According to the well-known decentralized finance investigator (DeFi) Zachxbt, 31 non-fungible token projects (NFTs) may be at risk due to a “suspicious token.” In a long Twitter thread posted on Tuesday, a DeFi investigator first raised the issue of the Thestarlab NFT project, which was allegedly hacked for 197,175 Ether (ETH) worth $ 580,325 at the time of the press release. Zachxbt quotes one with blockchain researcher MouseDev that he came to the following conclusion after examining Thestarlab’s code:
“The smart contract [for this project] can not be awarded or transferred – only to another owner. The original publisher will always be considered the owner. This means that if they still have the publisher’s private key, they can receive the money even if the owner is Title Zero. »
MouseDev claimed that when the project developers published their contract, they retained the two variants as owners. “Then they later changed one of them to address zero to make it look like they gave up, but kept the other variable unchanged,” said MouseDev.
Based on this information, Zachxbt claimed to have discovered 31 NFT projects, all of which contracted with the same Fiverr developer to publish the alleged smart contract. In addition, the DeFi investigator made the following observations:
Please do your due diligence. Always review the contract in advance, especially if it is outsourced. Fortunately, several projects have since managed to reschedule contracts and stand up to developer Fiver. After an internal review, some others found red flags. “