The National Basketball Association launched its Ethereum-based (CRYPTO: ETH) non-fungible token (NFT) basketball trading card collection on Wednesday. By Thursday, 100 were already stolen by hackers.
What Happened: NBA's new NFT contract featured a vulnerability caused by the smart contract not having a nonce ensuring it can be used only once and does not bind the message signer, as explained by cryptocurrency cybersecurity firm BlockSec.
This vulnerability was exploited within just hours after the firm enabled token minting by a hacker who minted 100 NFTs and then sold them, paying 2.72 ETH of transaction fees, worth about $8,565 as of press time.
See Also: How to get free NFTs
The official account of NBA's NFT initiative recognized the problem and publicly apologized in a tweet, saying the firm is "currently identifying the Allow List wallets that were not able to mint as a result" of the illegitimate minting by the hacker. The company promised that it is working "towards a resolution for those affected."
