Hackers steal funds from Quixotic’s NFTs

108
2
Hackers steal funds from Quixotic’s NFTs

Quixotic, the largest NFT marketplace on Optimism, announced on July 1 that a recent contract update had been exploited, leading to the loss of ERC-20 token.

The team assured users that lost funds would be returned and that NFTs listed on the platform were unaffected. As a precautionary measure, all marketplace activity is stopped as devs investigate what happened.

Quixotic users are not required to act as the vulnerable contract has been halted and refunds will go out in the coming days. More details on the Quixotic NFT exploit can be found here.

The exploit was first discovered by the team at the NFT project Apetimism, who alerted the community with a tweet in the early hours of July 1 BST It pointed out the offer feature as the source of the vulnerability, suggesting members cancel open offers to protect themselves.

Apetimism said that the hacker was able to transfer offers made on NFTs to their own wallet, based on their analysis. They claimed that the hacker had deployed their smart contract to overrun the existing logic to exploit the offer function.

Apetimism reported that $100,000 had been lost so far. Since that tweet went out, an analysis of the hacker's wallet shows several large outflows greater than $100,000.

The most significant single transfer out was for 110,756 USDC, while the second most significant transaction out was for 170,882 Optimism OP valued at $90,500 at the current price.

A further investigation shows the hacker stealing funds into smaller sums and sending them to multiple other addresses.

Quixotic is the largest NFT marketplace on the Optimism layer 2 platform.

The platform is more usable for NFT traders because of its average transaction fee of just 0.0005 ETH $1.50. The firm estimates it saved around $2 million in gas fees since its inception.

Users activity has declined since June 14, as the platform turned over $419,500 in volume over the last 30 days, according to on-chain tracking.