NFT Trader, a peer-to-peer trading platform for non-fungible tokens (NFTs), fell victim to a significant hack involving “old smart contracts.” The breach allowed at least one hacker to abscond with high-value NFTs, including renowned Bored Ape Yacht Club and Mutant Ape Yacht Club tokens, along with other valuable collections such as World of Women NFTs, VeeFriends, and Art Blocks.
Users were promptly notified by NFT Trader to revoke access to the compromised smart contracts. The main hacker, responsible for the breach, demanded ransom payments for the stolen NFTs, adding a layer of complexity and concern to the incident. NFT Trader addressed the security breach in an announcement on X, acknowledging the attack on their “old smart contracts.” The company urged users to take immediate action by revoking permissions previously granted to the compromised smart contracts.
The severity of the incident was underscored by the loss of millions of dollars’ worth of high-value NFTs, heightening worries about the vulnerability of peer-to-peer trading platforms within the cryptocurrency community. The hacker, identified as the apparent main attacker, brazenly posted a public message to the blockchain, attributing the NFT exploit to another user and justifying the attack as a means to “pick up residual garbage.” In response to the hack, NFT Trader swiftly updated its smart contracts to address a reentrancy vulnerability, signaling an attempt to secure its platform.
The situation remained dynamic as the attacker made perplexing moves, refunding one Bored Ape along with 31 ETH to a user, returning specific staked Bored Apes to their owners, while retaining ApeCoin rewards. The attacker offered to return the stolen tokens to victims, but only after receiving a ransom of 3 ETH per Bored Ape and 0.6 ETH per Mutant Ape. The incident exemplifies the challenges and risks associated with the evolving landscape of NFT trading and underscores the need for enhanced security measures within the crypto space. [UPDATE] In a swift response to the NFT Trader hack, all stolen Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non fungible tokens (NFTs) worth nearly $3 million have been successfully recovered.
The attacker, attributing the exploit to another user, demanded a 120 Ether (ETH) ransom for the return of the NFTs. Boring Security, a non-profit Web3 security project funded by ApeCoin, led a community initiative to recover the assets by paying the ransom, with Greg Solano, co-founder of Yuga Labs, facilitating negotiations for the return of the tokens to their original owners at no cost.
Reference:
- NFT Trader Hit in Multi-Million Dollar NFT Heist
