After the hack, the firm revealed it has immediately reimbursed the funds. Meanwhile, its investors expressed their continued support for the Bicol-based startup.
Ismael Jerusalem, the co-founder and CEO of meta-focused NFT and crypto startup Ownly, revealed that their Mustachio Marauders staking contract was compromised when hackers tried to drain OWN tokens from it. In a statement, the firm said the attacker drained 930M OWN tokens, which it acquired for 115 BNB. This was worth $37,000 or ₱1,937,875 as of 8:13 pm May 11, 2022.
Jerusalem said the attacker initially used 10 OWN tokens repeatedly in batches until the contracts were drained. The transaction records for the attack can be seen here.
“The cause of this exploit is that the unstake function of the staking contract does not check the user’s claim status which allows the hacker to use the unstake function to claim unlimited $OWN tokens and drained the contract,” Ownly said in a statement.
“We’re currently tracing the wallet addresses of the stakers and we’ll be sending out the OWN tokens soon,” the team assured.
(Update 8:00 am May 12, 2022) In a statement to BitPinas, Jerusalem said they have already fully refunded the amount drained.
Further, the developers said that for now, minting will be disabled on the staking platform. However, they guaranteed that everyone who staked their OWN tokens in Ownly’s Stake-to-Own Mustachio Marauder NFT program will still be airdropped with the NFTs.
“Ang gagawin namin ngayon focus more on the development ng game tapos raising funds to accelerate building. Wala na muna staking.” – Ismael Jerusalem
[“What we will do now is to focus on the development of the game as well as raising funds to accelerate building (the project). Staking will be paused for now.”]
To prevent the incident from happening again, Jerusalem assured that they will use Certik next time for the staking contracts. Certik audit is a comprehensive security assessment for smart contracts and blockchain code that helps identify vulnerabilities and recommend ways to fix them. Prior to this, Ownly was using OpenZeppelin, an open-source platform for building secure decentralized applications.
Despite the hacking, investors of the firm expressed their high hopes and support for the Bicol-based startup.
“The Ownly team is still young but already very capable. This bump in the road will not stop them from delivering their targets. I’m confident that Ismael, Bernard, Kina, and the rest of the team will bounce back stronger from this. Ownly is one of just a handful of teams that have been constantly innovating and building tangible products since 2019.” – Rico Zuniga, Chief Technology Officer of Sparkpoint, Investor of Ownly
According to Ownly’s most recent community report, the firm shared that it has acquired “partnerships, opportunities to grow, events and projects for our community, and so much more. We also launched the Ownly Market Artist Launchpad wherein artists can mint and launch their artworks the easy way.”
Note: Ownly was a major partner for the Mint and Greet event organized by BitPinas with CryptoArt PH, Tezos Philippines, Team Manila, First Mint Fund, and Draper Startup House. (Read more: [Event Recap] BitPinas Mint & Greet: Industry Must Further Support Crypto Artists)
This article is published on BitPinas: PH-based Startup “Ownly” Hacked, Immediately Reimburses Victims
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.