The altcoin of NFT platform JPEG'd (JPEG), which allows users to borrow stablecoins using their NFT as collateral, has suffered a steep drop in price after a re-entrancy attack exploited a vulnerability in its smart contract.
The attacker was able to withdraw funds using the withdrawal function repeatedly before their balance was updated. According to preliminary information, the attack was orchestrated by a MEV bot, which appears to have increased the price of gas in order to execute the malicious operation before the original.
According to unconfirmed data, the loss is thought to be 6,100 Ethereum, which corresponds to a value of 11 million dollars.
The price of JPEG, the native token of JPEG'd, dropped 39.02% in one day to $0.0003843 at the time of this writing.
JPEG'd has not yet made an official statement about the incident.
ChainSecurity, a leading smart contract auditing firm, published a report in 2019 warning of a read-only reentrancy vulnerability that could allow an attacker to reuse a function without changing the contract's status.
*Not investment advice.