The Idols NFT Staking Drain
The Idols NFT lost ~$324K when a staking-rewards accounting flaw let an attacker repeatedly claim weighted rewards far beyond entitlement, draining the pool.
- Date
- Victim
- The Idols NFT
- Chain(s)
- Status
- Funds Stolen
On January 13, 2025, The Idols NFT project lost approximately $324,000 through a staking-reward accounting flaw that let an attacker claim weighted rewards far in excess of entitlement, draining the reward pool.
What happened
The Idols' NFT-staking contract mis-tracked reward weight/claim accounting, allowing repeated over-claims. The reward pool was drained before the issue was caught.
Aftermath
- Project paused staking; small loss, limited recovery.
Why it matters
The Idols NFT is one more reward-accounting double-dip (Popsicle, Level Finance, Bent, BetterBank). NFT-staking reward math is the same hazard class as LP-reward math: it must stay consistent across stake, unstake, transfer and claim, under arbitrary ordering. The catalogue records this exact surface failing across years and product types — the generalisation developers keep missing is that a reward claim is a withdrawal and needs withdrawal-grade invariant testing, ideally formal.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-idols-nft-hack-january-2025
- [02]rekt.newshttps://rekt.news/the-idols-nft-rekt