The vulnerability was exploited when an unauthorized user obtained the private key.
The team reported that the smart contract had been changed after the event.
Several Meta-morphic Seven Treasures Collection NFTs were taken from LiveArtX, a platform for non-fungible tokens (NFTs), early on Monday.
After gaining access to the platform’s treasury wallet, the exploiter moved 197 NFTs to an address, where they could be sold at prices well below their original listing prices and so breach the collection’s floor price.
The collection’s initial price of 1 ether (ETH), or around $1,300, has dropped to 0.1 ETH, or $130. According to LiveArtX, the stolen NFTs have been frozen and the company is investigating to find out who is responsible for the theft.
Not Enough Precautions Taken
According to LiveArtX, the vulnerability was exploited when an unauthorized user obtained the private key for the Seven Treasures collections and used it to sell all of the NFTs. In blockchain technology, a private key is a secret number used like a password that enables access to, transfer of, and modification of data or tokens associated with that private key.
Members of the team reported that the smart contract had been changed after the event, rendering the hacked private key invalid and making it impossible to trade the NFTs presently listed on OpenSea. LiveArtX said on Discord that it had not taken enough precautions against the assault.
Team member stated:
“We did not separate the operation wallet from the Treasury wallet. We failed to implement a multi-sig mechanism for the Treasury wallet. The private key was passed on to more than one team member.”
Notable crypto investors including Animoca Brands, BNB Chain Fund, and KuCoin, Alameda Ventures contributed $4.5 million to the platform earlier this year.