The Aku Dreams NFT project may have lost nearly $34 million worth of Ethereum (ETH), after the same got locked permanently following a recent attack.
Faulty Code Disrupts Aku Dreams NFT Recent Launch
Just recently, Aku Dreams introduced the minting of its newest collection — Akutars. However, users soon noticed some issues with the launch even before the lost $34 million came to public knowledge. But the developers also acknowledged the issue, and promised to give refunds to affected users, although, that may not happen anymore.
Initially, the exploiter(s) had attacked Aku Dreams project in hopes of exposing vulnerabilities within the project. The exploiter set out to block refunds to users who had bid for certain NFTs in the project. But despite being quickly reversed, the attack already left a damaging effect by ensuring that about $34 million worth of ETH will be locked in the contract forever. That is, the funds will be totally inaccessible to anyone, including Aku Dreams developers.
What Exactly Happened
Meanwhile, blockchain security firm BlockSec has come forward with what it thought were the two key vulnerabilities in the contract of Aku Dreams. In its analysis, BlockSec says the first issue stems from a faulty code in processing refunds. However, the analytics firm confirms that, so far, that has not been exploited.
Secondly, BlockSec also mentions a software bug, which naturally should allow the project owner to claim funds that end up locked in the contract.
Now, per the analytics firm, the contract is supposed to be able to process all refund claims. And after that, allow the developer to withdraw funds. However, as a result of this faulty code, the contract now believes that total refund bids are higher than the fund locked into the contract. Therefore, the contract has suspended withdrawals indefinitely.
Meanwhile, social media users have expressed their displeasure, criticizing how a project like Aku Dreams could have faulty contracts. This week, BinBits also reported a similar occurrence with a recent NBA’s Association NFT mint.
So far, several developers have been offering a helping hand to help retrieve the lost funds. However, it remains to be seen, how that will be possible, if it can be possible. What is certain however, is that the smart contract covering the funds is one that cannot be updated. Therefore, the funds will remain locked, at least for the foreseeable future.