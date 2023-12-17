All Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non-fungible tokens (NFTs) stolen from peer-to-peer trading platform NFT Trader have been returned following reward payment.

Nearly $3 million worth of NFTs were stolen in a hack on December 16. According to public messages, the attacker attributed the original exploit to another user. “I’m here to collect what’s left,” he wrote, requesting ransom payment to return the NFTs.

“If you want these NFTs back you have to pay me 120 ETH […] And then I’ll send you the NFT, it’s that easy, and I never lie, trust me […], reads One of the messages.

A community initiative led by Boring Security – a non-profit Web3 security project funded by AppCoin – recovered all assets in less than 24 hours after paying a 120 ether (ETH) reward, at the time of writing. At the time it was equal to that amount. Was approximately $267,000.

“All the 36 BAYC and 18 MAYC held by the exploiter are now in our possession. we sent him [the hacker] 10% of the minimum value of the collection as a reward to Boring Security Team wrote On X (formerly Twitter).

The bounty was paid by Yuga Labs co-founder Greg Solano. The company is the creator of the NFT collection and supports negotiations to recover the tokens and return them to their original owners for free.

According to Delegate’s pseudonymous founder and developer “foobar,” the vulnerability was introduced 11 days ago when a smart contract upgrade allowed abuse of the multicollateral feature, which caused NFTs to trade without their previously granted trading permissions. Was confiscated from the rightful owners. Used to enable unauthorized transfers.

The incident prompted users to call for all permissions granted to two older contracts, 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. Fubar said that if the approval is not revoked, the NFTs could be stolen again. The developer assisted NFT Trader’s team in containing the attack immediately after it was discovered.

Source: cointelegraph.com

Source: cryptosaurus.tech