It appears that 31 NFT projects are at serious risk due to one single dev that all the projects hired through Fiverr for their smart contracts. zachxbt, a Twitter user known for his well-researched blockchain analysis, explained what went wrong in a thread yesterday.
An apparent hack of “The Starslab” leads to a discovery about one NFT dev from Fiverr
Firstly, it seems that this all started from a hack of the NFT project “The Starslab”. In essence, the team announced that they had been hacked, and had lost 197 ETH from their mint proceeds as a result. However, some smart contract analysis from Twitter user @_MouseDev suggested that something else might have been at play.
To sum up, The Starslab team made the following announcement in their Discord:
“Early this morning, our company’s internal servers were compromised. The hacker gained access to our wallet address and renounced ownership of the contract. This function essentially gives up ownership of the contract. Thus changing the minting contract’s owner to a null address…”
In contrast, MouseDev found that while a null address was added, the original deployer of the contract could not be removed as The Starslab had suggested happened.
This is where zachxbt comes in. The on-chain sleuth looked into what all these unusual smart contract parameters could point to. That’s when he learned that there were at least 31 other NFT projects that hired the same dev as The Starslab did to deploy the smart contracts for their NFTs. What’s more, zachxbt was able to find the dev in question on the platform Fiverr.
The situation for the 31 NFT projects is unclear as of yet
For those who don’t know, Fiverr is a platform for finding freelance workers for contract jobs. As it happens, freelancers on Fiverr have profited massively in recent months due to a huge surge in demand for Web3-related services. Of course, this includes smart contract developers, commonly referred to in the NFT space as devs.
All of the NFT smart contracts that this particular Fiverr dev worked on deployed in the last three months. Not only that, but the dev received between $2,000 and $4,000 for each one. Significantly every single one of those smart contracts has the same strange code that was in The Starslab’s smart contract.
zachxbt was able to contact one-third of the 31 other NFT projects and warn them, though not all of them replied. On the other hand, the other two-thirds of those NFT projects have not yet launched and didn’t have any social media presence. Unfortunately, the projects that responded to zachxbt revealed that they had not read over their smart contract prior to launch, or were led by non-tech-savvy teams.
zachxbt refrains from assigning blame until a transfer of the “hacked” funds
At present, the dev in question still has their profile up on Fiverr. Not to mention that they are still offering to “build NFT Marketplace Smart Contract and Website” for a $4,000 fee.
To make things more interesting, the 197 ETH that The Starslab team says it lost is still sitting in the contract. That is to say, the Fiverr dev hasn’t withdrawn the funds and neither has anyone else.
In conclusion, neither zachxbt nor MouseDev used their analysis to make accusations toward The Starslab team or the Fiverr dev. In part, this is because the funds still haven’t moved. But as zacxhbt says at the end of the analysis thread,
“I am interested to see where the ETH ends up moving to. Hopefully that will clarify things further to determine whether the dev is 100% responsible. Regardless the code there doesn’t lie.”
Are you tired of missing important NFT drops?
Just check out our NFT Calendar !
We summarize the biggest news of the day :
All investment/financial opinions expressed by NFTevening.com are not recommendations.
This article is educational material.
As always, make your own research prior to making any kind of investment.
Comments (No)