In a remarkable turnaround, all stolen non-fungible tokens (NFTs) from Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) have been recovered following a major security breach on peer-to-peer trading platform NFT Trader. The December 16 incident resulted in the theft of NFTs worth nearly $3 million. However, thanks to the quick action of Boring Security, a non-profit Web3 security project backed by ApeCoin, these digital assets were secured within 24 hours.
The recovery operation included a premium payment of 120 Ether (ETH), equivalent to approximately $267,000 at the time of the transaction. Greg Solano, co-founder of Yuga Labs and creator of the BAYC and MAYC NFT collections, led this strategic move. His involvement was crucial in the negotiation process, which ultimately led to the return of the NFTs to their rightful owners at no additional cost.
NFT merchant hack exposes flaws in smart contracts
The attack was related to a vulnerability in a smart contract, which had been updated 11 days before the incident. This upgrade inadvertently introduced a flaw related to a multicall feature, which allowed unauthorized transfers of NFTs. The hacker took advantage of previously granted trading privileges and carried out the theft. The vulnerability was spotted by “Foobar”, a pseudonymous founder and developer of Delegate, who played a crucial role in assisting the Non-Fungible Tokens Trader team to stop the attack soon after discovery.
In response to this security breach, urgent calls have been made for users to revoke all permissions granted to two specific legacy contracts identified as potential risks. These contracts, listed as 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af, pose an ongoing threat. If the approvals are not revoked, the stolen NFTs could be compromised again.
This incident has shed light on the ongoing vulnerabilities within the NFT space and the need for increased security measures. The successful recovery of the stolen assets underlines the importance of rapid response and effective digital asset crisis management. Furthermore, it highlights the collaborative efforts between various entities within the Non-Fungible Tokens ecosystem, from developers to platform owners and community initiatives, in protecting assets and maintaining trust.
The incident serves as a wake-up call for the Non-Fungible Tokens community to prioritize security and remain vigilant against potential exploits. It also highlights the need for continuous monitoring and updating of smart contracts to prevent similar events in the future. As the NFT market continues to evolve, ensuring the safety of digital assets remains a top priority for creators and investors alike.
