Archived tweet

Tweet by Aurory:

Just a few hours ago, our team detected unusual activity on our marketplace. After quickly investigating, we discovered that a bad actor was able to exploit our marketplace’s buy endpoint, allowing them to increase their $AURY balance in SyncSpace. This allowed them to withdraw around 600k tokens to the Arbitrum network, which they then proceeded to market sell into our bids, liquidating the full amount of their theft. We’ve disabled SyncSpace for maintenance, meaning assets will not be able to be deposited or withdrawn while the maintenance is ongoing. Some quick facts on the situation: - No user funds or NFTs have been lost or are at risk. The $AURY that was taken came from a team wallet which funds withdrawals for accounts that have not previously deposited $AURY. - The exploit is not ongoing. With SyncSpace offline for maintenance, there is currently no risk of any further exploits. - We swiftly moved to absorb sell pressure through our marketmaker and through pool rebalancing. The exploiter does not have any more $AURY left to sell. - SyncSpace was audited months ago by one of the best security firms in the industry. We will be investigating further to uncover how this bug went undetected despite an expert audit. A more in depth post-mortem on the situation will be coming once we have completed our fix and finished our investigation. We expect SyncSpace to be back online in the coming days, and are still planning to announce our new Amber patch and an EOY event for Seekers of Tokane in the coming week. Our team appreciates everyone’s patience and understanding as we diligently work to restore service so users can continue playing and transacting as usual. Tweeted at 5:27 PM · Dec 17, 2023