- Hackers have infiltrated an Ethscriptions smart contract causing over 120 individuals to lose slightly above 200 Ethscriptions
- The project’s co-founder Tom Lehman has taken responsibility for the misfortune but said the exploit wasn’t a vulnerability in the whole protocol
- The Ethscriptions hack comes roughly a month after the project was launched last month
Hackers have infiltrated an Ethscriptions smart contract causing more than 120 individuals to lose over 200 Ethscriptions. The project’s co-founder Tom Lehman has taken responsibility for the misfortune but said that the hackers weren’t able to compromise the entire protocol. The hack comes roughly a month since the project went live and adds to the continued exploitation of smart contracts across the Web3 space.
Ethscriptions Ain’t Easy
According to Lehman, the main protocol is intact with the malicious actor getting hold of a good number of Ethereum-based inscriptions listed on the Ethscriptions marketplace. In a tweet late last week, he said that roughly 202 Ethscriptions were stolen from the platform.
https://t.co/ZcR9HKlexS Marketplace Security Incident
Our contract had an exploit where someone could withdraw ethscriptions sent to the marketplace without paying.
We patched the contract at 5:20am ET, but please withdraw your ethscriptions.
If you have NOT sent ethscriptions…
— Middlemarch (@dumbnamenumbers) July 12, 2023
Lehman explained that the hacker gained access by taking advantage of a deficiency in the Ethscription smart contract to keep track of Ethscription owners, something that enabled the exploiter to withdraw assets they didn’t own. The executive attributed the challenge to difficulty in “making smart contracts work with Ethscriptions.”
https://t.co/ZcR9HKlexS Marketplace Security Incident Update
In this Tweet I’m going to walk you through how the exploit happened and what we are doing about it.
First, to be clear, this was not a vulnerability in the Ethscriptions Protocol. This was a vulnerability in one… pic.twitter.com/i5Q0W2PRMQ
— Middlemarch (@dumbnamenumbers) July 12, 2023
The Ethscription co-founder disclosed that they’ll relaunch the marketplace once it’s safe for users. The marketplace currently encourages users to withdraw their assets from the marketplace and stop creating new listings.
Close to 500,000 in a Month
According to blockchain data analytics platform Dune, there are 476,437 total Ethscriptions held by 22,344 users as of the time of writing. The protocol’s working principle is similar to that of the Bitcoin Ordinals project that’s associated with Bitcoin NFTs.
The Ethscriptions protocol joins other web3 projects like Arcadia Finance and Poly Network which are among the latest to suffer losses due to a smart contract exploit.
With smart contracts holding user assets worth millions or billions of dollars, they’ll remain a lucrative target for hackers.
