According to famed decentralized finance (DeFi) detective Zachxbt, 31 non-fungible token (NFT) projects may be at risk due to “suspicious code.” In a lengthy Twitter thread posted Tuesday, Detective raised for the first time the issue of the NFT project Thestarlab, which was allegedly compromised for 197,175 Ether (ETH), valued at $580,325 at the time of writing. Zachxbt quoted another blockchain researcher, MouseDev, who came to the following conclusion after reviewing Thestarlab’s code:
“The smart contract [de este proyecto] it can never really be relinquished or transferred, just an additional owner. The original deployer will always be considered the owner. This means that if they still have the private key of the deployer, they can take the money out, even though the owner is the null address.”
MouseDev he claimed that when the project developers deployed their contract, they stored two variables as owner. “Then they changed one of them to the null address to appear to give up but left another variable unchanged,” MouseDev said.
Based on this information, Zachxbt claimed to have discovered 31 NFT projects that hired the same Fiverr developer to deploy the allegedly troublesome smart contract. Additionally, the DeFi Project Detective made the following observations:
“Please do your due diligence. Always review the contract beforehand, especially if it’s an outsourcing. Luckily, since then a few projects were able to migrate the contracts and take on the Fiverr developer. After reviewing internally, a few they found other red flags as well.
1/ Recently a NFT project was
compromised rugging the team of
197 ETH. interestingly enough,
suspicious code lay within the
smart contract potentially putting
31 other NFT projects at risk. How
is this possible you ask? Well let’s
dive in. pic.twitter.com/NelTIkoNVm— zachxbt (@zachxbt) March 8, 2022
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.