On December 16th, NFT Trader, a platform facilitating peer-to-peer exchanges of non-fungible tokens (NFTs), fell victim to a multimillion-dollar exploit due to a vulnerability in its old smart contracts. This incident led to the loss of numerous high-value NFTs, including specimens from renowned collections such as Bored Apes, Mutant Apes, Art Blocks, and VeeFriends.The security breach instilled fear and raised concerns within the cryptocurrency community. The hacker had a specific target in mind and demonstrated a clear understanding of their actions, as they seized specific NFTs with significant market value.
All 36 BAYC and 18 MAYC that the exploiter had are now in our possession.
We sent her 10% of the floor price of the collections as bounty. We will be working with the affected victims getting them back to them free of charge.
Right after this coffee break…
— Boring Security (@BoringSecDAO) December 17, 2023
In response to this situation, Boring Security, an initiative supported by ApeCoin DAO aiming to educate Web3 users about the security of their digital assets, announced the success of negotiations with the hacker. Boring Security recovered and is currently in the process of returning 38 Bored Apes and 18 Mutant Apes to their rightful owners. However, the fate of the stolen NFTs from other collections remains uncertain.
The Thief Had Requested ETH in Exchange for the Return of the NFT
Before Boring Security’s intervention, the hacker had sent an on-chain message demanding a ransom. IIn this message, the requester asked for a payment of 3 ETH per Bored Ape and 0.6 ETH per Mutant Ape. The situation once again underscores the risks facing the blockchain community. Cybersecurity must become a central theme as hacking incidents and the use of exploits become more intensive and extensive over the years.
Boring Security issued a reflective message, emphasizing that managing your own bank is complicated. They urged Web3 users to always stay vigilant when interacting with decentralized applications, acknowledging that despite efforts to create understandable abstraction layers, complexities persist.
This incident in NFT Trader adds to a series of security issues in the crypto space, occurring shortly after the compromise of Ledger’s code library, a hardware wallet provider. The vulnerability in NFT Trader emphasizes the constant need to improve security practices in the ecosystem and highlights the challenges of decentralization and self-management of digital assets.