‘Honeypot Bitch’: How Mad Lads Tricked Bots Into Spending $250K on Fake NFTs

Mad Lads is the talk of the NFT world right now, becoming the buzziest mint for any profile picture (PFP) project in months and topping the broader market this weekend. But the drop itself proved dramatic, as bots overwhelmed the mint and forced a 24-hour delay.

However, the “Mad Lads” behind the project lived up to its namesake and fought back, tricking schemers into spending over $250,000 worth of SOL on a fake mint. It was all refunded, but the move apparently kept more of the NFT drop supply for people who actually wanted to be part of the project—and away from those who were trying to mint as many NFTs as possible as a quick flip for profit.

“We decided that we had to battle the botters,” Coral CEO Armani Ferrante told Decrypt, “and we had to do it for the sake of the project.”

Ferrante said that as the mint neared early last week, he began receiving Telegram messages from an unknown party who attempted to extort Coral, claiming that they could “take down” Coral’s Backpack app and botch the drop.

According to Ferrante, the person effectively threatened a distributed denial-of-service (DDOS) attack to overwhelm the mint with requests, and demanded payment to stand down.

“We didn't have the money. We're strapped on cash—we're fighting to survive,” Ferrante said, referencing that over 70% of the funds that Coral raised in its $20 million strategic round last fall are inaccessible due to FTX’s collapse.

But Ferrante also described the dilemma as more than just a financial one—it was a fight for the future of the project, to build an organic community of collectors that took part in the mint.

Mint mayhem

High-profile NFT mints are often targeted by users wielding bots, or automated programs that flood the mint program with requests and try to purchase an inordinate amount of assets. It's usually done to flip on the secondary market amid the post-mint buzz.

Bot attacks tied to NFT drops have taken down the Solana network in the past, but even when the tech is running smoothly, a bot-dominated mint means that would-be collectors and users with a true affinity for the project are sometimes unable to mint. Curated allowlists of authorized wallets can help, but introduce their own inequities into the minting process.

Mad Lads held an allowlist mint on Wednesday, and all went according to plan. But when the public mint for the rest of the NFT supply was about to begin on Thursday, Ferrante said that the DDOS attacks began immediately.

The Mad Lads mint was briefly postponed multiple times on Thursday as Coral tried to mitigate the attacks. The Solana network stayed online, but other hitches emerged as RPC providers had issues and CoinGecko’s pricing API went down. Ferrante described it as a “domino effect” as "billions of requests" were pointed at the Mad Lads mint and started wreaking havoc.

“There was basically this cat-and-mouse game that started happening where the attacker was trying to reverse-engineer their code,” Ferrante told Decrypt, “and we would change the antibody tactics and go back and forth, and back and forth.”

Coral eventually pushed the mint by 24 hours until Friday night, instead of simply going ahead and letting botters claim an unfair share of the NFTs. Ferrante’s team spent the extra time working out how to better protect against botting attacks—including a new kind of strategy.

Into the honeypot

As the Friday mint was about to start, the DDOS flood began anew. This time around, Coral sent two back-to-back updates to the minting app: one that was legitimate and pointed to the real NFT mint process, as would be referenced in the public mint interface, and another that could only be found by reverse-engineering the code.

That one pointed to a “honeypot”—effectively, an isolated distraction designed to trick botters into blowing their SOL on a fake mint and receiving nothing valuable in the process. The fake contract soaked up over $250,000 worth of SOL, and those users who tried to gain an unfair edge in the mint weren’t in the mix when the legitimate public NFT drop began moments later.

“HONEYPOT BITCH,” the Mad Lads project tweeted Friday, pointing to a Solana network account that held the funds pulled from the faux mint.

Ferrante told Decrypt that it’s possible that some legitimate users got caught up in the fake mint. Some users on Twitter said that they were following the rules and ended up with a useless NFT, although in the pseudonymous Web3 world, it can be difficult to vet the legitimacy of complaints on social media.

Even so, Ferrante said he’s confident it was mostly users who were trying to game the mint. That’s because minters would have had to manually create code to mint the NFTs after reverse-engineering the contract code, he said, thus pointing to more sophisticated users going outside of the normal process.

Ultimately, the honeypot move was designed to distract and thwart botters and not steal away funds—so refunds were processed hours after the mint concluded.

Whether this type of strategy will work again for future NFT drops is unclear, as the cat-and-mouse game continues. But Ferrante believes that the surprise tactic helped Mad Lads reach more of its intended audience, and the drama and excitement arguably helped fuel buzz around the project as it topped the NFT charts over the weekend.

“In real time, we were fighting these guys that were trying to extort us at the beginning of the week,” Ferrante concluded. “And it was kind of this very euphoric, crazy event. It was honestly one of the most stressful times in my life.”