Hackers have targeted AzukiDAO’s recent airdrop of tokens to holders of Azuki NFTs, which are based on an anime theme. according to a report by blockchain security firm BlockSec’s analytics tool MetaSleuth.
The attack occurred shortly after the unofficial establishment of AzukiDAO on Friday. Although the attackers only managed to steal $68,000, this incident highlights the vulnerability of airdrops to theft.
In this case, the attackers exploited a weakness in the smart contract of the DAO’s governance token called BEAN, which was being distributed as an airdrop to interested Azuki NFT holders.
Ownership of BEAN tokens grants individuals voting rights within the DAO. Each Azuki NFT owner had the opportunity to claim BEAN tokens worth approximately $390 to gain governance access.
The vulnerability arose from the smart contract’s failure to protect against replay attacks. It did not verify whether eligible claimants had previously interacted with the code to claim their allotted airdrop
“As a result, attackers were able to claim rewards multiple times using the same input variables, even if the reward had already been claimed,” explained a researcher from MetaSleuth.
The researcher further stated that they have identified two attackers who exploited this vulnerability. One of them profited $67,000 from the exploit. The AzukiDAO developers have halted the token claim contract, and the DAO is presently voting on how to handle the remaining unclaimed tokens.
AzukiDao's governance token contract (bean) @_AzukiDAO has been exploited due to a contract vulnerability. So far, two attackers were able to exploit the vulnerability and made a profit of 35 ETH.
Thanks to a community member for providing a source of information— MetaSleuth (@MetaSleuth) July 3, 2023
According to AzukiDAO founders, they are a passionate group of Azuki enthusiasts who believe in community-driven initiatives. They expressed their dissatisfaction with the project team’s actions, particularly those of the pseudonymous Azuki NFT founder, Zagabond.
Over the past weekend, DAO members voted to compel Zagabond to surrender the $38 million generated from the Elementals NFT minting last week. Additionally, they intend to hire legal assistance to handle a potential legal dispute with Zagabond for control over the Azuki brand.
The Elementals NFT minting has stirred significant controversy, with criticism directed at the project team for devaluing the Azuki collection. Some segments of the community also criticized the lack of originality in the artwork.
As per DefiLlama data, the floor price of Azuki NFTs, which represents the lowest listed price, has plummeted by 59% in the last seven days. This decline is part of a broader trend in the NFT market, with other prominent collections experiencing double-digit drops in the past week.
