After Twitter user Apetimism pointed out the breach, Quixotic, the largest NFT marketplace operating on Optimism, confirmed that a recent contract update was exploited, resulting in the loss of ERC-20 tokens.
According to Apetimism, the attackers apparently targeted Quixotic’s “Offer” feature and stole $100,000. An attacker deployed a contract to bypass some logic on Quixotic’s smart contract over the offering feature. This would let them steal all the tokens used in any offer on Quixotic in any currency.
The NFT marketplace team advised users to cancel their offers as soon as possible, and that all marketplace operations would be halted.
Quixotic had guaranteed and made good to the clients affected by the attack, returning approximately $145,000 to 870 wallets. The exploited contract has been put on hold indefinitely. The attack has had no effect on the NFTs listed on the market.
Compiled by Coinbold