Non-fungible token (NFT) platform LiveArtX saw several NFTs of its Meta-morphic: Seven Treasures Collection stolen early Monday.
The exploiter gained access to the platform's treasury wallet and transferred 197 NFTs to a wallet with the address "0x5f7848EC0286304DC5FE6497AF4B3C0FeaD6A920" and then started selling the NFTs at prices much lower than their previously listed values, breaking the floor price of the collection.
The price of the collection fell from 1 ether (ETH), or around $1,300, to 0.1 ether or $130. LiveArtX said that the stolen NFTs have been frozen and that it was working on identifying the attacker. The company also said in its Discord channel that it would reimburse buyers of the stolen NFTs.
LiveArtX said the exploit apparently occurred after an individual gained access to the private key of the Seven Treasures collections, after which they could sell all the NFTs. A private key is a secret number used in blockchain technology, similar to a password, that allows its holders to access, transfer and change information about the data or tokens of that private key.
Team members said the smart contract was updated following the incident, meaning the compromised private key is no longer valid and users will not be able to purchase or sell the currently-listed NFTs on OpenSea.
In a message on Discord, LiveArtX said it failed to put relevant measures in place to avoid the attack. "We did not separate the operation wallet from the Treasury wallet. We failed to implement a multi-sig mechanism for the Treasury wallet. The private key was passed on to more than one team member," team members said in the message.
Earlier this year, the platform had raised $4.5 million from notable crypto investors like Animoca Brands, BNB Chain Fund and KuCoin, Alameda Ventures. NFTs are digital assets on a blockchain that represent ownership of virtual or physical items.
The crypto world has been bombarded by a slew of exploits and hacks, the most recent being the decentralized exchange Mango, which drained $117 million worth of crypto. The exploiter later came out and defended the attack and returned $67 million. According to blockchain sleuth Chainalysis, October is already the worst month for crypto hacks so far.