ether at 58%, Bitcoin at 20% and other tokens at 22%.
This Daily Dose was brought to you by Cointelegraph.