AkuDreams dev team locks up $33M due to smart contract bug

The highly anticipated nonfungible token (NFT) project Akutars was marred by both an exploit and a bug on the weekend, causing over 11,500 Ether (ETH), worth nearly $33 million, to be locked forever within a smart contract, inaccessible even to the development team.

The exploit, however, was conducted by someone trying to show a vulnerability in the project and not steal funds via a hack.

The project went live on Friday with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price is above the reserve.

The auction opened at 3.5 ETH with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an “Aku Mint Pass” were also given a 0.5 ETH discount on each minted NFT.

The $33M Bug

In a Saturday Twitter thread explaining the whopping $33 million bug, 0xInuarashi, a developer of multiple NFT projects, explained Akutars’ smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds.

The contract had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.

Unfortunately, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in ETH forever.

Cointelegraph contacted the Akutars team for comment but did not immediately get a response.

The exploit

In a now-deleted tweet posted by the Akutars that was shared by DeFi developer foobar, it said that developers reached out to them warning that their contract could be exploited but appeared to shrug them off completely as they labeled the potential exploit a “feature.”

During the mint, an unknown individual executed what’s known as a “griefing contract,” which locked the ability of the Akutars contract to process refunds to those who underbid. The individual even embedded a message on the blockchain to the Akutars team saying they would stop the contract:

“Well, this was fun, had no intention of actually exploiting this lol. Otherwise I wouldn’t have used Coinbase. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.”

Akutars then promptly responded by  taking responsibility for the code and suggested that the exploit “was not done out of malice” and the person “intended to bring attention to best practices for highly visible projects.”

In a tweet on the same day, the project’s founder and former pro-baseballer Micah Johnson offered an apology to the community, noting that after letting them down, he will “continue to build brick by brick” and work tirelessly to avoid any similar issues moving forward. 

The team also said that it will be issuing 0.5 ETH refunds to pass holders as well as airdropping the NFT to successful bidders.

In an update posted on Sunday, the team said it had rewritten its minting contract which was then audited by several developers and plans to mint on Monday.

Related: Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

This article has been updated, with the headline changing from “$34M” to “$33M.”

All Dutch and English crypto news!

Bitcoin price predictions abound as traders focus on the next BTC halving cycle

Terra's recent collapse has been repeatedly singled out as the main source of weakness affecting crypto assets, but it's much more likely that a combination of...

Swiss asset manager Julius Baer eyes crypto and DeFi potential

132-year-old Swiss asset management firm Julius Baer intends to offer exposure to cryptocurrencies and decentralized finance (DeFi) for its high net-worth clients. The firm's CEO Philipp...

Jack Dorsey’s Block hits $1.3B in Q1 profits, $43M in BTC trading revenue

Block, the pro-Bitcoin (BTC) umbrella company that hosts Cash App, Square and Afterpay, continues its growth in 2022. According to its Shareholder letter, in the...

Bitcoin must defend these price levels to avoid ‘much deeper’ fall: Analysis

Bitcoin (BTC) may be attempting to flip $30,000 to support on May 19, but for one group of analysts, attention is focused firmly on a...

Beste exchanges

Koop je crypto bij Bitvavo