The NBA has been a leader in the NFT craze, but its latest offering was disrupted by hackers who took down the entire collection.
The NBA began minting its collection of 18,000 NFTs last week, with 75 NFTs created for each player in the 16 participating teams. The NFTs also have some unique attributes. As with actual players, these NFTs don’t stay static, as the NFT traits will evolve over the course of the playoffs based on each player’s real-life performance, meaning that a certain number of dunks, blocks, three-pointers, rebounds, or assists will change that player’s image.
NFT backgrounds and “frames” will also change based on the player’s team’s performance.
The NFTs were created to mark the beginning of the playoffs, and they were not launched as a way to earn a lot of money directly for the league. The website says the NFTs are free to mint, but collectors will have to pay for the cost of gas on Ethereum. The NBA is reserving some assets for holders of NBA Top Shot NFTs and limiting every individual to a maximum of one per wallet.
After the presale minting begins, the NFT art will be revealed on Friday and visible on NFT marketplaces like OpenSea.
The problem is, a day after the NFTs were launched, it was discovered that some users exploited some security vulnerabilities in the collection’s smart contract, which is the computer code that allows NFTs to be created and traded. Those users were able to mint the NFTs for free, and they took down the entire collection of 18,000 NFTs in roughly one hour.
But the NBA acknowledged the problem April 20, and said it is working towards a resolution for fans. On Friday, April 22, the NBA said it would increase the collection to 30,000 items to make sure fans who failed to get the NFT will now be able to get one.
NFTs, short for “non-fungible tokens,” are unique tokens that are used to signify ownership over digital assets, such as artwork and other types of collectibles.
Each NFT was to be reserved for early members of the NBA’s Discord server who were granted access to an “allow list” that would reserve one free NFT per each Ethereum wallet address registered on the list.
Unfortunately, there were some bugs in the smart contract. A relatively simple exploit allowed users that were whitelisted to grant minting access to other wallets that weren’t on the original allow list. The contract also didn’t properly keep track of the number of mints that took place per wallet. “If a contract was made, it could mint the entire collection in one transaction” tweeted CaptainDefi, a Twitter user who provided an overview of the code on Wednesday.
This resulted in some users minting as many free NFTs as they wanted, some collecting over 100, and then quickly selling them on the secondary NFT trading market OpenSea for more than 0.30 ETH (roughly $1,000 at the time).
The NBA paused the NFT drop just over an hour into the launch after realizing their smart contract had been exploited. It now appears the rightful buyers of the NFTs will now get the collectibles they signed up for, as the NBA said, “We’ve identified the wallets on the Allow List that were not able to mint an NFT yesterday and will be airdropping those fans an NFT from The Association collection.”