In a recent incident on the NFT Trader platform, 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs, valued at nearly $3 million, were pilfered. The stolen assets were speedily returned following the payment of a 120 Ether (ETH) ransom. The hacker, claiming to have picked up “residual garbage” left by another user’s exploit, demanded the substantial ransom for the NFTs’ return. Astonishingly, the matter was swiftly resolved after the ransom payment, avoiding a prolonged standoff.
Boring Security, backed by ApeCoin, played a pivotal role in the swift recovery process, managing to retrieve the stolen NFTs within 24 hours of the ransom payment. The hacker received a notable bounty, approximately 10% of the floor price of the collections, totaling around $267,000. Greg Solano, co-founder of Yuga Labs, responsible for BAYC and MAYC NFT collections, assumed responsibility for the bounty payment, actively participating in the recovery efforts and subsequent investigation.
The security lapse leading to the theft was traced back to a smart contract upgrade eleven days prior, inadvertently enabling unauthorized NFT transfers and creating a vulnerability. Users have been advised to revoke permissions related to the vulnerability in two old contracts as a precautionary measure.
This incident underscores the intricate risks in the digital asset realm, emphasizing the need for heightened vigilance across NFT stakeholders. It highlights the urgency for continuous network surveillance, robust security measures, and stringent authentication processes to protect digital assets and uphold trust in the NFT marketplace.
The security breach also stresses the importance of proactive measures to fortify the NFT ecosystem. Enhanced user-authorization protocols, regular security audits, and active threat monitoring are crucial steps requiring careful consideration. By embracing vigilant strategies and investing in secure protocols, the NFT community can confidently navigate the sector’s potential, ensuring a secure and promising future without compromising public trust through repeated security breaches.