{"id":58474,"date":"2022-03-03T11:53:46","date_gmt":"2022-03-03T09:53:46","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=58474"},"modified":"2025-09-04T16:59:22","modified_gmt":"2025-09-04T13:59:22","slug":"hacker-who-stole-more-than-100-nfts-from-treasure-begins-returning-assets","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-who-stole-more-than-100-nfts-from-treasure-begins-returning-assets\/","title":{"rendered":"Hacker Who Stole More Than 100 NFTs From Treasure Begins Returning Assets"},"content":{"rendered":"<p>An unknown attacker exploited the Treasure NFT marketplace vulnerability on the Arbitrum-based Layer 2 protocol to steal more than 100 assets listed for sale. Within a few hours, the hacker began returning the stolen items.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">1\/ The <a href=\"https:\/\/twitter.com\/Treasure_DAO?ref_src=twsrc%5Etfw\">@Treasure_DAO<\/a> was exploited in a series of txs (one hack tx: <a href=\"https:\/\/t.co\/rUTIGgWEth\">https:\/\/t.co\/rUTIGgWEth<\/a>), leading to 100+ NFTs stolen from several collections of Treasure Marketplace.<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1499250224455245825?ref_src=twsrc%5Etfw\">March 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The bug allowed buying NFTs for zero MAGIC tokens used on the marketplace. Co-founder of Treasure DAO John Patten <a href=\"https:\/\/twitter.com\/jpatten__\/status\/1499184767480512512?s=21\">confirmed<\/a> the hack and urged users to remove their assets from sale.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;The Treasure marketplace has been exploited. Please remove your items from the listing. We will compensate all losses \u2014 I will personally forgo all my <span data-descr=\"NFT of one of the platform's collections\" class=\"old_tooltip\">Smol<\/span> to fix this,&#8221; he wrote.<\/p>\n<\/blockquote>\n<p>The total amount of damage is unknown. A researcher going by the handle Jacob H. traced one of the hacker&#8217;s addresses, which in half an hour made 16 &#8220;purchases&#8221; for 0 MAGIC. The costs to acquire tokens from the Smol Brains and Legion collections amounted to less than $5 per transaction in gas fees.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">This wallet made 16 &#8220;purchases&#8221; in 30 minutes for 0 <a href=\"https:\/\/twitter.com\/search?q=%24MAGIC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$MAGIC<\/a>. They bought a lot of Smol Brains and a few Legion. Every purchase cost <$5 in gas and 0 <a href=\"https:\/\/twitter.com\/search?q=%24MAGIC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$MAGIC<\/a>. <a href=\"https:\/\/t.co\/gwvIfpi9A3\">https:\/\/t.co\/gwvIfpi9A3<\/a> <a href=\"https:\/\/t.co\/qNbrsvtMEK\">pic.twitter.com\/qNbrsvtMEK<\/a><\/p>\n<p>\u2014 Jacob H. (@lukenamop) <a href=\"https:\/\/twitter.com\/lukenamop\/status\/1499192909664501760?ref_src=twsrc%5Etfw\">March 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The estimated value of these assets totals around 426 511 MAGIC (~$1.44 million).<\/p>\n<p>Another address received 21 NFTs in the same manner.<\/p>\n<p>Experts advised users for security to remove their assets from listings on all NFT marketplaces on Arbitrum.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;We believe we have identified and fixed the root cause. It was a basic bug arising from a previous fix, which we should have detected earlier,&#8221; said the Treasure developers in <a href=\"https:\/\/discord.gg\/CzRPER6S5K\">Discord<\/a>.<\/p>\n<\/blockquote>\n<p>A few hours after the breach, from the hacker&#8217;s first wallet, identified as Jacob H., all 16 Smol Brain NFTs were sent to Treasure DAO&#8217;s address.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/YUH-7IwQkxseNXWy4dfrjbnVtjRST2dGjKVPVz3B_MONXrS766S0e8lVqcIuBPJy5aNLh8I7HWzwLHLVAPdqYQ6RFb0YAHR3BCySvNtG_NESf8eMVZQGlVhdPh_a7kt-HmoqknCq\" alt=\"Hacker who stole more than 100 NFTs from Treasure begins returning assets\"\/><figcaption>Data: <a href=\"https:\/\/arbiscan.io\/tokentxns-nft?a=0x4642d9d9a434134cb005222ea1422e1820508d7b\">Arbiscan<\/a>.<\/figcaption><\/figure>\n<p>The Treasure marketplace team confirmed that the attacker began returning the assets.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Once we have a complete list of remaining victims who did not receive their stolen NFTs back, we will present a range of options to ensure compensation. These options will be presented to the community and voted on by the DAO,&#8221; said Treasure.<\/p>\n<\/blockquote>\n<p>In response to the breach, MAGIC price slumped from around $3.8 to $2.23 (SushiSwap). At the time of writing, the token&#8217;s quotes had recovered and were trading in a sideways pattern near $3.4.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/szJpMV7RGwFy0wOruTv6iqA-SjD6JtzzO-6hFsCt_aruINXssdsuAAJQnUatbhI1ZvyT6jK4O_FiWKdB-JFOMMgiYU4Vomfwqj7CRg-giLSCfxnxBDsrHVIN7YV-L9Xgw-03-4Nf\" alt=\"Hacker who stole more than 100 NFTs from Treasure begins returning assets\"\/><figcaption>15-minute MAGIC\/WETH chart on SushiSwap. Data: <a href=\"https:\/\/dexscreener.com\/arbitrum\/0xb7e50106a5bd3cf21af210a755f9c8740890a8c9\">DEXScreener<\/a>.<\/figcaption><\/figure>\n<p>One user noted that the Treasure vulnerability resembled the <a href=\"https:\/\/u1f987.com\/en\/news\/opensea-vulnerability-nets-user-347-eth\">one previously identified in the OpenSea NFT platform code<\/a>.<\/p>\n<p>Earlier, the bug allowed buying <a href=\"https:\/\/u1f987.com\/en\/news\/opensea-reimbursed-users-affected-by-a-vulnerability-to-more-than-1-9-million\">high-priced tokens at discounted prices<\/a> on the largest marketplace in the segment.<\/p>\n<p>OpenSea&#8217;s team initiated migration to a new smart contract to fix the bug. However, during this process, users <a href=\"https:\/\/u1f987.com\/en\/news\/opensea-launches-investigation-into-user-nft-theft\">suffered further losses<\/a> of assets in a phishing attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown attacker exploited the Treasure NFT marketplace vulnerability on the Arbitrum-based Layer 2 protocol to steal more than 100 assets listed for sale. Within a few hours, the hacker began returning the stolen items.<\/p>\n","protected":false},"author":1,"featured_media":58475,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1213],"class_list":["post-58474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-nft"],"aioseo_notices":[],"amp_enabled":true,"views":"41","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/58474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=58474"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/58474\/revisions"}],"predecessor-version":[{"id":58476,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/58474\/revisions\/58476"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/58475"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=58474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=58474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=58474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}