Two con artists were able to mint 450 NFTs instead of one per wallet because of misuse of the Rug Pull Finder NFT contract.
In a cruel irony, Rug Pull Finder (RPF), a nonfungible token (NFT) watchdog dedicated to exposing Web3-based fraud, has also been the victim of a smart contract vulnerability.
The NFT investigator claimed in a tweet on Friday that two individuals took advantage of a project’s technical weakness to steal 450 NFTs out of a total of 1,221 NFTs that were supposed to be restricted to one per wallet.
Rug Pull Finder claims that its smart contract had a bug that allowed code to be abused, enabling the bandits to give themselves access to more NFTs than was permitted.
Shortly after the exploit, the RPF team took action to correct the situation by making an offer to one of the parties involved to pay them a reward of 2.5 Ether (ETH), which is currently worth $3,944.68 at the time of this writing, in exchange for helping to recover 330 of the NFTs. This offer was accepted.
NFT Watching Rug Pull Finder Might Get Exploited:
Before the impending 10,000 NFT collection this fall, the assortment acts as an allowlist or sale for members.
Exclusive entry to the mint, the RPF major drop, and other forthcoming projects are available when holding a bad guy NFT.
The monitoring group said the attack happened because they disregarded warnings about the bug supplied by an unidentified source 30 minutes before the mint went live.
The irony of the exploit has not escaped the attention of the cryptocurrency community, with some applauding the NFT investigator for admitting its mistake while others have questioned why a business that specializes in finding smart contract vulnerabilities didn’t perform the necessary checks on its project.