Rug Pull Finder Service Is Exploited by Phishing Scammers
Rug Pull Finder, the company focusing on identifying and reporting fraud in the Web3 world, has found itself at the center of an NFT exploit. The latest Rug Pull Finder NFT project Bad Guys (in partnership with Doxxed Media) was exploited during the free mint stage due to a technical flaw. Two users managed to mint 450 NFTs instead of the allocated one per wallet. This caused significant issues, and now, a massive apology from the RPL team.
So, what happens next for the Web3 company that provides information on new projects, NFT safety, and blockchain education?
Rup Pull Finder’s new NFT project has technical issues
The news about Rug Pull Finder’s problems with their Bad Guys NFT project first came to light during the mint on Friday. One of the first to report on the situation was the on-chain analyst, @NFTherder, who works in Discord security and NFT audits.
NFTherder wrote, “RugPullFinder’s nft contract was abused to mint 400 NFTs instead of 1 per wallet. This is cause the mint function is missing the required checks. Security checks, gas optimizations also missing Not a hack or technically an exploit – contract allowed it but unethical still”.
The news spread quickly, and after a Twitter spaces by the Rug Pull Finder team, further information came to light. Of the 1221 free-to-mint Bad Guys NFTs, 450 (almost half) were minted by two different users.
How did this happen to the Rug Pull Finder NFT drop?
After discovering this exploit, the team moved quickly to rectify the situation. Surprisingly, the exploit was possible because the mint contract was missing vital security checks or had overlooked specific issues during any contract audits.
In another twist to the story, @Rugpullfinder shared the news that they received information about a possible exploit before the mint went live.
However, ultimately, they pushed ahead with the drop regardless. They said, “An exploit was shared with us 30 minutes before mint went live. After reviewing it with three different dev teams, we did not believe the credibility of the information sent to us… We were clearly wrong, and we are truly truly sorry.”
Fixing the issue
The Rug Pull Finder team has been transparent about the technical issues during the NFT mint on both Twitter and Discord. After finding one of the people who minted 400 Bad Guys NFTs, they offered to repurchase the NFTs.
In a message via Discord, Rug Pull Finder told its members, “As mentioned, we made the difficult decision to pay a 2.5ETH bounty to the person(s) who were able to mint 400 of the NFTs, securing the 330 of their remaining NFTs. We thought this better than them continuing to undercut the floor and seeing a community disappointed they could not mint or participate.”
Giving back to the Rug Pull Finder community
Basically, they had to pay 2.5 ETH for 330 of the 400 NFTs they originally minted. After consulting with the Rug Pull Finder community, they have plans to distribute these NFTs.
- 10 Bad Guys raffled off on Twitter Spaces
- 17 Bad Guys added to the ‘Bad Guys Vault.’
- 203 Bad Guys Raffled off to the RugPull Finder public sale wallet collection list
- 100 Bad Guys into a raffle for projects that are friends of RugPull Finder.
Finally, now the Rug Pull Finder team has addressed the mint issue, they will want to move on and continue with their wider project.
However, several people in the NFT community have raised concerns about how this incident happened. In particular, because Rug Pull Finder aims to educate the wider web3 world about NFT security.