Rug Pull Finder (RPF), a nonfungible token (NFT) watchdog focused on detecting Web3-based fraud, has fallen victim to its smart contract exploit.
According to the NFT investigator’s tweet on Friday, two people took advantage of a technical flaw in the project during the free mint stage, stealing 450 NFTs out of a total of 1,221 that were supposed to be limited to one per wallet.
Rug Pull Finder managed to negotiate with the exploiters
According to RPF, their smart contract contained a flaw that allowed the code to be exploited, allowing bandits to allocate more NFTs than permitted. The RPF team moved quickly to correct the situation, offering one of the people involved a bounty of 2.5 Ether (ETH), worth $3,944.68 at the time of writing, to recover 330 of the NFTs, which was accepted.
The exploiters “did negotiate in good faith and allow us to come to a reasonable solution with them,” according to the crypto investigators.
The Bad Guys free mint featured artworks of NFT “scammers accidentally let loose on the blockchain.” The collection serves as a whitelist or presale for members before the upcoming 10,000 NFT collection, which will be released this fall. Having a Bad Guy NFT grants you access to the mint, the RPF main drop, and other upcoming projects.
Warnings were ignored.
The watchdog group admitted that the exploit occurred because they ignored warnings about the flaw sent by an unknown source 30 minutes before the mint went live.
“We did not believe the credibility of the information sent to us after reviewing it with three different dev teams… We were clearly wrong, and we sincerely apologize,” RPF said.
The NFT investigator stated that Doxxed Media, a digital blockchain creative agency, handled all of the art and contract work and admitted that it “did not have our team audit it, or an independent 3rd party.”
The irony of the exploit was not lost on the crypto community, with some praising the NFT investigator for admitting its mistake and others questioning how a company specializing in detecting smart contract vulnerabilities failed to conduct proper checks on its project.
RPF has gotten their NFT project back on track after a rocky start.