That unlimited weth spend also is super dangerous.
As all of you in this thread are aware, Cypherpunk Zero NFTs have been (and may continue to be) stolen due to a security vulnerability in the smart contract ECC used to deploy the assets.
We learned about this on Dec. 5, but unfortunately, we’ve been unable to locate the smart contract owners keys which means we’ve been unable to mitigate. The wallet seems to have been lost during or since ECC’s restructure. We are frustrated and heartbroken as many of you are.
ECC has a snapshot of all the wallets that held Cypherpunk Zero NFTs on Dec. 5, and we are working with the ZecHub team and the Decentralizing Zcash Digital Task Force to determine next steps. We’re also happy to take ideas from the community, as we consider our course of action. 
We will come back to you with news when we sort out a plan. Until then, onward.
2 Likes
Correct me if I’m wrong, but reading the vulnerability, it seems that only Cypherpunk NFT holders that have used their ETH wallet to interact with dapps like Opensea or Uniswap, etc… (where you grant token spending approval) are at risk of losing their NFT?
What if you have never interacted, never granted spending authority to a third party?
NFTs safu?
2 Likes
I had CPZ stolen from a wallet that had never granted spend authority, had only ever received CPZ
2 Likes
Interesting 
, I created a brand new ETH wallet, got my CPZs at launch, and haven’t touched that ETH wallet for anything since.
All my NFTs are still there… 
3 Likes
Direct airdrop inscriptions and NFTs
1 Like
The attacker is not likely to drain all wallets, as they still want the NFTs to be traded in the market. That’s their only way to benefit from all this.
1 Like
Same here!
anyone have ‘the attackers’ address?
1 Like
- 0x44cdf0E532Dda3474dAE859181e5865380d86a73
- 0x7e7a90dDf323FAdb2e9435dB482bec7Df66B69A7
The most interesting thing is that his permissions have not been revoked and he could have been bombed in the same way. Apparently he’s not afraid of it.
Here I have indicated my thoughts about his strange behavior in the second paragraph:
right now:
5 Likes
How to cancel the authorization, 
How to compensate, because many secondary market acquisitions and how to develop in the future
1 Like
Well, it looks like I spoke too soon, one of my Cypherpunk Zeros is gone. 
For some reason it still appears in my Metamask but when I looked it up on Etherscan it was transferred out 22days ago apparently…
2 Likes
Yeah, Metamask NFT data is not refreshed often.
Just noticed that my favorite Zero is also gone.
My hope is that maybe with the advent of ZSAs, these NFTs can be “reborn” there - properly shielded! And after all, since the ETH chain thefts are all public information, it should be possible to identify the correct owners at the time of the theft. That would be a great PoC application for the ZSA launch.
6 Likes
I made a dune query on the list of holders and their respective NFTs at 1 block before the first known attack: https://dune.com/queries/3306298/5537323
2 Likes
one problem i see is sum ppl kept buying and selling many punks still after theft. so dats a hard situation. not talkin even the stolen ones just normal ones. and sum maybe bought also stolen ones not knowin it.
Down bad on the coin.
Down bad on the NFT.
I guess there’s only upside from here? 
Didn’t the dolls also not get completed?
dolls got completed and shipped long ago. after sum delays yes.
1 Like
From this point on, I’m starting to get excited that this hack happened!