There existed a glitch that allowed users to make an absurd amount of money in Cryptokitties that no one has been aware of, or so this guy is claiming.
Robert Durst, a ‘full stack engineer with a slight blockchain obsession’, described his experience of ‘hacking’ Cryptokitties on hackernoon.
Durst exploited the ‘likes’ feature to dominate the Cryptokitties marketplace. He says that, while the rest of the users were busy manually liking their kitties, he automated the process:
The average Cryptokitties user is not very tech savvy, so most of the like exploits were simply people creating multiple accounts on MetaMask and liking up their own cat. While this is effective for maybe 10–100 likes, it gets very time consuming when done in large quantities. Having had some experience with web3.js I sought to repeat this liking process, but with code.
The end result for him was this kitty with an absurd number of likes:
Durst describes the ‘ritual’ to get an infinite number of likes for your precious lovely kitties as follows:
- Generate a public/private key-pair.
- Digitally sign the word “Cryptokitties” and send this signature along with your public key to the CryptoKitties API.
- Receive back a login token.
- Use this login token to like a cat.
- Repeat as many times as you like.
Durst says that since he was the only one liking cats using the above method, he was easily able to dominate the marketplace. His strategy was simple: “like a cat until it is the most liked cat on the market, sell, and repeat.
He, however, has bad news for anyone thinking of trying this method out — according to him, the bug no longer exists.
CryptoKitties development team has covered up this exploit, allowing only those with at least one cat to like other cats. This means, to replicate the above, you would need to pass a cat back and forth between accounts — by the time you get to 20,000+ likes, the $$$ you spend on gas would be more than you could possibly make from a liked up cat.
We launched the like feature right before the team left for Christmas vacation. The exploit was found and fixed within days. Neither the script option nor the brute force method of creating multiple fake accounts to inflate ‘like’ counts is possible as the result of our fix. Currently, the only way to give a ‘like’ is to have an account that owns a CryptoKitty. While the fix prevents anyone from continuing to abuse the exploit, we have a long-term solution that will address the cats that benefitted from the exploit.