Mad Lads tricked bots into paying $250K on fake NFTs

Mad Lads has taken the NFT world by storm, emerging as the most talked-about mint for profile picture (PFP) projects in recent months and dominating the broader market over the weekend.

However, the drop itself was remarkable, as bots flooded the mint and forced a 24-hour delay.

However, the “Mad Lads” behind the initiative fought back, duping schemers into spending over $250,000 in SOL on a fake mint. All of it was returned, but the move seems to have kept more of the NFT drop supply away from people who were trying to make as many NFTs as quickly as possible to sell for a profit.

“We decided that we had to battle the botters,” Coral CEO Armani Ferrante said, “and we had to do it for the sake of the project.”

As the mint approached early last week, Ferrante received Telegram messages from an anonymous source trying to “take down” Coral’s Backpack app and botch the drop.

According to Ferrante, the individual effectively threatened a distributed denial-of-service (DDOS) attack that would flood the mint with requests and demanded payment to stop.

“We didn’t have the money. We’re strapped on cash—we’re fighting to survive,” Ferrante said, referring to the fact that over 70 percent of the $20 million raised by Coral in a strategic round last autumn are inaccessible due to the collapse of FTX.

But Ferrante also said that the problem wasn’t just about funds; it was a fight for the project’s future and to build a community of collectors who helped with the mint.

High-profile NFT mints are frequently targeted by bots, or automated programs that flood the mint program with requests and attempt to purchase an excessive amount of assets. Most of the time, it’s done to flip on the secondary market after the mint.

On Wednesday, Mad Lads held an allowlist mint, and everything went according to plan. But when the public minting of the remaining NFT supply was about to commence on Thursday, DDOS attacks began immediately, according to Ferrante.

Honeypotting DDOS attackers in the NFT market

The DDOS flood started again just as the Friday mint was about to start. This time, Coral sent two updates to the minting app right after each other. One update was real and directed to the real NFT mint process, as shown in the public mint interface. The other update could only be found by reverse-engineering the code.

This one pointed to a “honeypot,” which was essentially an isolated distraction designed to deceive botters into spending SOL on a fake mint and receiving nothing in return. The fake contract took in more than $250,000 worth of SOL, and users who tried to get an unfair advantage in the mint were left out when the real public NFT drop started a few minutes later.

On Friday, the Mad Lads project tweeted “HONEYPOT BITCH,” referring to a Solana network account that contained the funds withdrawn from the fake mint.

Still, Ferrante said he is sure that most of the users were trying to trick the mint. He said that’s because minters would have had to manually create code to mint the NFTs after reverse-engineering the contract code. This shows that more experienced users went outside of the normal process.

In the end, the honeypot strategy was intended to divert and thwart botters rather than steal funds, so refunds were processed hours after the mint ended.

it’s not clear if this type of approach will work again for future NFT drops. But Ferrante thinks that the surprise helped Mad Lads reach more of the audience it was meant for, and it’s possible that the drama and excitement helped the project get more attention as it topped the NFT charts over the weekend.

“In real time, we were fighting these guys that were trying to extort us at the beginning of the week,” Ferrante concluded. “And it was kind of this very euphoric, crazy event. It was honestly one of the most stressful times in my life.”

Content Source: decrypt.com

The post Mad Lads tricked bots into paying $250K on fake NFTs appeared first on NFT News Pro.