Treasure marketplace tells users to delist NFTs after exploit

Treasure, the biggest marketplace for non-fungible tokens (NFTs) on the Arbitrum blockchain, has been hit by an exploit.

Treasure DAO co-founder John Patten confirmed the exploit in a tweet posted on the evening of March 2.

“Treasure marketplace is being exploited. Please delist your items. We will cover the costs of the exploit — I will personally give up all of my Smols to repair this,” he said.

Earlier today, Treasure advised users to “delist everything” through messages posted on its Discord server, and said the marketplace had been paused. Its representatives later added that they believed they had identified the issue.

The news triggered panic among Treasure users, who took to social media to sound the alarm. 

The full extent of the exploit and which items have been stolen is not yet clear, but a blockchain address associated with the hacker — shared by Twitter sleuths — gives some indication. 

That address appears to show that 17 Smol Brains — perhaps the most popular NFTs traded on Arbitrum — were stolen. Based on their listed prices on the Treasure platform, the total value of these pieces comes to 426,511.38 in MAGIC, Treasure’s native token, or around $1.4 million at current prices.

The hacker appears to have been able to acquire the pieces without paying for them.

News of the hack triggered a sharp fall in the price of MAGIC, from around $3.8 to as low as $2.6, according to CoinGecko. The price of the token has recovered somewhat in the hours since the exploit and is now trading at roughly $3.3.

PeckShield weighs in

Early on March 3, blockchain security and data firm PeckShield published an analysis of the incident — claiming that more than 100 NFTs from several collections had been stolen from the Treasure marketplace. 

PeckShield also confirmed that the hacker was able to ‘buy’ those pieces in exchange for zero MAGIC, thanks to a bug in the platform’s code that allowed the prices of items to be manipulated. 

John Patten and Treasure were contacted for comment but did not respond by press time. 

UPDATE: This article was updated on March 3 at 1:18am ET with additional information from PeckShield. 

About Author

Ryan Weeks is deals editor at the The Block, focused on fundraising, M&A and institutional trends in the crypto space, among other things. He is particularly interested in investigative work — so please send tips! Ryan previously worked at Financial News, Dow Jones as a fintech correspondent in London. Prior to that, he wrote for several different publications, including Sifted, AltFi and Wired. Beyond journalism, Ryan is a keen reader and writer. He enjoys all things active, especially running, rugby, climbing and tennis.