Ali NFT blind box becomes "open box" and technical failure leads to ridicule

The rise of the NFT wave has allowed major IPs to find new markets. On January 19, the official social media of the well-known domestic animation IP Ali announced its entry into the NFT field and launched the "Ali&His Friends" series of NFTs.

On February 15, after the initial whitelist issuance and preheating, 10,000 Ali series NFT blind boxes were officially put on sale. Each blind box was priced at 0.1ETH. In the OpenSea trading market, the price of a blind box was hyped up to around 0.2ETH.

According to the rules, the blind box can only be opened after all the blind boxes are sold. But soon, community members revealed that there was a technical loophole in this series of NFTs, and users could access the metadata and image information of the blind box through the background code logic without opening the blind box.

According to technical analysis, the main reason why the blind box became an "open box" was that the official exposed the background code logic and the administrator's background address, and the blind box metadata was placed in a public folder, which anyone can access. The official team did not respond to this statement, and the official team did not publicly explain the reason, but it stated on the community's Discord that it would disrupt the leaked metadata and rearrange the NFT rarity.

Since Ali is a real domestic IP, this technical "failure" has aroused people's doubts about domestic projects. According to the previous plan of Ali NFT, it will also build the Aliverse virtual universe and related games around "Ali and his friends", but after this low-level technical accident, many people doubt whether this goal can be achieved.

Technical loophole turns Ali NFT blind box into "open box"

The cute, warm, childish character of Ali, who always believes in fairy tales, has accompanied many people through their youth. When the NFT wave surged, this classic domestic animation IP also caught up with the trend and entered the NFT market.

On January 19 this year, the official social media of Ali announced that it would launch the "Ali & His Friends" series of NFTs. According to the official website, there are 10,000 NFTs in this series, which are composed of unique avatars of "Ali and his friends", including Ahri, Big Bear, Peach, Shadow, Mika, etc. Each character avatar has different costumes and different rarity.

Two Ahri NFT avatars

After the announcement, a large number of Ali fans and NFT enthusiasts expressed their interest in collecting on social media, and the number of fans on the official Ali NFT account grew rapidly to 109,000. According to its NFT sales rules, only users who have completed multiple tasks and obtained the whitelist are eligible to purchase through official channels on the release date.

On February 15, the Ali NFT blind box was officially launched, with each blind box priced at 0.1ETH. Many long-awaited whitelist users bought the blind box at the first opportunity. According to the rules, the blind box can only be opened after all the blind boxes are sold.

Of course, the blind boxes subscribed by whitelisted users can already be listed on trading markets such as OpenSea. On February 16, the floor price of the Ali NFT blind box on OpenSea was about 0.2ETH, a 100% increase from the official offering price.

Just when the blind box holders were looking forward to seeing which NFT they would get, an accident happened. According to feedback from community members, a technical loophole occurred in the pre-sale process of the "Ali & His Friends" series of NFTs, which allowed users to access the metadata and image information of the blind box through the background code logic without opening the blind box.

The mystery of the blind box was lost, and it became a "clear box", which is particularly rare in the history of NFT sales. In addition, a user revealed that there was a spelling error on the previous Ali NFT official website, and "Connect wallet" was spelled as "Collect wallet".

According to the analysis of Twitter user 0xZdm, the blind box leak exposed multiple vulnerabilities in the Ali NFT technology. First, the official debug mode was not turned off, directly exposing the backend code logic; second, the official version used ThinkPHP released 5 years ago, which is likely to have penetration vulnerabilities; third, the official website exposed the administrator's backend address; fourth, the metadata that can only be seen after the blind box is unpacked is directly placed in a public folder and can be accessed by anyone at any time. The user said to the official team of Ali NFT, "Please stop using Web1.5 technology to harvest Web3.0 leeks."

After the relevant issues were exposed, an uproar broke out, and the Ali NFT community was in chaos, demanding an official explanation. At this time, an ID suspected to be an administrator in the official Discord group of Ali NFT sent a message saying "Brothers, hurry up and ship the goods", which once again caused controversy.

The official team responded in the community that the account that made the "shipping" statement has not been used for a long time and is suspected to have been stolen. In addition, the official team of Ahri NFT did not publicly explain the reason for the information leak, but in the Discord community, the team stated that it is actively rectifying the website and disrupting all the previously leaked metadata and rearranging the NFT rarity.

The community angrily criticized domestic projects as "unreliable"

Although the authorities have responded and promised to resolve the loophole, it is too late to remedy the situation. Even if the technical problem can be solved, the negative impact will be difficult to eliminate.

In the community, a user angrily cursed, "Domestic projects are the most unreliable. They just want to reap the benefits. What kind of ** technology is this?" The user believed that the Ali NFT team used cheap technology to reap everyone's hard-earned money.

Such a low-level technical loophole is bound to be criticized, and because Ali is a genuine domestic IP, it has caused domestic projects to be questioned again.

Ali was created in 2006 by Hans Xu, who graduated from the Academy of Fine Arts of Tsinghua University. He started with serialization on the Internet and magazines, and then published fairy tale picture books and animated short films. So far, Ali-related publications have sold over 3 million copies and have tens of millions of fans on the Internet.

After Ali became popular, many virtual products with diverse images (such as emoticons) were derived, and Ali became a content provider on the Internet. At the same time, Ali's peripheral products emerged in an endless stream, and it successfully crossed over with many brands, becoming a pioneer in the commercialization of local animation images. It can be said that Ali is a typical well-known domestic IP.

Ali series anime character

Although the official team of Ali NFT is anonymous, many people believe that the team behind Ali NFT is a domestic team. The major technical loopholes that have appeared this time have made users sneer at domestic projects. Some fans who love Ali also expressed their dissatisfaction, "Such a cute image should not be ruined, and the project team should not bring bad things to Ali."

Some community users believe that the Ali NFT project team needs to fix the vulnerability as soon as possible and successfully complete the NFT distribution to reduce the negative impact. In addition, the project team should also reflect on this incident and demonstrate a pragmatic and efficient style in the subsequent layout to regain the trust of the outside world.

In fact, in the Ali NFT plan, issuing 10,000 NFT blind boxes is just one of them. According to the roadmap on the official website, after the NFT is issued, the team will start building the Aliverse virtual universe and related games. In Aliverse, the relationship between Ali and his friends will be intuitively expressed through games, and it is even possible to cooperate with other cartoon characters.

On February 13, the Ali NFT project reached a strategic cooperation with the MoonDAO community to jointly launch the "Ali Moon Landing Plan" to jointly explore outer space (MoonDAO has successfully booked multiple 2022 low-Earth orbit rocket tickets sold by the commercial space company "Blue Origin"); on February 9, Ali NFT also cooperated with the sandbox metaverse project ALPACADABRAZ to seek collaborative construction of the metaverse.

These collaborations and subsequent plans originally provided a huge space for imagination for the story of the Aliverse NFT project. However, when technical problems were exposed, many people questioned whether the official team was capable of developing the Aliverse virtual universe and games. In the face of a crisis of trust, whether Aliverse NFT can solve the current problems and commercialize the metaverse concept as planned has become a suspense.