The NBA’s plan to drop 18,000 free NFTs on its fans has gone awry.
The basketball league yesterday launched a new collection of NFTs called “The Association,” which was intended to provide exclusive NFTs to the earliest members of the NBA’s Discord server. Instead, security vulnerabilities in the collection’s smart contract, the computer code that enables NFTs to be created and traded, resulted in users exploiting the drop, unfairly minting the NFT, and cleaning out the collection in roughly an hour.
The NBA yesterday acknowledged the exploit and said it would work toward a resolution for its fans. Today, the league announced it would increase the size of its NFT collection from 18,000 to 30,000 items in order to ensure everyone who was supposed to receive one will get one.
We recognize the issues with the smart contract which caused the Allow List supply to sell out prematurely. We apologize for this situation and are currently identifying the Allow List wallets that were not able to mint as a result.
NFTs, short for “non-fungible tokens,” are unique tokenstokens that are used to signify ownership over digital assets, such as artwork and other types of collectibles. In this case, each Association NFT represents an NBA player in this year’s playoffs: 75 NFTs of each player from 16 different teams, initially totaling 18,000 NFTs in all. The NFTs are meant to be "dynamic" and will change, and presumably increase or decrease in value, depending on the real-life performance of the player to which it is linked.
Each NFT was to be reserved for early members of the NBA’s Discord server, which just launched on Friday. These members were granted access to an “allow list” (another term for whitelist) that would reserve one free NFT per each Ethereumwalletwallet address registered on the list.
But bugs within The Association’s smart contract destroyed this promise to those fans. A relatively simple exploit allowed users that were whitelisted to grant minting access to other wallets that weren’t on the original allow list.
The contract also didn’t properly keep track of the number of mints that took place per wallet. “If a contract was made, it could mint the entire collection in one transaction” tweeted CaptainDefi, a Twitter user who provided an overview of the code on Wednesday.
🏴☠️ NBA NFTS EXPLOIT EXPLAINED THREAD 🏴☠️
The Association NFTs was exploited today, anyone could mint them totally for free
This all effectively resulted in some users minting as many free NFTs as they wanted, some collecting over 100, and then quickly selling them on the secondary NFT trading market OpenSea for more than 0.30 ETH (roughly $1,000 at the time).
The NBA paused the NFT drop just over an hour into the launch after realizing their smart contract had been exploited.
NBA Smart Contract Bugs🏀
Overall, the #NBA smart contract had major security bugs, overly complicated, and lacked optimization. A friend of mine told me to check out their contract and I noticed the following problems🧵
This, however, isn’t the NBA’s first go-around with NFTs. NBA Top Shot, which captures NBA highlights in the form of NFTs on the Flowblockchain, gained notoriety last year and is largely responsible for the rise in mainstream attention in sports NFT collectibles. While there’s no clear relationship with Top Shot in the NBA’s latest drop, the league had promised some extra rare Association NFTs to Top Shot collectors.
Despite yesterday's exploit, the NBA appears poised to move forward with its plans for its Association NFT collection. "We’ve identified the wallets on the Allow List that were not able to mint an NFT yesterday and will be airdropping those fans an NFT from The Association collection," a representative of the NBA announced in its official Discord server.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Just days after DeGods founder Frank (aka Rohun Vora) said he was stepping away from the CEO role, a total of 16 DeGods NFTs from his Solana wallet were sold into open marketplace bids—a move he confirmed came from an attacker via a compromised trading laptop.
The malicious actor was able to obtain more than 108 SOL, or nearly $19,000, for the stolen NFTs, which included a DeGod with a mythical helmet—one of the rarest traits in the collection.
Some traders on X (formerly Twitter) were quick to...
Albrecht Dürer’s iconic 1515 artwork “The Rhinoceros” has been reinterpreted as a set of 11 sterling silver sculptures by Asprey Studio, each of which will be sold alongside a digital inscription on the Bitcoin blockchain.
Produced by Asprey Studio in partnership with the British Museum, which holds Dürer’s original preparatory sketch for the woodcut, the sculptures are accompanied by a “a parent/child inscription that prevents any further additions and serves as a modern family tree of provenan...
The Infinite Node Foundation, a newly established nonprofit endowment, announced Tuesday that it has acquired the IP of influential Ethereum NFT collection CryptoPunks from previous owner and Bored Ape Yacht Club creator Yuga Labs.
The Foundation, which announced a $25 million grant in April “to build the future of digital art,” will now steward the 10,000-piece Punks collection first created by Larva Labs in 2017, while Yuga Labs shifts back to its “apeish roots.”
CryptoPunks General Manager Na...
