NFT Trader’s stolen ape has been returned after a bounty was paid.

adminDecember 17, 2023

All Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non-fungible tokens (NFTs) stolen from peer-to-peer trading platform NFT Trader have been returned after bounties were paid.

About $3 million worth of NFTs were stolen in a hack on December 16th. According to the public message, the attackers originally attributed the exploit to another user. “We’re here to pick up the leftover trash,” they wrote, demanding a ransom to return the NFTs.

“If you want this NFT back, you have to pay me 120 ETH(…). Then I will send you the NFT. It’s as simple as that. I’m not lying, trust me(…).” read This is one of the messages.

A community initiative led by Boring Security, a non-profit Web3 security project funded by ApeCoin, recovered all assets within 24 hours after paying a 120 Ether (ETH) bounty, worth approximately $267,000 at the time of writing.

“36 BAYC and 18 MAYC owned by the exploiter are now in our possession. We sent her (the hacker) 10% of the lowest price of her collection as her bounty.” Boring Security Team wrote At X (formerly Twitter).

congratulations @BoringSecDAO To get that ape back.
Well done. ✅ @BoredApeYC pic.twitter.com/brVGQ58Sg2
— realniceguy.eth ❄️ (@realniceguy_SRH) December 17, 2023

The bounty was paid by Greg Solano, co-founder of Yuga Labs. The company creates NFT collections and supports negotiations to recover tokens and return them to their original owners free of charge.

According to Delegate’s pseudonymous founder and developer “Foobar”, the vulnerability was discovered 11 days ago after a smart contract upgrade allowed misuse of multi-currency functionality, enabling unauthorized transfer of NFTs from their rightful owners due to previously granted transaction permissions. has been introduced.

This incident requires users to revoke all permissions granted in two existing contracts: 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. Foobar said that if the authorization is not revoked, the NFTs could be stolen again. The developer assisted the NFT Trader team in stopping the attack shortly after it was discovered.

magazine: NFT creator: J1mmy.eth once minted 420 Bored Apes… Holds $150 million worth of NFTs.