Several days ago some sensors were triggered regarding a potential problem with Itheum KYC in Maiar Launchpad. At first, some users claimed that they can make multiple valid KYC with the same ID but different wallets.
That was soon confirmed and multiple users began to abuse this bug, I will use a specific address to explain the approach.
On the 23rd March, a transaction of 236.13 egld from Binance wallet was made to the following address: erd1dgsmcj9y3jj3srft3mm33qa4g0adyleujrez7044tve22cqnl28st3me38
Soon after it started to transfer 2.3 egld to wallets that were created with a script: 1 egld to delegate to staking and the rest was kept for buying the ticket. A total of 1282.41 egld were transferred from Binance to this wallet.
You can see the behavior on one of the addresses that were purposed for the KYC on Maiar Launchpad:
What do you guys think will happen? Will this be considered legal? Will Elrond Team mitigate this? Should Elrond Team take measures against this practice such as invalidating the tickets but not returning the egld paid for the tickets? Feel free to comment below, I would love to see your take on this. A follow-up post will be made regarding the end results of this hack.