{"id":245336,"date":"2021-05-08T17:46:08","date_gmt":"2021-05-08T14:46:08","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/85-million-meebits-nft-project-exploited-attacker-nabs-700000-collectible\/"},"modified":"2021-05-08T17:46:08","modified_gmt":"2021-05-08T14:46:08","slug":"85-million-meebits-nft-project-exploited-attacker-nabs-700000-collectible","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/85-million-meebits-nft-project-exploited-attacker-nabs-700000-collectible\/","title":{"rendered":"# $85 million \u2018Meebits\u2019 NFT project exploited; attacker nabs $700,000 collectible"},"content":{"rendered":"<p>&#8220;<strong># $85 million \u2018Meebits\u2019 NFT project exploited; attacker nabs $700,000 collectible  <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDUvNWJmZDU1MTItYWUwMy00YzIwLThjMzUtNTAxZWYxNWUxMDA4LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>Legendary NFT developers Larva Labs were the victims of an exploit this morning, as an attacker found a way to mint a rare NFT worth over $700,000 from the \u201cMeebits\u201d collection.\u00a0<\/p>\n<p>The attacker, 0xNietzsche, teased the exploit on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> this morning, saying he anticipated making \u201c$300,000 per hour\u201d throughout the duration of the attack. He has since deleted the Tweets, saying that they came off as \u201cdouchey.\u201d <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Definitely sent out some regrettable tweets in the last few hours. After coming down &amp; processing it all they do sound VERY douchey.<\/p>\n<p>\u2014 0xNietzsche (@0xNietzsche) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xNietzsche\/status\/1391036396702421003?ref_src=twsrc%5Etfw\">May 8, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>His attack essentially centered on \u201crerolling\u201d his Meebit mints until the contract gave him one he wanted. The Meebits contract includes a zipped Interplanetary File System file, one which reveals the characteristics of each Meebit\u2019s ID. The IDs of the remaining Meebits are public knowledge, but until knowledge of the IPFS leak spread, their characteristics were not. As a result, 0xNietzsche simply needed to make a list of desirable IDs, and design a contract that minted Meebits over and over, but cancelled the transaction if he didn\u2019t get a favorable ID.\u00a0<\/p>\n<p>An Etherscan <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/txs?a=0x270ff2308a29099744230de56e7b41c8ced46ffb&amp;p=7\">address<\/a> shows 345 total transactions, hundreds of which are failed \u201crolls\u201d to obtain desirable Meebits. The only successful <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xbd1205a3dd7ad45ed80d844acad7f4116b1ba083e503e421f13f2f31da847e55\">roll<\/a> <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to be for Meebit 16647, a \u201cvisitor\u201d or alien. 16647 was bought by the collector-whale Pranksy for 200 ETH. Per Opensea, the next lowest-price Visitor Meebit is listed for 300 ETH. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Step 1) Get tagged in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/larvalabs?ref_src=twsrc%5Etfw\">@larvalabs<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/discord?ref_src=twsrc%5Etfw\">@discord<\/a>.<br \/>Step 2) See Visitor <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Meebit?src=hash&amp;ref_src=twsrc%5Etfw\">#Meebit<\/a> for 200 ETH ($700K) on <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/opensea?ref_src=twsrc%5Etfw\">@opensea<\/a>.<br \/>Step 3) Buy <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Meebit?src=hash&amp;ref_src=twsrc%5Etfw\">#Meebit<\/a><br \/>Step 4) Hear about mint exploit, exploit closed by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/larvalabs?ref_src=twsrc%5Etfw\">@larvalabs<\/a>.<br \/>Step 5) Have and hold Visitor <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/Meebit?src=hash&amp;ref_src=twsrc%5Etfw\">#Meebit<\/a> #16647<br \/><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/MlBqZc5Mxq\">https:\/\/t.co\/MlBqZc5Mxq<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/NFTs?src=hash&amp;ref_src=twsrc%5Etfw\">#NFTs<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/AlwaysLiquid?src=hash&amp;ref_src=twsrc%5Etfw\">#AlwaysLiquid<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/vxHMqj13SE\">pic.twitter.com\/vxHMqj13SE<\/a><\/p>\n<p>\u2014 Pranksy  (@pranksyNFT) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/pranksyNFT\/status\/1391013205552635913?ref_src=twsrc%5Etfw\">May 8, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In a pinned post in their Discord, Larva Labs announced that they have since shut down the marketplace.<\/p>\n<p>\u201cWe have temporarily paused community minting and trading in the Meebits contract. The contract is safe, all Meebits are safe, and trading is working just fine,\u201d the announcement reads in part. <\/p>\n<p>While the Meebits minting period was scheduled to conclude on Monday, some CryptoPunk and Authglyphs owners (each of whom are entitled to a Meebit on a one-to-one basis) may not have redeemed theirs yet. As a result, the Larva Labs team plans to \u201cprovide a form where you can use your wallet to sign a message that proves ownership of your punks\/glyphs, and we\u2019ll mint the Meebits for you using the \u2018devMint\u2019 function,\u201d allowing users to continue to mint through the weekend while preventing others from utilizing the exploit. <\/p>\n<p>By 0xNietzsche\u2019s own estimations, his exploit could have been far more successful. Per posts in the Discord, given the length of the attack before the market shutdown he felt he \u201cshould&#8217;ve gotten two meebs in that time.\u201d He also noted that his contract cost \u201c~$20k an hour in gas fees\u201d and that he had to purchase punks with unredeemed Meebits in order for the exploit to work, meaning his total haul was reduced due to associated costs:<\/p>\n<p>In a now-deleted Tweet, he said he raked in \u201c50 ETH and 5 floor punks\u201d from the exploit. <\/p>\n<p>An anonymous source told Cointelegraph that other NFT collectors were aware of the attack vector, but did not choose to exploit it as they felt it would be \u201cunethical.\u201d Tweets from yesterday indicate that others were indeed aware of the IPFS leak and had identified the rarest remaining Meebit, 10761, a \u201cdissected,\u201d which was among\u00a00xNietzsche&#8217;s targets.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">One more Dissected Meebit is &#8220;missing&#8221;, out there to be minted still.<\/p>\n<p>It&#8217;s #10761. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/xgP2FJKhCw\">https:\/\/t.co\/xgP2FJKhCw<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/W0Vi5HIECS\">pic.twitter.com\/W0Vi5HIECS<\/a><\/p>\n<p>\u2014 Pixls (@pixls_dot_eth) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/pixls_dot_eth\/status\/1390703527987761154?ref_src=twsrc%5Etfw\">May 7, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The community is currently publicly debating what this will mean for prices across the Meebits and wider Larva Labs space. Many believe that the exploit could, paradoxically, increase floor prices for the projects due to \u201cnarrative.\u201d<\/p>\n<p>Historical significance can play a major role in the price of NFTs. Earlier this year, digital archeologists uncovered \u201cMooncats,\u201d thought by many to be the second-ever NFT project, leading to a temporary buying frenzy.\u00a00xNietzsche himself is a Mooncats enthusiast. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/85-million-meebits-nft-project-exploited-attacker-nabs-700-000-collectible\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# $85 million \u2018Meebits\u2019 NFT project exploited; attacker nabs $700,000 collectible &#8221; Legendary NFT developers Larva Labs were the victims of an exploit this morning, as an attacker found a way to mint a rare NFT worth over $700,000 from the \u201cMeebits\u201d collection.\u00a0 The attacker, 0xNietzsche, teased the exploit on Twitter this morning, saying he&#8230;<\/p>\n","protected":false},"author":1,"featured_media":245337,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDUvNWJmZDU1MTItYWUwMy00YzIwLThjMzUtNTAxZWYxNWUxMDA4LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[77892,74891,74882,95118],"class_list":["post-245336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-crypto-collectibles","tag-ethereum","tag-hacks","tag-nft"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/245336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=245336"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/245336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/245337"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=245336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=245336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=245336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}