$34 Million ‘AkuDreams’ NFT Project Locked Permanently by Smart Contract Error

An error in a smart contract has led to NFT project AkuDreams locking up US$34 million worth of Ethereum. The project was hit by an exploit through its refundable Dutch auction on April 22 in which the hacker did not profit but managed to lock up the funds:

Cryptocurrency developer Foobar tweeted coding (see above) showing that “$34 million, or 11,539 ETH, is permanently locked into the AkuDreams contract … It cannot be retrieved by individual users or by the dev team.”

‘No Malice Intended’

The AkuDreams Twitter account confirmed the exploit and said: “We are locked down and consulting with some of the best on the next steps. We will mint your NFTs, and reveal them as soon as humanly possible. We will also be working to issue funds for those passholders who bid with the intention of securing a price .5 ETH below the final price.”

Refunds and Withdrawals Blocked

The auction opened at 3.5 ETH on the premise that the lowest bid would set the final price, and anyone who placed a higher bid would receive a refund. AkuDreams passholders were also promised a 0.5 ETH discount on each NFT they minted. But due to a bug in the contract, an exploiter was able to halt refunds and withdrawals from the contract, which meant that auction participants who bid above the final NFT price could not receive the ETH they were owed. As a result, refunds and withdrawals from the contract could not be passed.

AkuDreams acknowledged the issue in saying that the exploit “was not done out of malice” and that it was looking into the incident. The announcement that followed contained the admission, “To be clear, this is our fault.”

The project has promised to return funds to the community and later confirmed that the NFTs would be airdropped to bidders, and that it would honour refunds for the passholders who are owed a 0.5 ETH discount.

Exploits, Exploits, and More Exploits

The crypto space has of late been rife with exploits taking place in every sector. In October 2021, a bug in the DeFi protocol Compound saw its users mistakenly rewarded with US$80 million in COMP tokens. Qubit Finance earlier this year lost US$80 million after its protocol was hacked, making it one of the biggest exploits so far this year.