News

Meebits Hacked! Visitor Offloaded To Pranksy For $700k

This morning was exciting in the world of Meebits as the anonymous 0xNietzsche managed to mint a rare Meebit Visitor through a loophole in the community minting process. Here’s what went down.

Beginning at 1am Eastern time, Twitter user 0xNietzsche made number of not so cryptic tweets effectively announcing that we was about to make $300,000 per hour.

While the tweets have since been deleted, this was the start of what would materialize as the ultimate heist.

Preparing For Exploit

Executing this exploit requires the hacker to own at least one Cryptopunk. That’s because those who own one are granted the right to pull what’s essentially a “Meebit minting slot machine” one time per punk owned.

This pool of meebits are called the “community Meebits”. They also happen to be the only ones remaining as the public sale sold out within 6 hours.

The minting process for community owners results in one of the remaining Meebits. A few days ago the entire list of Meebits was leaked by discord user @Heaven, giving the community the ability to determine which Meebits had yet to be minted.

Currently, there are a number of rare Meebits remaining including a Dissected (the most rare type). The hacker in this case went after the second most rare as minting a Dissected would have taken significantly more time. Something I’ll get to in a moment.

The Exploit

The way that the exploit worked was that 0xNietzsche had identified a flaw in the minting process in which the ID of the Meebit being minted was returned prior to the transaction being finalized. In other words the minting process occurs in approximately the following order:

  1. Request to mint Meebit
  2. Meebit mint request approved
  3. Meebit # assigned
  4. Transaction initialized to transfer the Meebit to the owner
  5. Transfer completed

Between steps 3 and 5, 0xNietzche was able to cancel the transaction if he didn’t like the Meebit number he was granted. All 140 of those cancelled transactions can be read here. Fortunately for 0xNietzche, he managed to acquire a rare visitor after approximately 6 hours.

The Offload To Pranksy

At 7:19AM Eastern time, Chop (punk.eth) hopped into the Discord stating “Did the minting RNG just get exploited?” and linked to the following transaction.

A conversation began in which people began investigating the transaction. The response was a mixture of both concern and excitement. For those who have yet to mint their final Meebits, there was a risk that the remaining Dissected Meebit would be acquired using the ongoing exploit (as 0xNietzsche had not yet finished and the exploit had not been stopped by LarvaLabs).

OxTerry.eth chimed in on Discord at 7:25 AM articulating what has become the general consensus opinion, “saw the opportunity, had the skills to execute the vision, and successfully pulled through, what an absolute chad.”

OxTerry.eth

The job was not complete though…

By now, Sillytuna posted that he had “put in a cheeky offer” of 1 ETH to which some were suggesting that the Meebit should be returned to LarvaLabs. At this point OxTerry.eth had identified the hacker: 0xNietzsche and congratulated him to which he replied “thx”.

At this point he announced that the Meebit was for sale posting “selling meeting #16647 for 300 ETH, buy it plz”.

Meebit for Sale

Two minutes later he dropped the price by 100 ETH.

Discount time!

At 7:37am 0xNietzche tagged Pranksy. He was panicking at this point and begging people in the discord to buy it. Pranksy, who was unaware that this was a hacked Meebit posted in the discord at 7:41am stating “Thanks @0xNietzsche” after completing the purchase for 200 eth.

It wasn’t until five minutes later when Pranksy suddenly realized that it was a hacked Meebit.

Continuing On

0xNietzsche did not give up on the hack however. In addition to offloading the Meebit he decided to use the proceeds of the sale to purchase 5 punks. He also continued to attempt to leverage the exploit to acquire another Meebit. He said his heart was beating fast and by 8:00 AM he shared the state he was in.

The massive heist in the nude

Ever since then the Meebits discord began going crazy as the hack was still underway. Others in the discord were commenting that they could go run the exploit immediately as well and Pranksy stated that he was ready to buy the winner.

Pranksy the stolen Meebit backstop :)

In the midst of running his exploit, 0xNietzche also managed to get his account verified on Discord. Arad, another discord member was furiously looking to hack the system as well leveraging the same exploit that 0xNietzsche had found. At 8:25 am, the following entertaining interaction occurred between the two developers:

0xNietzche trolls Arad

Exploit Closed

As multiple developers were rushing in to run this exploit LarvaLabs finally stepped in by 8:37AM. As 0xNietzsche posted then:

Game Over

The team will now be working to fix the code on the site in order to prevent this scenario from happening again. In the interim 0xNietzsche was having feelings of regret and began deleting his earlier tweets from Twitter. As of the writing of this article, this was his most recent tweet:

[Since been deleted]

Despite his regret, the general consensus is that he gamed the system fair and square. The result was nearly a million dollar outcome (something that could rise if Cryptopunks continue to rise in value). It speaks to the general ethos of the Ethereum community in that “code is law”. If you manage to figure out a way around it, you deserve the winnings.

More importantly is that this hack adds to the lore of Meebits. It makes them more valuable in the long-term and everybody wins. While some individuals may be frustrated that they didn’t get to select their Meebit as 0xNietzche did, they just weren’t smart enough to pull it off.

Congrats to 0xNietzche, you’ll go down in the history books both in the LarvaLabs community as well as the world of NFTs.