Bounty Settles NFT Theft: Bored and Mutant Ape Yacht Clubs Recover Stolen Assets
Summary:
In a recent incident, nonfungible tokens (NFTs) from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) collections were stolen from the NFT Trader platform but were returned following a paid bounty. The growth of web3 security project Boring Security helped expedite the return of the stolen assets. This event has led to an urgent call for the revocation of permissions linked to older contracts to prevent potential thefts in the future.
A theft of nonfungible tokens (NFTs) from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) collections hosted on the NFT Trader platform has been resolved, with stolen assets returned following a bounty payment. Almost $3 million worth of NFTs was purloined during the security breach on December 16. The attacker allegedly pinned the initial exploit on a different user and demanded a ransom for the return of the stolen NFTs. "If you desire the return of these NFTs, then a payment of 120 ETH must be made [โฆ] Upon receipt, I will ensure the NFTs are returned. My words hold true, trust in this promise [โฆ]," one of the messages stated. The Boring Security organization, a web3 security project funded by ApeCoin, secured the return of assets less than 24 hours after the demanded bounty was paid. "All 36 BAYC and 18 MAYC NFTs held by the exploiter have been retrieved. We paid ten percent of the base value of the collections as a bounty," announced the Boring Security team, over the X platform. The bounty was footed by Greg Solano, Yuga Labs co-founder, the creator of both NFT collections. The company aided in negotiating for the return of the tokens to the rightful owners at no expense. "Foobar", an anonymous founder and developer of Delegate, disclosed that the exploited weakness was introduced eleven days prior, following an upgrade of a smart contract which inadvertently permitted misuse of a multicall feature. This led to unsanctioned transfers of NFTs by exploiting previously granted trading permissions. This event led to the urgent call for revocation of all permissions to two older contracts; otherwise, Foobar warned of a possible repeated theft of NFTs. NFT Trader's team was supported by the developer in successfully combating the attack soon after it was detected.
Published At
12/17/2023 9:09:37 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.