Middlemarch, the creator of Ethscriptions, the Ethereuminscription protocol against Ordinals, said a few days ago that Ethscriptions was attacked, and about 123 addresses lost about 202 Ethscriptions in this vulnerability.
The vulnerability is not a vulnerability in the Ethscriptions protocol, but a vulnerability in a specific smart contract. The protocol itself and other applications running on it were not affected in any way.
The reason for the vulnerability is that the contract cannot access the state of the Ethscription. The contract itself cannot know who owns a certain Ethscription, and the user may pay for an Ethscription that does not exist.
The most straightforward way to avoid this kind of exploitation is to ask a trusted third party to confirm which deposits are valid.
But in this case, whoever holds the private keys who can confirm which deposits are valid is a single point of failure. The team wanted to write a reference implementation that would be validated by the protocol itself.