Ethereum’s Akutar NFT project launch turns into a nightmare for its developers

A long-awaited launch event of Ethereum Akutars NFT project ends up with the permanent loss of $34 million worth of ETH due to a smart contract bug. The locked assets can be accessed neither by the development team nor the NFT buyers.

Akutars is a 3D NFT collection created by the former Major League Baseball player Micah Johnson. This collection consists of 15,000 unique Ethereum avatars featuring the digital character Aku. Before, Akutars offered an airdrop of free Akutars NFTs to all Aku community members who owned a piece of Aku-related NFTs. The remaining 5,495 pieces of the collection went live on Friday via a Dutch Auction format starting at 3.5 ETH dropping 0.1 ETH every 6 minutes.

Once the auction started, a Twitter user named Hasan warned of an issue with the smart contract, which has been later disproved. ”I spoke with their team, there are fail safes in place which I didn't see, apologies”, the Twitter post says.

However, one individual going by the name USWR221 triggered the suspected vulnerability, which apparently resulted in the suspension of both Ethereum withdrawals and payouts from the contract, according to a thread by Ethereum developer 0xInuarashi. The exploit was accompanied by a recommendation to the developers to deploy the smart contract’s bug bounty program and perform at least an audit.

Notably, this user had no intention of attacking the smart contract whatsoever. “Well, this was fun, had no intention of actually exploiting this lol. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.”

Akutars have immediately acknowledged the flaws in their code, suggesting this attack “was not done out of malice”, assuming that the person behind the attack wanted to bring the public’s attention“to best practices for highly visible projects.”

Later, the exploiter removed the restriction, and the project proceeded with the operation. However, another bug popped up as a result of defects in smart contracts’ code. According to xInuarashi’s thread, the smart contract algorithm failed to account for multiple NFT mints in the same transaction. More specifically, the smart contract required the numbers to line up properly in order to enable any type of withdrawal. As a result of the incident, 11,539 ETH worth about $34 million, were permanently frozen in the smart contract.

The project's founder and Micah Johnson have apologized to the community in the Twitter post, assuring that they will be issuing 0.5 Ethereum refunds to Akutar auction participants as well as airdropping the NFTs through a new separate smart contract.