- 36 Bored Ape Yacht Club and 18 Mutant Ape Yacht Club NFTs worth $3 million were stolen from NFT Trader due to a smart contract vulnerability, but recovered in under 24 hours.
- Boring Security coordinated a 120 ETH bounty funded by ApeCoin to get the hacker to return the stolen NFTs to their owners.
- The quick recovery demonstrated the power of community coordination to protect NFT owners when exploits occur
Recently, 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs worth nearly $3 million were stolen from the peer-to-peer trading platform NFT Trader. In an impressive show of community spirit and determination, the highly-valued tokens were returned to their rightful owners less than 24 hours later. This was made possible by a bounty payment coordinated by Boring Security and funded by ApeCoin.
The Exploit
The theft occurred on December 16th after a vulnerability was introduced during a smart contract upgrade 11 days prior. This allowed the hacker to misuse a multicall feature and make unauthorized transfers of NFTs that users had previously approved for trading. The attacker requested ransom payments in crypto to return the stolen tokens.
The Recovery Effort
Boring Security, a non-profit focused on Web3 security, led community efforts to recover the NFTs. After negotiations, the hacker agreed to return all 36 BAYC and 18 MAYC in exchange for a 120 ETH bounty worth approximately $267,000. The payment was provided by Greg Solano, co-founder of Yuga Labs which created the Bored Ape collections.
Protecting NFTs
The exploit highlighted the need for users to be vigilant about revoking permissions granted to smart contracts. Developer Foobar assisted NFT Trader in stopping the attack and advised users to revoke approvals to prevent further thefts. The quick recovery demonstrated the power of community coordination to protect NFT owners.
Conclusion
In the end, the beloved Bored Apes made their way back home thanks to the combined efforts of Boring Security, Yuga Labs, Foobar, and the determination of the NFT community. It was an inspiring example of what can be accomplished when people work together post-exploit to do what is right.
