Key takeaways:
- Following a bounty payment, all NFTs belonging to the BAYC and MAYC that were taken from the peer-to-peer trading platform NFT Trader have been returned.
- Rumors and false information surfaced on social media networks after the hack. Furthermore, the number of hackers that took advantage of the security hole is yet unknown.
Following a bounty payment, all nonfungible tokens (NFTs) belonging to the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) that were taken from the peer-to-peer trading platform NFT Trader have been returned.
On December 16, a security vulnerability on the peer-to-peer trading platform NFT Trader allowed hackers to steal nonfungible tokens (NFTs) valued at millions of dollars.
According to NFT Trader, the attack targeted old smart contracts, which verified the occurrence on X (formerly Twitter).
Revoke.cash reports that at least 13 Mutant Ape Yacht Club and 37 Bored Ape tokens, along with VeeFriends and World of Women NFTs, were among the NFTs taken. These losses totaled over $3 million.
Rumors and false information surfaced on social media networks after the hack. Furthermore, the number of hackers that took advantage of the security hole is yet unknown.
In the hack, NFTs valued at around $3 million were taken. The attacker claimed that another user was responsible for the original exploit in public messages. They wrote, “I came here to pick up residual garbage,” and demanded money in ransom to get the NFTs back.
After paying the 120 Ether (ETH) prize, which is currently valued at approximately $267,000, all of the assets were retrieved in less than 24 hours by a community effort headed by Boring Security, a nonprofit Web3 security project supported by ApeCoin. On X, the Boring Security group wrote:
“All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her [the hacker] 10% of the floor price of the collections as bounty,”
Greg Solano, a co-founder of Yuga Labs, paid the prize. The business is the one who started the NFT collections and backed the talks to get the tokens back and give them to their rightful owners for nothing.
The vulnerability was introduced 11 days ago, according to “Foobar,” the pseudonymous founder and developer of Delegate, after a smart contract upgrade permitted the misuse of a multi-call feature, enabling the unauthorized transfer of NFTs from their rightful owners because of previously granted trading permissions.
Calls to cancel all rights given to two old contracts, 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af, were made in response to the issue.
According to Foobar, the NFTs might be taken once more if permissions are not withdrawn. Soon after the attack was detected, the developer helped the team at NFT Trader to stop it.
