Popular NFT launch on Ethereum loses $34 million in faulty smart contract

Due to obvious faults in the project’s coding, the much-anticipated NFT launch of the Aku Dreams collection was abruptly halted. A problem in the smart contract led $34 million worth of Ether tokens to be locked indefinitely, delaying the launch. Both makers and buyers will be unable to access the tokens. The authors will be unable to withdraw payments, and the customers will not receive the 0.5 ETH reimbursements that were promised.

Aku Dreams is a 3D avatar NFT collection based on Micah Johnson’s original character Aku from Major League Baseball. Aku is a young black child with aspirations of becoming an astronaut. Johnson’s nephew raised a query that sparked the collection.

Over 15,000 Ethereum avatars with randomized features are part of the project. Owners of previous Aku NFTs were supposed to get a free avatar for each NFT they owned. The remaining 5,500 avatar NFTs were sold through a Dutch Auction for 3.5 Ether ($10,350 approx.) each. Following the Friday opening, prices began to fall as the auction progressed.

A Twitter user had alerted the Aku developers to a potential weakness in the smart contract. The assertion was dismissed as “false,” and the developers informed the community that failsafes had been implemented to avoid such problems. However, a user with the identity USER221 triggered the alleged attack, causing Ethereum withdrawals and refunds to be halted in the middle and the smart contract to be disabled.

The exploiter stated that they had no intention of exploiting the code and advised the developers to ‘please do bug bounty on your contracts or at the very least get them audited’. They included a remark to the Ethereum transaction stating that the project will be effectively unlocked.

After a different problem in the smart contract code surfaced, the project hit another snag. Because of the problem, the code failed to account for numerous NFT mints in the single transaction. The end result was that the automated smart contract had been locked with 11,539 ETH worth $34 million since Friday.

“The exploit in the contract was not done out of malice; the person intended to bring attention to best practices for highly visible projects & novel mechanics,” Aku’s developer team later said on Twitter. They swiftly unblocked the exploit once we dug in and gained control. Micah Johnson issued an apology on Twitter, admitting that he made a mistake by failing to acknowledge the developers’ earlier warning about the faulty code.