The Ethscriptions protocol and its primary marketplace recently fell victim to a hacking incident that resulted in the theft of 202 Ethscriptions. Ethscriptions, known for their unique approach to creating Ethereum assets using transaction “calldata,” experienced a security breach that has raised concerns among users.
https://t.co/ZcR9HKlexS Marketplace Security Incident Update
In this Tweet I’m going to walk you through how the exploit happened and what we are doing about it.
First, to be clear, this was not a vulnerability in the Ethscriptions Protocol. This was a vulnerability in one… pic.twitter.com/i5Q0W2PRMQ
— Middlemarch (@dumbnamenumbers) July 12, 2023
The Hack and Theft
Lehman, the creator of Ethscriptions, confirmed that while the protocol itself and other applications built on the technology remained unaffected, a significant number of Ethscriptions listed on Ethscriptions.com were compromised. Lehman took to Twitter to report the incident, highlighting the impact it had on the community.
The stolen Ethscriptions were connected to around 123 individual addresses, representing a substantial loss for those affected by the breach. The exact value of the stolen digital assets is yet to be determined. However, data from the popular NFT marketplace OpenSea suggests that some Ethscriptions have previously been sold for as much as 5 Ethereum, equivalent to approximately $9,600.
Investigation and Responsibility
Lehman expressed his distress over the incident, specifically mentioning the theft of the rare and valuable Ethscription #56. He acknowledged that the marketplace was intended to serve as a model for supporting Ethscriptions, but the exploit disrupted these plans.
In assuming responsibility for the failure, Lehman traced the exploit back to a smart contract co-created with Michael Hirsch from Indelible Labs. The presence of an unintentional code snippet allowed individuals to withdraw Ethscriptions they did not own from the marketplace, resulting in unauthorized access to valuable assets.
Unique Features of Ethscriptions
Ethscriptions are a distinct form of NFTs that store data at the transaction level. This sets them apart from tokens issued on Ethereum using smart contracts like the ERC-721 standard. With over 474,000 Ethscriptions created so far, according to data from the Dune Analytics dashboard, these unique digital assets have gained significant popularity among users.
Moving Forward and Lessons Learned
Despite the setback, Lehman remains determined to relaunch the Ethscriptions.com marketplace after implementing the necessary changes to enhance security and prevent similar incidents from occurring in the future. He commended the impacted users as the “earliest adopters” of the Ethscriptions protocol and expressed gratitude for their support.
The emergence of Ethscriptions followed the rise of Ordinals, a protocol used to create NFT-like assets on the Bitcoin network. This experimentation with the oldest cryptocurrency in the market has paved the way for innovative approaches to tokenization.
Lehman’s recent awareness-raising efforts regarding the hacking incident have shed light on the compromised state of the Ethscriptions marketplace. As users, it is crucial to heed the warning issued on Ethscriptions.com, which advises individuals to withdraw their Ethscriptions and refrain from creating new listings until the marketplace’s security concerns are resolved.