0
0
On July 28, something strange happened on the Ethereum blockchain. A smart contract from SuperRare, a well-known NFT platform, was tricked, and about $730,000 worth of RARE tokens were stolen.
This wasnât just a normal crypto hack. The SuperRare hack had an unusual twist.
The person who found the bug in the code didnât even end up getting the money. Someone else saw the attack coming and jumped in first.
Now, experts are calling this a clear case of front-running, a type of move where someone copies an action but sends their transaction faster.
This SuperRare hack is not just about one mistake in code. It shows how things can go wrong even when attackers are fighting each other for money.
SuperRare is an NFT website where artists sell their digital art. Itâs been around since 2018 and only allows selected artists to list their work. It also has a special token called RARE.
People who hold RARE can vote on how the platform works and even earn rewards by staking their tokens.
The SuperRare hack didnât affect the art side of things or the RARE token itself. It hit the staking contract, the part of the code that lets users earn rewards. This contract had a serious mistake.
The contract had something called a Merkle root, a tool used to check who should get rewards. But the code that controls who can update this Merkle root wasnât strict enough.
Normally, only the owner of the contract should be allowed to make changes. But the SuperRare staking contract had a weak check.
This let someone upload their own version of the Merkle root, which made it look like they were allowed to claim rewards.
Using this, they took 11.9 million RARE tokens in one transaction. Thatâs about $730,000 at the time.
Security teams like CertiK and PeckShield confirmed the SuperRare hack right after it happened. Cyvers also found that the attackerâs wallet had been filled with ETH through Tornado Cash: a tool used to hide money, more than six months ago.
This means the attacker may have been preparing this for a long time.
The SuperRare hack gets even more interesting. The person who found the bug and wrote the attack contract wasnât the one who took the money.
Another wallet saw the first attack being sent and copied the exact same move, but with a higher gas fee. In simple terms, that means they paid more to get their transaction processed first.
Since Ethereum miners pick the highest-paying transaction, the second walletâs move was confirmed before the original one.
This kind of action is called front-running. Itâs like cutting in line. The first person spotted a flaw, but the second person got the reward.
Blockaid, one of the security teams that reviewed the SuperRare hack, said this is a clear example of how even attackers can get attacked.
In just one block, just seconds apart, the money was gone. The wallet that ended up with the stolen RARE tokens still holds them. They havenât moved or sold them yet.
Right now, SuperRare has not said much officially. They havenât explained what they plan to do or whether theyâll pay back users.
The NFT platform itself is still working, and the RARE token wasnât broken. But the trust in SuperRareâs staking system has taken a hit.
The SuperRare hack teaches a few important things. First, smart contracts must have very tight rules about who can make changes. A simple mistake, like a loose permission, can open the door to huge losses.
Second, anyone who builds on-chain systems has to think about how fast bots can act. In this case, someone saw an attack and beat the attacker at their own game, live, on the chain.
And third, the SuperRare hack is not just about bugs in code. Itâs about how fast things happen in crypto.
Everything is public, everything is traceable, and if you make a move, someone might copy it before you even finish.
The $730,000 loss is serious. But the front-run twist makes this one of the most unusual stories in recent crypto history.
The SuperRare hack shows that even attackers need to watch their backs. And for platforms like SuperRare, itâs a reminder: reward systems need just as much protection as vaults.
The post SuperRare Hack: $730K Stolen in Staking Exploit With Frontrun Twist appeared first on The Coin Republic.
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio youâre using to start.
0
0
0
0
