$34M Locked in a Smart Contract. Was the Akutars Exploit Avoidable?

BY Langston Thomas

April 25, 2022

Last Friday (April 22), Micah Johnson’s anticipated Akutars project launched to great fanfare. Unfortunately, things went sideways quickly. Soon after collectors began flooding the website to take part in the drop, an issue with the project’s smart contract caused a fiasco that ultimately resulted in the loss of a staggering $34 million.

While events have since been set in motion to continue the awaited drop and potentially recoup losses, the launch is already being seen as a cautionary tale — one that has greater implications on the NFT ecosystem at large.

An image of Micah Johnson's NFTs showing different Akutars avatars
A preview of Akutars NFTs

What happened with Akutars?

Featuring 15,000 NFTs, the Akutars collection was released as the next chapter in the life of Johnson’s beloved Aku character. The project was launched via dutch auction — a sale that starts at a set amount and then drops over time to the final sale amount.

Once the contract went live, NFT enthusiasts flocked to the Akutars website in hopes of securing one of Johnson’s new avatars. Despite the starting price of 3.5 ETH (set to drop by 0.1 ETH every six minutes), thousands of transactions were submitted by hopeful collectors.

Yet, early on in the launch, prominent NFT community member Hasan took to Twitter to express concern about a potential issue in the project’s smart contract. Deemed to be an urgent matter, Hasan was able to get connected with the Akutars development team and was assured that there were fail-safes in place to prevent any potential problems.

But it seems these fail-safes weren’t enough. A hacker named USER221 quickly became aware of the issue Hasan had brought forth and triggered an exploit that halted withdrawals and refunds from the contract, leading to 11,539 ETH (around $34 million) being locked in the Akutars contract.

Fortunately, the hacker quickly took responsibility and messaged the Akutars team (via an ETH transaction) saying, “Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.” This led another user to chime in (also via transaction) and suggest that in the future the Aku devs have their contracts audited at the very least.

Even though the anonymous user unlocked the action that halted the contract in the first place, an unresolvable discrepancy in values made it so the funds were locked in the contract, unretrievable by either the Akutars developers or USER221. For a more in-depth look at the coding that caused the lockup, read developer 0xInuarashi’s full Twitter thread on the topic here.

How can we avoid these situations in the future?

Possibly the most prominent lesson learned from this whole debacle is that events such as the Akutars exploit are avoidable as long as transparency, trust, and community are valued within the NFT space. The Aku team was warned early by a well-meaning community member about the potential issue within their infrastructure and outright dismissed the problem. Lesson learned.

With scams and exploits having become such a major facet of the NFT market, being proactive is no longer an option, but a necessity when it comes to security. On both ends of the spectrum, from collectors to developers, community members can and should hold each other accountable.

Although Micah Johnson and the Aku team have no way of retrieving even a cent of that $34 million, they are pushing forward with the Akutars collection, step by step. Johnson has taken responsibility for the mess and his team was able to mint and airdrop all 15,000 NFTs. They’re now focussing on issuing refunds to early access collectors.

The Akutars mishap has served to highlight the fact that, while the NFT ecosystem is built on the blockchain, the vast majority of consumers have little to no knowledge about how smart contracts function. Just as 0xInuarashi’s stated in his Twitter thread, developers are running the show behind the scenes.

As a microcosm being built around the idea of decentralization, the NFT space can be safe and accessible to all. This starts with listening and learning. Learning about solidity (the programming language of the blockchain)? Sure, that definitely couldn’t hurt. But more so, learning when to listen, and who to trust. Scammers are unfortunately very common in the NFT space, but thankfully talented developers like Hasan, are too.

Dive Deep

Features & Guides