Pixel Cafetaria
Published in

Pixel Cafetaria

Pixel Pizzas has been compromised…

I messed up and I am now abandoning this project. Learn from my mistakes.

Due to my own fault, while updating the repository for the PixelPizzas website to include the smart contracts as well, I messed up and commited a .env file that included the private key to the deployer address of Pixel Pizzas.

Because this was leaked the attacker (probably a bot) has been able to transfer ownership of the PixelPizzas contract. And therefore I have taken down the website for now.

Thankfully, I haven’t lost many of my own funds as it was my old address.

What does this mean for you?

Your tokens are still safe. The metadata is stored on IPFS, and the smart contract cannot burn other people’s tokens. But I would advise against minting more, even though the attacker might not benefit from it.


I will not stop producing NFTs, smart contracts, or anything like that. PixelPizzas remains a repo that people can learn from. I will archive the repository with the art of all pizzas available.


I messed up big and I’ve learned a big lesson today. Triple-check your commits to public repositories, especially when moving files around.

I am sorry to have let you all down. But I will continue to educate developers across the whole web3 ecosystem.

Thank you for reading.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

I occasionally write about programming and smart contracts. Follow me on Twitter @0xmbvissers