In a recent incident involving stolen nonfungible tokens (NFTs), a hacker has returned 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs after receiving a bounty payment of 120 Ether. The NFTs, valued at nearly $3 million, were stolen from the peer-to-peer trading platform NFT Trader. The hacker demanded the bounty payment as a condition for returning the NFTs. Fortunately, a community initiative led by Boring Security, a non-profit Web3 security project, successfully recovered all the stolen assets within 24 hours of making the payment. The bounty was paid by Yuga Labs co-founder Greg Solano, who supported the negotiations to return the tokens to their rightful owners free of charge. This incident draws attention to the importance of robust security measures within the NFT space and the need for users to exercise caution when granting trading permissions.
▶ [Kucoin] Transaction fee 0% discount CODE◀
NFT Trader’s stolen Apes returned after bounty payment
The NFT community was recently hit by a major hack on the peer-to-peer trading platform NFT Trader, resulting in the theft of all Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) nonfungible tokens (NFTs). However, there is some good news to report, as the stolen Apes have been successfully returned after the payment of a bounty to the hacker.
According to reports, a total of 36 BAYC and 18 MAYC NFTs were stolen in the hack, amounting to a value of nearly $3 million. The hacker responsible for the theft subsequently demanded a ransom payment of 120 Ether (ETH), equivalent to approximately $267,000 at the time, in exchange for the return of the stolen NFTs.
▶ [Kucoin] Transaction fee 0% discount CODE◀
Hacker returns stolen Apes after receiving payment
In a surprising turn of events, the hacker decided to return the stolen Apes after receiving the bounty payment. The payment of 120 Ether was made by Yuga Labs co-founder Greg Solano, who took the initiative to resolve the situation and recover the stolen assets.
Value of stolen NFTs and hacker’s demand
The stolen NFTs, consisting of Bored Ape Yacht Club and Mutant Ape Yacht Club tokens, held a significant combined value of nearly $3 million. The hacker demanded a ransom payment of 120 Ether in exchange for the safe return of the stolen NFTs.
Community initiative led by Boring Security recovers assets
After the theft was reported, a community initiative led by Boring Security, a non-profit Web3 security project funded by ApeCoin, took action to recover the stolen assets. The team at Boring Security successfully retrieved all 36 BAYC and 18 MAYC NFTs within 24 hours after paying the bounty to the hacker. As part of the recovery efforts, Boring Security sent the hacker a bounty equivalent to 10% of the floor price of the collections.
Bounty paid by Yuga Labs co-founder
Greg Solano, co-founder of Yuga Labs, played a crucial role in resolving the situation by paying the bounty to the hacker. Yuga Labs is the creator of both the Bored Ape Yacht Club and Mutant Ape Yacht Club NFT collections, making Solano personally invested in the recovery of the stolen assets. Support from Yuga Labs and negotiations with the hacker ensured the safe return of the stolen NFTs to their original owners without any additional cost.
Vulnerability in smart contract discovered
The incident shed light on a vulnerability in the smart contract used on the NFT Trader platform. According to the pseudonymous founder and developer of Delegate, the vulnerability was introduced 11 days prior to the hack during a smart contract upgrade. The update inadvertently allowed the misuse of a multicall feature, granting unauthorized transfer permissions for NFTs and resulting in their unauthorized transfer from their rightful owners.
Calls to revoke permissions granted to old contracts
In response to the breach, calls have been made by the developer community to revoke all permissions granted to two old contracts that may have contributed to the vulnerability. The contracts in question are identified as 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. Failure to revoke these permissions could potentially make the stolen NFTs vulnerable to further breaches.
Developer assists in stopping the attack
The developer community played a crucial role in mitigating the effects of the hack by assisting the NFT Trader team in stopping the attack shortly after its discovery. Their swift action and expertise not only helped prevent further damage but also contributed to the successful recovery of the stolen NFTs.
In conclusion, the return of the stolen Apes following the payment of a bounty represents a significant win for the NFT community. The incident has highlighted the need for ongoing vigilance and security measures within the decentralized ecosystem to protect against future attacks. The collaboration between community initiatives like Boring Security, responsible platform founders like Greg Solano, and the developer community demonstrates the resiliency and dedication present within the NFT space.
▶ [Kucoin] Transaction fee 0% discount CODE◀
RELATED POSTS
View all