A non-fungible token market platform built on top of Arbitrum called Treasure DAO was hacked on March 3 at 7:33 a.m. (EST), according to a post mortem analysis authored by the security-focused firm Certik. The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the marketplace’s “buyer buy item” function.
Post Mortem Analysis by Certik Shows Arbitrum NFT Trading Platform Treasure DAO Exploited for More Than 100 NFTs
The leading Arbitrum NFT marketplace Treasure DAO was attacked on Thursday after an attacker discovered an exploit that resulted in the loss of “more than 100 NFTs from unsuspecting users.” The post mortem analysis of the attack was sent to Bitcoin.com News from the blockchain security firm Certik, a company that analyzes, monitors, and assesses smart contracts, blockchain tech, and decentralized finance (defi) protocols. “Treasure DAO, an NFT trading platform on Arbitrum, was exploited by an unknown attacker who took advantage of a flaw in the platform’s code,” Certik’s analysis details. “The exploit resulted in the loss of more than 100 NFTs from unsuspecting users. After some initial analysis and tracing of the hacker’s wallet on Twitter, many stolen NFTs were returned.” Additionally, Certik’s analysis of the Treasure DAO situation notes that the protocol’s native token MAGIC shed over 40% in losses against the U.S. dollar. Treasure DAO co-founder John Patten also tweeted about the event after the attacker stole the funds. “Treasure marketplace is being exploited. Please delist your items. We will cover the costs of the exploit—I will personally give up all of my Smols to repair this,” Patten said. The Treasure DAO co-founder added:I cannot fathom what subhuman targets a fair launch marketplace for robbery, but they will not defeat the community.
