Due to a simple smart contract error during a new NFT launch, $34 million in ETH is locked away from both the creator and buyers, as of Friday.
On April 22, major league baseball player turned non-fungible token artist Micah Johnson launched his much awaited Akutars, a collection of unique 3D avatars based on his popular Aku NFT series. Johnson’s popular NFT character Aku—a young Black boy with dreams of being an astronaut who wears an oversize space helmet—has gotten the celebrity support of Pusha T, Tyra Banks, Trevor Noah, and others, and has generated over $19 million in sales.
Minutes after the NFT launch, Hasan Gondal, a software engineer and the founder of the software company, Afraid Labs, warned of an issue with the smart contract. But Gondal confirmed shortly after that Aku team software developers told him he was “wrong” and that the code was operational.
“A smart contract transforms the legal language we use to do business into code, then bakes this onto a blockchain, becoming immutable,” Konstantin Richter, CEO of Blockdaemon, a blockchain infrastructure company, told Fortune.
While smart contracts aren’t exclusive to NFT projects and exist on the Ethereum blockchain—which is a public and decentralized record of cryptocurrency transactions—they are an essential aspect of NFT sales functioning smoothly.
Smart contract flaws increase a crypto or NFT project’s attack vector, in Richter’s opinion, because they live on public blockchains and the flaws can be exploited by bad actors. And the consequences of these flaws can be massive—from lost money to entire crypto communities dissolving.
The first incident
“Micah and the developers were on a call with me and they said ‘We have some sort of safeguards in place,’” Gondal told Fortune. “It was such a big mint and I knew a tweet like mine could affect whether or not they sell out, for example. I didn’t want to cause any trouble for them. So I said ‘Yeah, it looks fine.’ And then maybe a half hour later, someone had exploited the issue.”
Unfortunately, the smart contract did have vulnerabilities, which an anonymous user named USER221 then exploited, halting both Ethereum withdrawals and refunds, according to a thread by Ethereum developer 0xInuarashi.
USER 221 urged the Aku team to “please do bug bounty on your contracts or have them audited at least,” as reported by Decrypt. And after having a bit of  “fun” the user announced they would not exploit the vulnerability if the Aku team publicly acknowledged that the flaw existed, citing Decrypt.
The second incident 
Once the project was up and running again in a matter of hours, a second incident occurred where the Aku team’s smart contract code failed to account for multiple NFT mints within the same transaction, per a thread by Ethereum developer 0xInuarashi. This error in the smart contract led to 11,539 ETH—worth about $34 million as of Friday—being permanently locked in the smart contract, citing Decrypt. The funds are entirely inaccessible to both Aku’s creators and relevant customers.
“There’s actually another twist to this story,” Gondal told Fortune. “Someone exploited this contract very early on and they locked the funds. If the team would have noticed that withdrawal error when it was just a small mistake, basically, and if the attacker left it locked for three days where nobody else could process refunds, after three days, everyone would get their money back. But how things are currently, the funds are locked now, forever. It's a very, very unique circumstance.”
This conundrum could have been avoided with thorough audits, according to Craig Palmer, CEO of MakersPlace, a NFT digital art marketplace.
“Not having the proper safeguards in place will leave projects open to hacks, but an even more preventable mistake in this case, a poorly written code which led to $34 million worth of ETH locked away, will only leave everyone upset and questioning your legitimacy,” Palmer, told Fortune. “It’s extremely important to ensure that smart contracts can run as intended, so double- and triple-checking them before a drop is paramount. Therefore, ensuring audits take place before the contract goes live is essential to ensuring a safer digital industry and thereby providing a higher level of comfort for the community.”
Johnson has since tweeted an apology for the error and assured patrons that they will receive refunds, calling the technological misfires during the Akutars launch “costly” to himself.
https://twitter.com/Micah_Johnson3/status/1517877506187186177
In light of recent events, it is clear that smart contracts can be a double-edged sword—with the potential to be both convenient and catastrophic. Here’s everything you need to know about smart contracts to navigate them safely.
Smart contracts are digital contracts that are programmed to execute when preset conditions are met. They are considered “smart” because they can automate any type of transaction, no matter how complex it is. In short, without an intermediary like a bank, smart contracts can automatically execute agreements such as loans, sales, and other financial transactions, in a way that is both trackable and irreversible.
The irreversibility of smart contract transactions means there generally isn’t an opportunity for a “do-over,” according to Anthony Mongiello, CEO and cofounder of the Bulls and Apes Project, a generative NFT collection.
“Smart contracts are pieces of code that live on the blockchain,” Mongiello, told Fortune. “These pieces of code control the transfer of ownership to what could wind up being an extremely valuable asset, maybe even someone's most valuable asset. Yet the common person has very little or no experience reading code. So now you have a situation where NFT holders are putting an incredible amount of trust in projects and founders to handle the ownership of this asset appropriately. Founders need to appreciate this trust and do whatever it takes to ensure the safety of their community.”
Mongiello’s advice to NFT and crypto professionals is to use reputable technology professionals, and also have the work audited by a reputable firm and reputable technologists in the Web3 space.
“Creators have many things to think about when developing an NFT or crypto project,” Nick Percoco, chief security officer at Kraken, a cryptocurrency exchange and bank, told Fortune. “If a project is not rigorously tested and reviewed, any minor flaw or vulnerability may be exploited in the future. In the best-case scenario, these may cause a minor inconvenience. However, in the worst case, these may result in the loss of millions of dollars worth of funds.”
Percoco thinks a big step towards more secure smart contracts is the use of “standardized” contracts as a base. He recommends that NFT founders make use of existing standard libraries that contain well-reviewed smart contracts that can be used as a base for their new NFT projects.
“Standardization reduces the overhead costs of verifying the security of the NFT, as only the nonstandard parts have to be reviewed,” Percoco told Fortune. “While those are still critical, they tend to be much less complex. Through these processes, the industry continues to learn and improve upon the security of smart contracts.”
This story was originally featured on Fortune.com
Cronos is also down 40% over the past 30 days, as CRO creator Crypto.com cuts its credit card rewards and interest paid on staked CRO.
These fundamentally strong but beaten-down growth stocks have the firepower to outlast any recession.
“Welcome to the greatest night of my life,” Underwood shouted as she brought Axl Rose on Stagecoach Festival stage.
When Carrie Underwood’s band broke into the opening strains of “Sweet Child o’ Mine” at the Stagecoach Festival Saturday, it seemed like business as usual. The country superstar’s Guns N’ Roses fangirl-ism is well known, and she’s incorporated GNR numbers into her set on a regular basis before, even showing an aptitude for appropriating Axl […]
Shares of Roku Inc. slipped 0.4% in premarket trading Monday, after the streaming video player company said Apple Inc.'s Apple Music app is now available on any Roku device. Roku said current Apple Music subscribers can access the app on Roku devices with their existing log-in credentials. In addition, Roku users can sign-up for Apple Music for a one-month free trial, and for $9.99 per month after the free trial expires. Apple's stock slipped 0.2% ahead of the open. Roku's stock has plunged 59.3
SOL Stabilizes after 15% Drop
The "Real Housewives" star reached for her two-piece in response to an age-shaming comment sent to Paulina Porizkova.
When looking for the best artificial intelligence stocks to buy, identify companies using AI technology to improve products or gain a strategic edge, such as Google, Microsoft and Nvidia.
The best cybersecurity stocks to own are changing amid a shift to remote work and cloud security. Now ransomware attacks are impacting budgets.
While some growth stocks have disappointed investors so far in this earnings season, Microsoft (NASDAQ: MSFT) hasn't. The software giant recently announced head-turning growth, especially in its cloud services division as enterprises continued to spend aggressively on their digital transformations. Investors loved what they saw in Microsoft's earnings update, which showed that earnings shot higher by nearly 20% to $17 billion in the first quarter.
Warren Buffett is one of the most wealthy and successful businessmen in the world, but still lives frugally in many aspects of his life. See how he does here.
Singers deliver "Sweet Child O' Mine" and "Paradise City" during Saturday headlining set
“I’m sorry that she couldn’t hang on until today,” a sobbing Ashley Judd said at the ceremony a day after her mom's death.
The outlook for CSCO stock depends on spending trends for cloud computing infrastructure as well as corporate and telecom networks amid the shift to remote work.
Elizabeth Hurley showed fans a sneak peek of some scenes from 'The Royals', including a few snaps of her ultra toned body. The actress is big into gardening.
The pop star posted from Las Vegas, where she's performing her latest Jazz & Piano residency.
Prince William and Kate Middleton are moving to Adelaide Cottage in Windsor—get all the details on why they're leaving Anmer Hall.
The tech giant's dominance over the mobile payments system could be restricting competition in the area, the EU says in a statement.
Johnny Depp’s agent testified on Monday that Depp was to receive $22.5 million to star in the sixth “Pirates of the Caribbean” film, but Disney decided to go “in a different direction” after Amber Heard published an op-ed reviving her domestic abuse allegations. Jack Whigham, who represented Depp at Creative Artists Agency and later at […]
Upon looking into Apple Inc.'s mobile-wallet practices, European regulators notified the smartphone giant of their initial view that the company harmed competition with its Apple Pay policies.

source