tl;dr
NFT projects linked to Pepe meme creator Matt Furie and NFT studio ChainSaw lost about $1 million due to contract takeover exploits. An attacker seized control of multiple contracts, withdrew funds, reopened mints, issued new NFTs, and dumped them, driving prices to zero. On-chain investigator ZachX...
Several NFT projects tied to Pepe meme creator Matt Furie and the NFT studio ChainSaw suffered substantial financial losses amounting to approximately $1 million due to contract hijacking exploits. An attacker gained control over multiple smart contracts, withdrew available funds, reopened minting processes, issued new NFTs, and rapidly dumped them into the market, causing floor prices to collapse to zero. This exploit caused a significant disruption to the affected collections’ market values.
On-chain investigator ZachXBT traced the stolen funds through a complex trail involving several wallets linked to suspected North Korean IT workers. The attacker demonstrated sophisticated tactics by transferring ownership of contracts at odd hours and moving assets through various exchanges, notably consolidating stolen assets at the MEXC exchange. Multiple GitHub accounts associated with the attacker shared identifiers such as Korean language settings and VPN usage tied to the Asia-Russia time zone, despite claims of US residency.
In a related incident, freelance services token project Favrr lost over $680,000 from a similar exploit following its decentralized exchange (DEX) listing. The stolen funds were transferred through wallets linked to the same malicious cluster identified in the ChainSaw exploit. Favrr responded by announcing plans to refund decentralized offering participants, cancel future listings on MEXC, and conduct a comprehensive audit of its codebase. Notably, Favrr’s chief technology officer deleted his LinkedIn profile soon after the attack, raising concerns about due diligence and the risks of shadow hiring practices within crypto development teams.
Investigators continue to monitor the movement of stolen assets, with much of the Favrr proceeds already routed through the Gate.io exchange and other nested services. Communication channels with the affected projects remain closed, and official community groups lack direct contact options, leaving affected investors awaiting formal responses. These incidents spotlight ongoing security vulnerabilities in crypto project development, payroll procedures, and the potential dangers of outsourcing work to unverified freelance developers.
The convergence of these exploits underscores a critical issue within the cryptocurrency and NFT ecosystem: the importance of rigorous vetting in hiring practices and contract security. As the investigations progress, the broader community remains attentive to formal statements and potential regulatory or procedural changes aimed at safeguarding digital asset projects from similar future breaches.