Rug Pull Finder tweets: “We messed up. We messed up big. Our contract had a flaw that allowed 2 people to scoop up over 450 NFTs.”
Rug Pull Finder had its NFT launch compromised when scammers exploited a flaw in the collection’s smart contract to mint 450 NFTs to their wallets.
NFT watchdog group Rug Pull Finder planned to release 1221 free-to-mint NFTs under the name “Bad Guys,” featuring a group of baddies who try to steal NFTs.
On September 2, the team received a message about an exploit in the NFTs’ contracts thirty minutes before the public mint went live. Rug Pull Finder, however, chose to ignore it after discussing it with three developer groups and pushed the mint to go live.
Two scammers took advantage of the exploit to escape with 450 NFTs minted to their wallets. Further probes into the Bad Guys smart contract revealed that it was not audited before the NFTs went live. Moreover, the contract’s mint function lacked key security checks and gas optimizations.
The group has been transparent with the developments and apologized to the community for the technical error, citing,
“We are extremely disappointed, upset, angry, every emotion there is.“
Rug Pull Finder has agreed to pay 2.5 ETH to the wallet holders who took advantage of the exploit and revealed its plans to redistribute 330 of the 400 NFTs among the community through raffles.
The community members took to Twitter to express their disappointment with Rug Pull Finder, with many mocking the group’s inability to properly audit the contract despite proclaiming themselves as security experts.
Moreover, some users found it weird that Rug Pull Finder was willing to pay 2.5 ETH from their own liquidity to get back the scammed NFTs despite the group’s earlier comments about how buying one’s tokens was an act of “price manipulation.”