Stolen Bored Ape and Mutant Ape NFTs Recovered After Bounty Payment
By James Pebenito • December 18, 2023
Stolen Bored Ape and Mutant Ape NFTs Recovered After Bounty Payment
Following a significant security compromise, all nonfungible tokens (NFTs) belonging to the Bored Ape Yacht Club (BAYC) and the Mutant Ape Yacht Club (MAYC) have been recovered. Peer-to-peer trading platform NFT Trader was the victim of the well-publicized breach, which led to the theft of NFTs worth around $3 million.
In a string of open communications, the hacker sought 120 Ether (ETH) as payment for the safe return of the NFTs. However, a community effort led by the nonprofit Web3 security project Boring Security, which received funding from ApeCoin, moved quickly to address the issue. By paying the 120 ETH incentive, which is almost $2675,000, the team was able to successfully recover all 36 BAYC and 18 MAYC NFTs in less than 24 hours.
Cooperation within the Community and Bounty Payment
The creator of both NFT collections and co-founder of Yuga Labs, Greg Solano, oversaw the negotiations and bounty payout. The Boring Security group thanked Solano for his assistance in protecting the property. It was determined that the quick recovery process was made possible by the bounty payment, which is equal to 10% of the floor price of the collections.
The security breach was traced back to a vulnerability that had been introduced by an upgrade to a smart contract 11 days earlier. This update unintentionally made it possible for a multi-call functionality to be abused, allowing for the illegal transfer of NFTs. The attack caused tokens to be moved without authorization by taking advantage of trade permissions that had previously been given.
Requests for User Alertness
The creator and developer of Delegate, going by the alias “Foobar,” advised users to remove all permissions given to particular old contracts (0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af), in reaction to the breach. Foobar brought attention to the possibility of token theft if permissions were not swiftly canceled. The developer was instrumental in helping the team at NFT Trader stop the attack as soon as it was detected.
The event serves as a reminder of the security concerns that the NFT space continues to face and the value of community-driven activities in protecting important digital assets.