The highly anticipated NFT project Akutars was marred by both an exploit and a bug on the weekend causing over 11,500 Ethereum (ETH) worth nearly $33 million to be locked forever within a smart contract, inaccessible even to the development team.
The exploit however, was conducted by someone trying to show a vulnerability in the project and not to steal funds via a hack.
The project went live on Friday April 22 with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price is above reserve.
The auction opened at 3.5 Ethereum with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an “Aku Mint Pass” were also given a 0.5 Ethereum discount on each minted NFT.
In a April 23 Twitter thread explaining the whopping $33 million bug, 0xInuarashi, a developer of multiple NFT projects explained Akutars' smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds.
The contract had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.
Unfortunately, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in Ethereum forever.
Cointelegraph contacted the Akutars team for comment but did not immediately hear back.
In a now deleted tweet posted by the Akutars that was shared by DeFi developer foobar, it said that developers reached out to them warning that their contract could be exploited but
Read more on cointelegraph.com