All Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) nonfungible tokens (NFTs) stolen from the peer-to-peer trading platform NFT Trader have been returned after a bounty payment.
NFTs worth nearly $3 million were stolen in the hack on Dec. 16. As per public messages, the attacker attributed the original exploit to another user. “I came here to pick up residual garbage,” they wrote, requesting ransom payments to return the NFTs.
“If you want these NFT’s back then you need to pay me 120 ETH […] and then I will send you the NFT’s, it’s as simple as that, and I never lie, believe me […],” reads one of the messages.
A community initiative led by Boring Security — a non-profit Web3 security project funded by ApeCoin — recovered all the assets in less than 24 hours after paying the 120 Ether (ETH) bounty, worth around $267,000 at the time of writing.
“All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her [the hacker] 10% of the floor price of the collections as bounty,” the Boring Security team wrote on X (formerly Twitter).
Congratulations to the @BoringSecDAO in getting back those Apes.
— realniceguy.eth ❄️ (@realniceguy_SRH) December 17, 2023
Well done. ✅ @BoredApeYC pic.twitter.com/brVGQ58Sg2
Bored Security paid the bounty with support from Yuga Labs. The company is the creator of both the NFTs collections and supported negotiations to recover the tokens and return them to their original owners for free.
According to “Foobar", pseudonymous founder and developer of Delegate, the vulnerability was introduced 11 days ago after a smart contract upgrade allowed the misuse of a multicall feature, enabling unauthorized transfers of NFTs from their rightful owners due to previously granted trading permissions.
The incident prompted calls for users to revoke all permissions granted to two old contracts 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. The NFTs could be stolen again if approvals are not revoked, Foobar said. The developer assisted NFT Trader's team in stopping the attack shortly after it was discovered.
Magazine: NFT Creator: J1mmy.eth once minted 420 Bored Apes… and had NFTs worth $150M
