Hackers have stolen hundreds of NFTs from the Arbitrum NFT marketplace Treasure.
Treasure developers quickly froze trading to avoid further losses.
Since the incident, many of the hackers have return the NFTs to their rightful owners.
Share this article
The Arbitrum-based NFT marketplace Treasure has been hacked. Developers froze trading after hundreds of NFTs from the Smol Brains and Legions collections were stolen.
Treasure Marketplace Hit by Exploit
The Treasure marketplace has suffered an exploit.
Treasure, the biggest NFT marketplace on the Ethereum Layer 2 solution Arbitrum, was hit by an attack early Thursday morning, resulting in hundreds of NFTs being stolen. Hackers found a way to acquire NFTs listed on the Treasure marketplace without paying for them. Treasure developers quickly reacted by freezing trading on the marketplace to avoid further damage.
Treasure is the hub for NFTs in the TreasureDAO NFT ecosystem. Instead of using Ethereum or stablecoins to buy and sell NFTs like on OpenSea, Treasure only lets users transact using MAGIC tokens, the ecosystem’s native currency. According to blockchain security company PeckShield, an attacker found a way to manipulate the price of listed NFTs on Treasure, allowing them to buy NFTs for 0 MAGIC tokens.
PeckShield estimates more than 100 NFTs were stolen from the marketplace before developers froze trading. One address appears to have stolen 17 pixel-art monkeys from the Smol Brains collection. If purchased for the original listing prices, these NFTs would have cost a buyer over $1.4 million worth of MAGIC tokens at the time of the hack. Since Smol Brains and another popular collection called Legions are currently the most valuable and actively traded NFTs on Treasure, they appear to have borne the brunt of the exploit. The cheapest Smol Brains normally trade for around $9,500 today.
As news of the exploit circulated online, the price of the MAGIC token dropped sharply, bottoming out at a 33% loss before posting a slight recovery. MAGIC is currently trading at $3.38, down 11% from pre-exploit levels.
MAGIC/USD (Source: CoinGecko)
In response to the exploit, TreasureDAO’s GoudaGaarp took to Discord to reassure the Treasure community. “Deepest and sincerest condolences for those impacted by the exploit today,” they wrote. GoudaGaarp went on to explain that TreasureDAO had frozen the Treasure marketplace pending a full code review. TreasureDAO will also take an active role in distributing NFTs back to their rightful owners and plans to propose several remediation options to ensure users are made whole.
However, as the situation progressed, it appeared that many of the hackers had a change of heart. A Twitter user posting under the handle @Br0keboy96 pointed out that transaction data from Arbiscan shows dozens of NFTs stolen from Treasure being returned to their rightful owners. Presumably, the hackers realized that the stolen NFT could not be cashed out due to TreasureDAO freezing trading and likely planning to blacklist all stolen NFTs.
As NFTs have boomed in popularity, exploits and hacks targeting NFT marketplaces have increased. Last month, a hacker using phishing emails was able to steal approximately millions of dollars worth of NFTs from unsuspecting OpenSea users. While DeFi protocols and cross-chain bridges have typically been popular targets for hackers, as non-fungible tokens grow in value and popularity, more attacks against applications like Treasure are likely.
Disclosure: At the time of writing this piece, the author owned ETH and several other cryptocurrencies.
Share this article
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
NFT Express: Your on-ramp to the world of NFTs
At Tatum, we’ve already made it super easy to create your own NFTs on multiple blockchains without having to learn Solidity or create your own smart contracts. Anyone can deploy…
OpenSea NFT Hack Exposes Web3 Self-Custody Risks
The hacker stole hundreds of high-value NFTs from sought-after collections like Bored Ape Yacht Club, Azuki, and NFT Worlds. OpenSea Users Targeted in NFT Hack A hacker stole millions of…
NFT Collector Sues OpenSea for $1M Over Listing Bug
An NFT collector who inadvertently sold a Bored Ape Yacht Club NFT for $26 due to an OpenSea listing issue has filed a lawsuit asking for $1 million in damages….
OpenSea Hack: Key Takeaways on Web3 Security
A hacker stole millions of dollars worth of NFTs from OpenSea users over the weekend. The incident has highlighted the importance of operational security in Web3. OpenSea Hack Highlights Security…