Legendary NFT developers Larva Labs were the victims of an exploit this morning, as an attacker found a way to mint a rare NFT worth over $700,000 from the “Meebits” collection.
The attacker, 0xNietzsche, teased the exploit on Twitter this morning, saying he anticipated making “$300,000 per hour” throughout the duration of the attack. He has since deleted the Tweets, saying that they came off as “douchey.”
His attack essentially centered on “rerolling” his Meebit mints until the contract gave him one he wanted. The Meebits contract includes a zipped Interplanetary File System file, one which reveals the characteristics of each Meebit’s ID. The IDs of the remaining Meebits are public knowledge, but until knowledge of the IPFS leak spread, their characteristics were not. As a result, 0xNietzsche simply needed to make a list of desirable IDs, and design a contract that minted Meebits over and over, but cancelled the transaction if he didn’t get a favorable ID.
An Etherscan address shows 345 total transactions, hundreds of which are failed “rolls” to obtain desirable Meebits. The only successful roll appears to be for Meebit 16647, a “visitor” or alien. 16647 was bought by the collector-whale Pranksy for 200 ETH. Per Opensea, the next lowest-price Visitor Meebit is listed for 300 ETH.
Step 1) Get tagged in @larvalabs @discord.
Step 2) See Visitor #Meebit for 200 ETH ($700K) on @opensea.
Step 3) Buy #Meebit
Step 4) Hear about mint exploit, exploit closed by @larvalabs.
Step 5) Have and hold Visitor #Meebit #16647
https://t.co/MlBqZc5Mxq#NFTs #AlwaysLiquid pic.twitter.com/vxHMqj13SE
— Pranksy 📦 (@pranksy) May 8, 2021
In a pinned post in their Discord, Larva Labs announced that they have since shut down the marketplace.
“We have temporarily paused community minting and trading in the Meebits contract. The contract is safe, all Meebits are safe, and trading is working just fine,” the announcement reads in part.
While the Meebits minting period was scheduled to conclude on Monday, some CryptoPunk and Authglyphs owners (each of whom are entitled to a Meebit on a one-to-one basis) may not have redeemed theirs yet. As a result, the Larva Labs team plans to “provide a form where you can use your wallet to sign a message that proves ownership of your punks/glyphs, and we’ll mint the Meebits for you using the ‘devMint’ function,” allowing users to continue to mint through the weekend while preventing others from utilizing the exploit.
By 0xNietzsche’s own estimations, his exploit could have been far more successful. Per posts in the Discord, given the length of the attack before the market shutdown he felt he “should’ve gotten two meebs in that time.” He also noted that his contract cost “~$20k an hour in gas fees” and that he had to purchase punks with unredeemed Meebits in order for the exploit to work, meaning his total haul was reduced due to associated costs:
In a now-deleted Tweet, he said he raked in “50 ETH and 5 floor punks” from the exploit.
An anonymous source told Cointelegraph that other NFT collectors were aware of the attack vector, but did not choose to exploit it as they felt it would be “unethical.” Tweets from yesterday indicate that others were indeed aware of the IPFS leak and had identified the rarest remaining Meebit, 10761, a “dissected,” which was among 0xNietzsche’s targets.
One more Dissected Meebit is "missing", out there to be minted still.
— Pixls (@pixls_dot_eth) May 7, 2021
The community is currently publicly debating what this will mean for prices across the Meebits and wider Larva Labs space. Many believe that the exploit could, paradoxically, increase floor prices for the projects due to “narrative.”
Historical significance can play a major role in the price of NFTs. Earlier this year, digital archeologists uncovered “Mooncats,” thought by many to be the second-ever NFT project, leading to a temporary buying frenzy. 0xNietzsche himself is a Mooncats enthusiast.