REKT Vulnerability & Next Steps

Shit happens sometimes. We regret to say that our smart contract has a vulnerability, and the funds kept there were drained. Wallets in your profiles are SAFE. Your creator fees are SAFE.

First, we want to apologize to you. You were so excited, we were so excited. We failed, and we must apologize to you. We bet this is not the end.

Please read the information below carefully about what we will do next and how to export your wallet.

What actually happened? Our smart contract was drained due to a vulnerability. In other words, you could buy multiple cards and immediately start selling them 1 by 1 higher than you paid for them. Some bad actors figured this out and initiated tons of wash trading activities, buying 3 cards in one TX and then selling them 1 by 1. Here are a few examples:

It will take some time to identify all these attackers and if required, we will publish all these FIDs. This way, you can personally verify that these individuals are not and cannot be associated with our team in any way. Technically, they are not hackers; they simply have taken advantage of vulnerability.

Honest and wealthy people, of course, would not take advantage of such an opportunity, but we clearly understand that everyone in this world has different living standards. Perhaps these bad actors had unbearable financial difficulties, and now, due to this act, they will be able to survive. Perhaps they themselves do not realize the scale of the baseness of their act, but they “stole” funds from an early-stage project that was trying to survive for almost 1.5 years after numerous pivots. The REKT team had to work several jobs in order to have money to live and develop the project. But we went out of our way for the sake of users who were waiting for our project and wanted to use it honestly.

Some stats with proofs:

we have almost 6k registered users (check # of pages in our leaderboard);
in fact, only ~2100 users were able to mint their cards BEFORE we stopped minting cards for them (we went out of API limits on Neynar)
approximately 700 accounts bought 2+ cards;
508 users were active traders
REKT’s treasury has ~ 1,83M $DEGEN: 0xD6Cc72258277126ae691BdaF397f4674dF71c3AF
Prize Pool treasury has ~ 1,93M $DEGEN: 0x7a8f876fB67c9DCb4D5A8f4BB41170dD5c6d8CF1
Total amount deposits (excluding bad actors): 11,202,825 $DEGEN
The REKT team will start partial refunds within 24 hours. We are still making sure that we have accounted for all affected users.

The list of users affected: https://docs.google.com/spreadsheets/d/1i_LRWPhy4cz7pt4QinfIWDAbdiAxUifilVWnfP1BacU/edit?usp=sharing

If you believe you were affected and can’t find your address here, please DM us.

So, what we are going to do next:

we are disabling most buttons in our app (trading, deposit, buy, sell).
WE ARE ADDING A FEATURE TO EXPORT YOUR WALLET (private key) so you can connect it to Metamask and control your funds. You can keep funds there or withdraw them.
We are eager to relaunch our app, but only AFTER audits. We are not leaving, and we will stay here until we “die.”
We will take ALMOST EVERYTHING that the REKT team has made and use these funds to refund initial deposits. We should keep some funds to order a security audit.
Unfortunately, we have to take Prize Pool for refunds as well. But we will provide you with points and potential airdrops in the future.
All points will be saved and restored to everyone except bad actors.

How to export your wallet! Connect to the Uncuts app. Press the Withdrawal button, and then you’ll see the “Export My Wallet” button. Then follow Privy's instructions. Be careful; it provides your private key, and you take responsibility for your funds. You can easily import this wallet into your Metamask and send funds anywhere you want.

Unfortunately, at this stage, we can only refund the amount of the initial deposits and only to those whose profits from using our service did not exceed the initial deposit. I hope you understand. But we will give you as many benefits and perks as possible from using our current app and future ideas. If your realized profit < deposits, we will refund the difference to you.

First, we will proportionally combine REKT’s treasury and prize pool and refund user deposits. These funds won’t be enough to cover all losses, but once we do that, we can figure out what is left. This process will be semi-manual.

Then, we will relaunch our app and we’ll pay a % of our profits back to affected users. You can try to trust us again, or leave and wait until we recover your losses as much as we can.

Now, let’s figure out this stuff. We understand that your emotions will take over, and potentially, a lot of members who joined us will say that we are scammers, committed fraud, or whatever. But let's face it:

👎 we fucked up with a smart contract (vulnerability). That’s true.

👍 we are not leaving

👍 we are not anonymous

👍 we are refunding your deposits. And will work to recover as much money as possible.

👍 we want to relaunch our app and will refund a % of our own profits back to affected users.

👍 we have shown that our team can launch something hyped

👍 we were always transparent and will continue staying on the same transparency narrative.

Ok, let’s make a summary. We fucked up, but we are not leaving. You can always DM us to chat about it. We will refund the initial deposits, first partially, and then recover the rest ASAP. If you still trust us, you can wait for the next release alongside the security audit report.

And yet, we will cope. Again. And our team wishes these bad actors happiness. Maybe having solved their financial problems, exhaled, and relaxed, they will think about their actions. And there is no judgment more terrible than the judgment of your own conscience. And in the end, we are grateful that our vulnerability was pointed out to us, albeit in this way. There is no limit to perfection, and this situation will only make us stronger and more competent so that in the future, it will be even more comfortable and safe for our users to use our service because we have been making it for years, not just a one-day project.