The recent Solana NFT drop by Mad Lads has become a hot topic in the NFT world, as it has become the most popular mint for profile picture (PFP) projects in months and topped the broader market this weekend. However, the launch was fraught with drama, as bots overwhelmed the mint and caused a 24-hour delay. The Mad Lads team fought back against the bot attacks by tricking schemers into spending over $250,000 worth of SOL on a fake mint, which was later refunded. The move allowed more of the NFT drop supply to be allocated to genuine collectors and prevented those trying to make a quick profit from minting as many NFTs as possible.
Coral CEO Armani Ferrante explained that as the mint neared, he received Telegram messages from an unknown party attempting to extort Coral by threatening a distributed denial-of-service (DDOS) attack. The attack aimed to overwhelm the mint with requests and demanded payment to stand down. Ferrante described the dilemma as a fight for the future of the project, to build an organic community of collectors that took part in the mint. High-profile NFT mints are often targeted by users wielding bots, which flood the mint program with requests and try to purchase an excessive number of assets. This practice is usually done to flip on the secondary market amid the post-mint buzz.
Billions of requests. Things that went wrong.
– crushed by ddos (and extortion)
– coingecko api down
– twitter spaces broken
– cloudflare ui broken
– rpc node 1 data center rugged
– rpc node 2 unable to handle capacity
– bots trying to rug the public phase
— Mad Armani 🎒 (@armaniferrante) April 21, 2023
The Mad Lads team held an allowlist mint on Wednesday, which went according to plan. But when the public mint for the rest of the NFT supply was about to begin on Thursday, the DDOS attacks began immediately. The Mad Lads mint was briefly postponed multiple times on Thursday as Coral tried to mitigate the attacks. The Solana network stayed online, but other issues emerged as RPC providers had issues, and CoinGecko’s pricing API went down. Ferrante described it as a “domino effect” as “billions of requests” were pointed at the Mad Lads mint and started wreaking havoc.
The Mad Lads team eventually pushed the mint by 24 hours until Friday night, instead of letting botters claim an unfair share of the NFTs. The team spent the extra time working out how to better protect against botting attacks, including a new kind of strategy. As the Friday mint was about to start, the DDOS flood began anew. This time around, Coral sent two back-to-back updates to the minting app: one that was legitimate and pointed to the real NFT mint process, as would be referenced in the public mint interface, and another that could only be found by reverse-engineering the code. That one pointed to a “honeypot,” effectively an isolated distraction designed to trick botters into spending their SOL on a fake mint and receiving nothing valuable in the process. The fake contract soaked up over $250,000 worth of SOL, and those users who tried to gain an unfair edge in the mint weren’t in the mix when the legitimate public NFT drop began moments later.
Thanks for playing.
— Mad Lads (@MadLadsNFT) April 22, 2023
The honeypot move was designed to distract and thwart botters and not steal away funds, so refunds were processed hours after the mint concluded. Ferrante believes that the surprise tactic helped Mad Lads reach more of its intended audience, and the drama and excitement arguably helped fuel buzz around the project as it topped the NFT charts over the weekend. The Mad Lads project tweeted “HONEYPOT BITCH,” pointing to a Solana network account that held the funds pulled from the faux mint. Ferrante acknowledged that it’s possible that some legitimate users got caught up in the fake mint, but he’s confident it was mostly users who were trying to game the mint. Ferrante concluded that the experience was very euphoric but also very stressful.