NFT Trader Victims Made Whole by BoringSecurity Buyback

36 Bored Ape Yacht Club and 18 Mutant Ape Yacht Club NFTs worth $3 million were stolen from NFT Trader due to a smart contract vulnerability, but recovered in under 24 hours.
Boring Security coordinated a 120 ETH bounty funded by ApeCoin to get the hacker to return the stolen NFTs to their owners.
The quick recovery demonstrated the power of community coordination to protect NFT owners when exploits occur

Recently, 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs worth nearly $3 million were stolen from the peer-to-peer trading platform NFT Trader. In an impressive show of community spirit and determination, the highly-valued tokens were returned to their rightful owners less than 24 hours later. This was made possible by a bounty payment coordinated by Boring Security and funded by ApeCoin.

🚨 NEWS: @BoringSecDAO returns all BAYC and more to victims of the NFT Trader breach. pic.twitter.com/jkD8h996j2
— BlockNews.com (@blocknewsdotcom) December 17, 2023

The Exploit

The theft occurred on December 16th after a vulnerability was introduced during a smart contract upgrade 11 days prior. This allowed the hacker to misuse a multicall feature and make unauthorized transfers of NFTs that users had previously approved for trading. The attacker requested ransom payments in crypto to return the stolen tokens.

The Recovery Effort

Boring Security, a non-profit focused on Web3 security, led community efforts to recover the NFTs. After negotiations, the hacker agreed to return all 36 BAYC and 18 MAYC in exchange for a 120 ETH bounty worth approximately $267,000. The payment was provided by Greg Solano, co-founder of Yuga Labs which created the Bored Ape collections.

Protecting NFTs

The exploit highlighted the need for users to be vigilant about revoking permissions granted to smart contracts. Developer Foobar assisted NFT Trader in stopping the attack and advised users to revoke approvals to prevent further thefts. The quick recovery demonstrated the power of community coordination to protect NFT owners.

Conclusion

In the end, the beloved Bored Apes made their way back home thanks to the combined efforts of Boring Security, Yuga Labs, Foobar, and the determination of the NFT community. It was an inspiring example of what can be accomplished when people work together post-exploit to do what is right.

Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.