Popular NFT launch on Ethereum loses $34 million in faulty smart contract
NFT project Aku Dreams’ much-hyped NFT launch landed $34 million worth of Ethereum inaccessible forever due to a faulty smart contract
By Shashank Bhardwaj
Image: VIA Akutars
The much-anticipated NFT launch of the Aku Dreams collection was abruptly halted due to some apparent flaws in the project’s code. The launch hit a snag after a bug in the smart contract caused $34 million worth of Ether tokens to be locked forever. The tokens will be inaccessible to the creators as well as buyers. The creators won’t be able to withdraw funds, and the buyers won’t get their promised 0.5 ETH refunds.
Aku Dreams is a 3D avatar NFT collection based on the original character Aku by Micah Johnson, the Major League Baseball player. The character Aku is a young black boy who dreams of becoming an astronaut. The collection was inspired by a question posed by Johnson’s nephew.
The project boasts of over 15,000 Ethereum avatars with randomised traits. The owners of earlier Aku NFTs were to be granted a free avatar for each NFT they held. The remaining 5,500 avatar NFTs were launched via a Dutch Auction at the initial price of 3.5 Ether ($10,350 approx.). The Friday launch had prices subsequently decreasing as the auction progressed further.
The Aku developers had been informed by a Twitter user of a possible flaw in the smart contract. The claim was snubbed as ‘wrong’, and the developers assured the community of failsafes deployed to prevent such issues. However, the suspected exploit was triggered by a person with the username USER221, which led to Ethereum withdrawals and refunds halting midway, and the smart contract disallowing any further transactions.
The exploiter claimed they had no intention of actually exploiting the code and urged the developers to ‘please do bug bounty on your contracts or have them audited at least’. They attached a note on the Ethereum transaction that said they would effectively unlock the project. They wrote, “Well, this was fun, had no intention of actually exploiting this lol. Otherwise, I wouldn’t have used Coinbase. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.”
The project encountered another snag after a separate bug in the smart contract code came up. The bug caused the code to fail to account for multiple NFT mints occurring within the same transaction. The ultimate consequence was that 11,539 ETH worth $34 million had been locked within the automated smart contract since Friday.
Later on, Aku’s developer team posted on Twitter, “The exploit in the contract was not done out of malice; the person intended to bring attention to best practices for highly visible projects & novel mechanics. They unblocked the exploit quickly after we dug in and took ownership”. Micah Johnson wrote an apology on Twitter, owning up to his mistake of not acknowledging the earlier warning from the developers about the flawed code.
Shashank is the founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash