Treasure, an Arbitrum-based NFT marketplace, has been compromised. Hundreds of NFTs from the Smol Brains and Legions collections were taken, prompting the developers to halt trade.
An attack on Treasure, the largest NFT marketplace on the Ethereum Layer 2 solution Arbitrum, occurred early Thursday morning, resulting in the theft of hundreds of NFTs.
Hackers discovered a means to have NFTs listed on the Treasure marketplace for free. To avoid further damage, treasure developers reacted quickly by halting trading on the marketplace.
The TreasureDAO NFT ecosystem's hub for NFTs is Treasure. Unlike OpenSea, Treasure exclusively allows users to buy and sell NFTs with MAGIC tokens, the ecosystem's native currency, rather than Ethereum or stablecoins.
An attacker identified a way to change the price of advertised NFTs on Treasure, allowing them to acquire NFTs for 0 MAGIC tokens, according to blockchain security firm PeckShield.
Before the developers suspended trade, PeckShield estimates that over 100 NFTs were stolen from the marketplace. 17 pixel-art monkeys from the Smol Brains collection appear to have been stolen from one address.
At the time of the hack, these NFTs would have cost a customer almost $1.4 million in MAGIC tokens if acquired at the original listing rates.
Smol Brains and another popular collection named Legions appear to have bore the brunt of the exploit, since they are currently the most valuable and actively traded NFTs on Treasure. Today, the cheapest Smol Brains sell for roughly $9,500.
The price of the MAGIC token plunged rapidly as word of the exploit spread online, bottoming out at a 33 percent loss before recovering slightly. MAGIC is currently priced at $3.38, down 11% from its pre-exploitation price.
TreasureDAO’s GoudaGaarp reassures the Treasure community
TreasureDAO's GoudaGaarp took to Discord in response to the exploit to comfort the Treasure community.
"Our deepest and most sincere condolences to anyone who have been affected by today's exploit," they added. TreasureDAO had suspended the Treasure marketplace pending a complete code review, according to GoudaGaarp.
TreasureDAO will also play a key role in redistributing NFTs to their original owners, with plans to present a number of alternatives to ensure that users are compensated.
As the situation evolved, however, it looked that many of the hackers had changed their minds.
Hundreds of NFTs stolen from Treasure have been returned to their original owners, according to transaction data from Arbiscan, according to a Twitter user with the handle @Br0keboy96.
Because TreasureDAO has frozen trade, it's likely that the hackers learned the stolen NFTs couldn't be cashed out, and they're planning to blacklist all stolen NFTs.
As the popularity of NFTs has grown, so have the number of exploits and attacks aimed at NFT marketplaces. Using phishing emails, a hacker was able to steal millions of dollars in NFTs from unsuspecting OpenSea customers last month.
Hackers have traditionally targeted DeFi protocols and cross-chain bridges, but as non-fungible tokens expand in value and popularity, more assaults against applications like Treasure are anticipated.