Less than 24 hours after minting its latest NFT collection on the Ethereum network, the National Basketball Association (NBA) decided to put the project on pause. Issues with the smart contract associated with the project made it susceptible for attackers minting an extensive amount of NFTs without having to pay with tokens. Luckily enough for the NBA, BlockSec, a Blockchain security firm, identified that the project had enabled faulty signature verification. In short, this allowed the same signature(s) to be used on multiple occasions, as well as by other users.
The project itself, dubbed “The Association” consists of 18,000 NFTs that sold on the Ethereum network. The NFTs in the collection represent all 240 players rostered in this years NBA playoffs, with each player being showcased on 75 individual NFTs.
This project is special because its NFTs will change based on the player's performance throughout the playoffs. Details regarding the project state that the NFT background and frame will change based on team accomplishments, such as championship wins, upsets, and series sweeps, while details like emojis, accessories, and traits will change based off of individual accomplishments, such as scoring 30+ points in a game, 4+ defensive deflections, a 30ft+ shot made, and being the recipient of an NBA final MVP award.
Many NFT fanatics see the NBA’s error as one that was very basic and preventable. As a result, the attacker was reportedly able to mint 100 NFTs and sell them for a profit on OpenSea. As we’ve reiterated previously, it is pivotal that organizations better the security of their smart contracts. There are experts available to consult, and getting a second opinion could save the organization from a lot of wreckage and brand tarnishing.