How a group of Mad Lads tricked Bots into spending $250K on fake NFTs using a Honeypot tactic

The Mad Lads NFT Drop Overcomes Extortion Threats and DDOS Attacks

The Mad Lads NFT drop has been the talk of the NFT world recently, becoming the buzziest mint for any profile picture (PFP) project in months and topping the broader market over the weekend. However, the drop itself was quite dramatic, as bots overwhelmed the mint, forcing a 24-hour delay. Coral CEO Armani Ferrante explained that as the mint approached, he received Telegram messages from an unknown party who attempted to extort Coral by claiming that they could take down Coral’s Backpack app and botch the drop. The person effectively threatened a distributed denial-of-service (DDOS) attack to overwhelm the mint with requests and demanded payment to stand down. Ferrante said that his company didn’t have the money and they were fighting to survive. He noted that over 70% of the funds that Coral raised in its $20 million strategic round last fall are inaccessible due to FTX’s collapse. To preserve the future of the project and build an organic community of collectors that took part in the mint, Ferrante and the Mad Lads team decided to fight back. They tricked schemers into spending over $250,000 worth of SOL on a fake mint, which was all refunded. The move helped keep more of the NFT drop supply for people who actually wanted to be part of the project and away from those who were trying to mint as many NFTs as possible for a quick flip for profit.

Mint Mayhem

High-profile NFT mints are often targeted by users wielding bots, or automated programs that flood the mint program with requests and try to purchase an inordinate amount of assets. It’s usually done to flip on the secondary market amid the post-mint buzz. Mad Lads held an allowlist mint on Wednesday, and all went according to plan. But when the public mint for the rest of the NFT supply was about to begin on Thursday, Ferrante said that the DDOS attacks began immediately. The Mad Lads mint was briefly postponed multiple times on Thursday as Coral tried to mitigate the attacks. The Solana network stayed online, but other hitches emerged as RPC providers had issues, and CoinGecko’s pricing API went down. Ferrante described it as a “domino effect” as “billions of requests” were pointed at the Mad Lads mint and started wreaking havoc.

Into the Honeypot

As the Friday mint was about to start, the DDOS flood began anew. This time around, Coral sent two back-to-back updates to the minting app: one that was legitimate and pointed to the real NFT mint process, as would be referenced in the public mint interface, and another that could only be found by reverse-engineering the code. That one pointed to a “honeypot”—effectively, an isolated distraction designed to trick botters into blowing their SOL on a fake mint and receiving nothing valuable in the process. The fake contract soaked up over $250,000 worth of SOL, and those users who tried to gain an unfair edge in the mint weren’t in the mix when the legitimate public NFT drop began moments later.


The Mad Lads NFT drop has been one of the most talked-about mints recently, and the success of the project can be attributed to the team’s willingness to fight back against bot attacks and extortion threats. The move by Coral CEO Armani Ferrante to trick schemers into spending over $250,000 worth of SOL on a fake mint helped keep more of the NFT drop supply for people who actually wanted to be part of the

Leave a Reply

Your email address will not be published. Required fields are marked *