The hacker who exploited a vulnerability in the NFT marketplace Treasure based on the second-level protocol Arbitrum to steal more than 100 NFTs has started to return the stolen goods.
As it has been reported, the vulnerability allowed buying NFTs for 0 MAGIC tokens, which are used on the platform. Treasure DAO co-founder John Patten confirmed the hack and urged users to remove assets from the sale. He said:
“The Treasure marketplace has been exploited. Please remove your items from the listing. We will refund all losses – I will personally give up all my Smols to fix this.”
The total amount of damage is unknown. A researcher traced one of the addresses of the hacker, who made 16 “purchases” for 0 MAGIC in half an hour. The cost to purchase tokens from the Smol Brains and Legion collections was less than $5 per transaction in gas fees.