Ethereum-based Milady NFT project exploited, $1M lost

• The Milady project suffered loss of $1 million in fees as a result of the exploit.
• The exploit was reportedly carried out by a developer within the Milady ecosystem.
• Social media accounts were also compromised.

Milady, a non-fungible token (NFT) project built on the Ethereum blockchain, has fallen victim to a major exploit that has significantly impacted the project’s finances and social media presence.

The exploit was disclosed by Charlotte Fang, one of the co-founders of the Milady NFT collection, on September 11 via X (formerly Twitter). She revealed that a developer within the Milady ecosystem had successfully diverted approximately $1 million in generated fees away from Remilia Corporation.

I am heartbroken that there were people within this brilliant, loving community with so much wealth and enrichment for everyone involved that would scheme from within for short term profit at the expense of everything we have built together.

I am so sorry that you have to deal…

— sheep rotator (@sheeparepeople) September 11, 2023

Milady is a collection of 10,000 anime profile picture NFTs designed and launched in 2021 by Fang. In May 2023, Tesla CEO Elon Musk publicly endorsed Milady NFTs, resulting in a significant increase in their floor price. The floor price of a Milady NFT currently stands at 2.86 ETH, reflecting a 15% decrease over the past 24 hours, according to OpenSea data.

Remilia DAO Compromised

Remilia Corporation, a decentralized autonomous organization (DAO) backing the Milady Maker NFT project, had its revenue compromised due to an exploit involving Bonkler, an experimental finance art project created in April 2023, as confirmed by Fang.

Fang has, however, reassured the community that Bonkler reserves, main contract, and NFTs were secure, and that only Remilia’s revenue from Bonkler had been compromised. She emphasized that Remilia’s reserves remained “unaffected,” and user assets were “perfectly safe.”

Attacker Targets Social Media Accounts

In addition to seizing fee reserves, the attacker also took control of critical codebases and attempted to manipulate Remilia’s social media accounts.

Fang reported that the attacker had successfully taken over three X accounts, including Miladymaker and Remilionaire, while Remiliacorp was locked out. She urged caution, advising users to consider these three accounts as compromised. Fang provided new official accounts for the community to follow, including RemiliaCorp333, MiladyMaker333, and RemilioBaby.

Individuals responsible for attack identified

Fang has revealed that that Remilia had identified the individuals responsible for the exploit and expressed their determination to pursue legal action.

She stated, “We expect all our property to be returned” and added, “For such viciousness, I can give no quarter—the individuals involved have been terminated from Remilia Corporation, and will now be dealt with through the heavy hand of the law.”