Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
All nonfungible tokens (NFTs) from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) that were taken from the peer-to-peer trading platform NFT Trader have been returned following a bounty payment.
NFTs valued at nearly $3 million were taken during the hack on December 16. According to public communications, the perpetrator claimed the initial breach was due to another user. “I came here to pick up residual garbage,” they stated, demanding ransom payments for the return of the NFTs.
“If you want these NFTs back then you need to pay me 120 ETH […] and then I will send you the NFTs, it’s as simple as that, and I never lie, believe me […],” one of the messages stated.
A community effort spearheaded by Boring Security — a non-profit Web3 security initiative funded by ApeCoin — successfully retrieved all assets in under 24 hours after paying the 120 Ether (ETH) bounty, which was approximately $267,000 at the time of reporting.
Related Posts
“All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her [the hacker] 10% of the floor price of the collections as bounty,” the Boring Security team communicated on X (formerly Twitter).
The bounty was funded by Greg Solano, co-founder of Yuga Labs. The company is responsible for creating both NFT collections and facilitated negotiations to recover the tokens and return them to their original owners at no cost.
According to “Foobar,” the pseudonymous founder and developer of Delegate, the vulnerability was introduced 11 days prior when a smart contract upgrade permitted the misuse of a multicall feature, allowing unauthorized transfers of NFTs from their legitimate owners due to previously granted trading permissions.
The incident led to recommendations for users to revoke all permissions granted to two outdated contracts 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. Foobar warned that the NFTs could be stolen again if approvals are not revoked. The developer assisted the NFT Trader team in halting the attack shortly after it was identified.
Magazine: NFT Creator: J1mmy.eth once minted 420 Bored Apes… and had NFTs worth $150M
