We recently discovered that thirdweb, a third party that provides web3 tools, including smart contracts, was made aware of a security vulnerability in a commonly used web3 open-source library that affects some of their smart contracts, which unfortunately includes some contracts used by VOX. Please see their blog on this matter to learn more — https://blog.thirdweb.com/security-vulnerability/

Based on thirdweb’s investigation alongside their audit partners, this vulnerability has NOT been exploited in any thirdweb smart contracts, however, it does require us to take immediate steps in order to ensure the safety of your NFTs, for the following contracts:

• VOXverse Fantasy Land Parcels
• DreamWorks Trolls VOX Boxes
• Get Plucked Chickens
• VOX Holiday Mystery Boxes

We have locked the contracts identified above, meaning that most of these NFTs are no longer transferable, the vulnerability cannot be exploited, and are working closely with thirdweb to perform mitigation steps, which involves moving things to a new contract without the known vulnerability.

Here are the new collections on OpenSea:

• VOXverse Fantasy Land Parcels — 
  https://opensea.io/collection/voxversev2
• DreamWorks Trolls VOX Boxes — 
   https://opensea.io/collection/collectvoxdreamworkstrollsvoxboxv2
• Get Plucked Chickens —
  https://opensea.io/collection/voxgetpluckedv2

Here are the steps we are taking:

VOXverse Fantasy Land Parcels and DreamWorks Trolls Boxes

The contract is now locked, a snapshot has been taken, and a new contract has been deployed. Last night, we sent new versions of each token on these contracts to the holders at the time of the snapshot. No action is required on your part. This process happened automatically, and now complete, you are able to transfer your new NFTs on the Ethereum network again seamlessly. We are working with OpenSea to get the collections adjusted as soon as possible.

Get Plucked Chickens

The contract is now locked, a snapshot has been taken, and a new contract has been deployed.

For these tokens, we will do 2 things:

• For those whose ETH wallets holding Get Plucked Chickens that are linked to a Gala account, we will drop the new version of each held token on GalaChain. We are targeting for this to take place later this month or early next year.
• For those that don’t have a linked ETH wallet, thirdweb has published this website where you can re-claim the NFTs on the new contract. The claim site is now live. Please note this process will require an ETH gas fee.

The NFT Chickens from the old contract will still remain playable in Get Plucked.

VOX Holiday Mystery Boxes

This contract was also affected, but the unique nature of this contract has required us to take different mitigation steps.

We removed permissions on this contract, which prevents any nefarious changes to the collection and new tokens from being minted. To mitigate ongoing fraudulent behavior, we have notified all major exchanges to flag these tokens as affected by a security vulnerability.

To reduce risk, we recommend that holders attempt to exchange their boxes immediately. To initiate the exchange, connect your web3 wallet containing the boxes to collectvox.com, navigate to your collection, and begin the exchange process. This does require an ETH gas fee.

Please note that some of the potential rewards upon exchange are locked tokens (VOXverse Fantasy Land Parcel and DreamWorks Trolls VOX Boxes). If you exchange your box and would have normally received a VOXverse Fantasy Land Parcel or a DreamWorks Trolls VOX Box, the transaction will succeed, but you will not receive your reward. Afterward, the wallet won’t be usable to unlock upcoming boxes, requiring you to transfer any remaining boxes to a new wallet to conduct more exchanges.

If you exchange your box and do not receive a reward, please submit a support ticket at Gala Games with your transaction hash no later than December 18th, 2023 so we can do our best to address this.

Most people will be able to collect your reward as usual and proceed to open the remaining Holiday Mystery Boxes without any issues.

To compensate holders of these tokens for the above difficulties, we have dropped holders new versions of the VOXverse Fantasy Land Parcels (Common Rarity) for each Holiday Mystery Box that they own.

Be assured that we have been diligently working behind the scenes to ensure that your NFTs are secure and that the mitigation steps are as smooth and effortless as can be. Thank you for your patience and understanding.