A novel protocol designed for creating and disseminating digital objects on Ethereum has faced a major hurdle, as disclosed by its creator, due to a substantial breach in its primary marketplace.
Ethscriptions, an innovative technique for fabricating Ethereum-based assets, was unveiled just last month by Tom Lehman, the brains behind Genius.com and its former CEO. This system harnesses transaction “calldata” to inscribe non-monetary information onto the blockchain.
Lehman lamented, “Around 123 distinct addresses were stripped of roughly 202 Ethscriptions during this breach.” He further added, “It’s expected for nascent protocols to face teething troubles, but this incident wasn’t what I had anticipated.”
Lehman acknowledged the mishap, pinpointing the vulnerability to a smart contract crafted by him alongside Michael Hirsch, Indelible Labs’ co-founder.
The vulnerability was rooted in a segment of code that inadvertently permitted unauthorized extraction of Ethscriptions from the platform.
Although the core Ethscriptions protocol and associated applications remain intact, a considerable number of listings on Ethscriptions.com were allegedly pilfered, as indicated by Lehman in a recent tweet.
While it’s still unclear the total value drained due to this vulnerability, recent insights from the NFT platform, OpenSea, suggest that certain Ethscriptions were traded for up to 5 Ethereum in the last month. Given current rates, this translates to roughly $9,600, underscoring the gravity of the situation.
Lehman’s Response to Ethscriptions Marketplace Hack
On July 14, Lehman alerted the community about the breach, and a message concerning the compromised state of the marketplace still appears on Ethscriptions.com.
Visitors to the site are greeted with a cautionary note, urging them to pull out their Ethscriptions and to refrain from adding new listings due to the persisting issue linked to the marketplace contract.
Lehman voiced his distress about the Ethscriptions debacle, branding it as “terrible.” He singled out the theft of Ethscription #56, describing the loss as “brutal” given its distinctive nature as one of the earlier artifacts, which made it particularly rare.
What amplifies the disappointment of this breach is that the Ethscriptions marketplace was envisioned as a beacon for other marketplaces considering the integration of Ethscriptions support.
Lehman remarked, “Our aim with the marketplace was essentially to illuminate the path for others on how to establish such platforms and foster an ecosystem. Regrettably, in this endeavor, we stumbled.”
Revamping the Ethscriptions Marketplace: Lehman’s Plans for Relaunch and Communication with Affected Users
Regarding the newly introduced protocol, Lehman highlighted the complexity of striking a balance between conserving costs by reducing smart contract storage use and efficiently managing those contracts, especially in the context of marketplaces.
“This experience has profoundly reshaped my view on how marketplaces might adopt the protocol. I believe this revised understanding will contribute to a more robust ecosystem in the long run,” Lehman reflected.
He stressed the imperative of creating strategies to either equip smart contracts with requisite data or enable them to function devoid of such dependencies.
Lehman has unveiled intentions to reboot the Ethscriptions.com marketplace post the incorporation of essential protocol modifications.
Throughout this ordeal, he has maintained open communication channels with those impacted by the breach. In appreciation of their pioneering spirit, Lehman has publicly lauded them as the “earliest adopters” of the Ethscriptions protocol on Twitter.