An exploit in non-fungible token (NFT) platform Meebits, created by the developers of “OG” collectibles CryptoPunks, allowed one user to cheat the system and get an ultra-rare NFT—which he immediately sold for 200 Ethereum (around $765,000 currently).
Recently, CryptoPunks have become the “hottest stuff” amid the ongoing NFT craze, outselling even such giants as NBA Top Shots. For example, legendary auction house Christie’s will put $9 million worth of CryptoPunks on sale next week.
To capitalize on this success, CryptoPunks’ developer Larva Labs launched a new NFT project, dubbed Meebits, earlier this week. These collectibles work mostly the same way, except that instead of randomly generated pixelated images of “punks,” each Meebit is represented as a blocky 3D model à la Minecraft.
Buy one, get one free
As a “loyalty” gesture, Larva Labs awarded all existing CryptoPunks’ owners a certain number of tries to mint Meebits on a one-to-one basis. At the same time, the rarity of freshly-minted Meebits was supposed to be random, akin to so-called “lootboxes” so popular among game developers today.
However, some users quickly discovered a way to cheat the system by “rerolling” their Meebits. This was possible because the project’s smart contract included an archived file that contained characteristics of each token’s ID. With this knowledge, tech-savvy users could simply cancel the creation of “low-quality” Meebits until they got a really rare NFT.
— Sillytuna 💯 (@sillytuna) May 8, 2021
One such user, nicknamed “0xNietzsche,” decided to take full advantage of the exploit, boasting on Twitter that he should be able to earn “300,000 per hour” via such an attack—and ultimately was victorious.
According to Etherscan, 0xNietzsche initiated more than 300 transactions in his bid to mint an expensive Meebit, most of which were canceled. In the end, he managed to mint an ultra-rare “visitor” quality Meebit and almost immediately put it on sale for 300 Ethereum ($1.15 million) on NFT marketplace OpenSea, but then reduced the price to 200 ETH.
Pranksy, well-known crypto and NFT whale, then quickly bought the Meebit, potentially not even knowing about the exploit.
Step 1) Get tagged in @larvalabs @discord.
Step 2) See Visitor #Meebit for 200 ETH ($700K) on @opensea.
Step 3) Buy #Meebit
Step 4) Hear about mint exploit, exploit closed by @larvalabs.
Step 5) Have and hold Visitor #Meebit #16647
https://t.co/MlBqZc5Mxq#NFTs #AlwaysLiquid pic.twitter.com/vxHMqj13SE
— Pranksy 📦 (@pranksyNFT) May 8, 2021
Meanwhile, 0xNietzsche’s profits might’ve been not as impressive as he’d hoped for. By his own admission, the operation has cost roughly $20,000 an hour in transaction fees. Additionally, he also had to buy more CryptoPunks that still had unredeemed Meebits. Ultimately, the user earned “50 ETH and 5 floor punks,” he said in a now-deleted tweet.
When the exploit became public, Larva Labs has suspended minting and trading on Meebits’ marketplace.
“We have temporarily paused community minting and trading in the Meebits contract. The contract is safe, all Meebits are safe, and trading is working just fine,” the developers announced in their Discord channel.
— Sillytuna 💯 (@sillytuna) May 8, 2021
To allow other users to mint their Meebits while preventing the exploitation, Larva Labs will provide them with “a form where you can use your wallet to sign a message that proves ownership of your punks/glyphs, and we’ll mint the Meebits for you using the ‘devMint’ function.”
Meanwhile, Pranksy has already put the “visitor” Meebit on sale for 369.69 ETH ($1.4 million), aiming to double his initial investment, apparently. That is, of course, if someone would want to pay nearlt one and a half million dollars for an “exploited” NFT.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
Like what you see? Subscribe for updates.