- Home
- /NFT Marketplace Quixotic Confirms $100k Exploit via Offering Feature Breach
NFT Marketplace Quixotic Confirms $100k Exploit via Offering Feature Breach
Quixotic, a non-fungible token (NFT) marketplace built on layer-2 scaling solution Optimism, on Friday confirmed an exploit that resulted in the loss of $100,000 worth of ERC-20 tokens. The attacker tampered with a recently updated smart contract on Quixotic, thereby utilizing the Offer feature on the marketplace, which enables a buyer to propose an amount ... Read more
Author by
Nwani Mishael
Quixotic, a non-fungible token (NFT) marketplace built on layer-2 scaling solution Optimism, on Friday confirmed an exploit that resulted in the loss of $100,000 worth of ERC-20 tokens.
The attacker tampered with a recently updated smart contract on Quixotic, thereby utilizing the Offer feature on the marketplace, which enables a buyer to propose an amount to buy an asset from the seller, to conduct the exploit.
Users were urged to safeguard their funds and assets from the impact of the attack by revoking their access to the project’s smart contract using the URL: revoke.cash
The exploit was discovered and acted upon only after a member of the Quixotic community made a complaint that his funds had been wiped and he also did not receive a non-fungible token (NFT) he sought to purchase.
Quixotic Promises to Refund Users
While all transactions on the marketplace have been halted, the project team noted that it will refund the stolen tokens of users affected by the exploit in “the coming days.” It added that no NFT in the marketplace was stolen and only ERC-20 tokens were affected by the hack.
4. No further action is required. The exploited contract has been permanently paused, and refunds will be sent out automatically over the coming days.
— Quixotic ????✨ – Optimism NFT Marketplace (@quixotic_io) July 1, 2022
Optimism Recent Fund Fumble
Optimism, the Ethereum layer-2 scaling solution that houses Quixotic, recorded an exploit that resulted in the loss of $16 million worth of funds. While the fault came from crypto market maker Wintermute, the bad actor got to the assets first and withdrew them to a separate account.
Currently, however, the hacker has returned over 90% of the funds to the custody of Optimism. The remaining $2 million with the hacker is now considered a bounty by the Optimism team.
Hackers Target DeFi and NFT Projects
DeFi and NFT projects are increasingly becoming targets for hackers. Earlier this year, the popular NFT marketplace OpenSea suffered multiple phishing attacks that led to the theft of assets worth millions.
Last month, blockchain network Harmony Protocol reported a $100 million loss in an exploit. A week later, the hackers moved $22 million from the stolen fund to Tornado Cash.
