According to the well-known researcher in decentralized finance (DeFi) Zachxbt, 31 non-fungible projects (NFT) may be at risk due to “suspicious code.” In a long line of tweets posted on Tuesday, a DeFi investigator first raised the issue of the Thestarlab NFT project, which was allegedly hacked into 197,175 ether (ETH) worth $ 580,325 at press time. Zachxbt cites other blockchain researcher MouseDev who comes to the following conclusion after examining the Thestarlab code:
“The smart contract [for this project] can never be awarded or really transferred – just an additional owner. The original publisher will always be considered the owner. This means that if they still have the publisher’s private key, they can pay out even if the title is the owner. ” Empty”.
MouseDev claimed that when the developers of the project published their contract, they retained the two variables as owners. “Then they later changed one of them to a blank header to make it look like they gave up, but left the other variable unchanged,” said MouseDev.
Based on this information, Zachxbt claimed to have discovered 31 NFT projects, each of which contracted the same Fiverr developer to publish the alleged smart contract. In addition, the DeFi researcher made the following observations:
«Please do your due diligence. Always review the contract in advance, especially if it is outsourced. Fortunately, several projects have since been able to reschedule contracts and come into conflict with the Fiver developers. After an internal check, someone else found red flags. “