Hackers breach NBA playoffs NFT contract hours after launch
Smart contract hackers derailed the NBA’s hotly-anticipated 2022 NFT release, stealing 100 digital images worth nearly $68,000 just hours after the collection was launched.
A hacker executed code that allowed non-whitelisted wallets to jump ahead in the minting queue by stealing valid signatures from whitelisted users.
“The Association,” released on April 20, was the official NBA NFT collection for this year’s playoffs season and comprised 18,000 images: 75 pictures of each pro basketball player in the 2022 NBA playoffs.
To date, secondary trading in the collection on the world’s largest NFT marketplace, OpenSea, has generated volume of more than 3,400 ETH ($10 million) since inception.
The NBA issued The Association NFTs in a blind mint that randomized the image that buyers received. Initially concealed, the NBA has unveiled the NFT imagery today (April 22).
The NFTs pull data from Chainlink (LINK) oracles that relay game statistics for each player. Chainlink’s oracle network claims to interpret off-blockchain data for on-blockchain processes.
The images can morph over the next few weeks based on the players’ performance in the playoffs. The NBA based changes on pre-determined achievements that each player could attain on the court.
However, despite annual revenues of $10 billion, the NBA apparently could not afford sufficient code reviews to keep them safe.
The attacker used the technique to mint 100 NFTs ⏤ paying over $8,000 in gas fees to quickly finalize their heist onto Ethereum’s blockchain. They immediately listed all 100 NFTs for liquidation on OpenSea.
The team working on the NBA NFT spent some time troubleshooting that issue. They concluded that the smart contract caused the Allowed List to sell out prematurely, and patched the error.
It’s not clear whether the stolen NBA NFTs have all been sold.
Read more: NFT market OpenSea now worth more than Kraken, Gemini, and eToro
The NBA also operates another NFT marketplace, Top Shot on the Flow blockchain, for official NFT collections. Top Shot supports short video clips, trading cards, and highlights from basketball games. It also launched an NBAxNFT Discord channel with more than 58,000 members.
Other sports leagues including the NFL and UFC have also introduced their own NFT collections, however to date those offerings haven’t been exploited in similar ways.
Follow us on Twitter for more informed news.
Out now: the first three episodes of our new investigative podcast series Innovated: Blockchain City.