- An attacker has exploited a Quixotic NFT smart contract to steal authorised ERC-20 tokens.
- The Ethereum Layer-2 Optimism-based NFT marketplace said no NFTs were affected.
- The company said all stolen ERC-20 tokens will be refunded to victims of the attack.
Quixotic has confirmed a smart contract on its NFT marketplace was exploited, allowing the attacker to steal ERC-20 tokens. The leading Layer-2 Optimism ecosystem-based NFT marketplace said no non-fungible tokens (NFTs) were affected in the attack. The company has also said all stolen ERC-20 tokens will be refunded to the victims of the attack.
Announcing the confirmation of the attack on Twitter, Quixotic wrote: “We can confirm that a recent update to our marketplace contract was exploited, allowing a hacker to steal approved ERC-20 tokens.”
Quixotic has guaranteed the full refund of the stolen tokens, writing: “No further action is required. The exploited contract has been permanently paused, and refunds will be sent out automatically over the coming days.”
The company was posting in response to earlier calls by NFT trader @apetimism, who discovered that the platform’s “Offer” feature may have been under attack.
Apetimism alerted Quixotic platform users on Twitter, posting: “Dear Apetics. We found that there might be some possibility that some breach might be happening on @quixotic_io
right now. Some attacker is attacking the “Offer” feature. Therefore we suggest you cancel all the offers immediately if you have one.”
Quixotic is a layer-2 scaling ecosystem that utilises Ethereum’s strong security protocols whilst enabling creators to launch massive projects whilst providing fast transactions at lower costs.
Whilst these L2 platforms confidently seem to rely on the strong Ethereum security firewalls, recently they have become the primary targets of hackers.
Sky Mavis’ ronin bridge which connects Eteherum to Axi Infinity was hacked for $625 million, while more recently Harmony bridge, was exploited for $100 million. The world’s leading NFT marketplace OpenSea, which is built on Ethereum has also witnessed its fair share of attacks.
This does not mean that Layer 2 platforms or marketplaces built on Ethereum are unsafe. The attacks could be necessitated by the fact more people still transact using Ethereum on most decentralised apps, which provides a bigger pool to target.
Apetimism, which has a collection listed on the Quixotic NFT marketplace said $100K worth had already been stolen.
Another user who sent 323.01 OP tokens to the attacker’s wallet on Thursday lost an equivalent of $177 as per the Optimism token price at the time of writing. Replying to Apetimism, Twitter user Androidmod179 wrote: “Sad. I lost my 320 OP last night after I sent to that wallet.”
Stay up to date: