BAYC and MAYC NFTs were successfully recovered after a generous bounty payment. The incident occurred on the NFT Trader platform, resulting in the theft of NFTs valued at nearly $3 million. However, thanks to the swift response of Boring Security, a non-profit Web3 security project supported by ApeCoin, the stolen digital assets were returned to their rightful owners within 24 hours.
The recovery operation involved a bounty payment of 120 Ether (ETH), equivalent to approximately $267,000 at the time. Greg Solano, the co-founder of Yuga Labs and creator of BAYC and MAYC NFT collections, played a vital role in negotiating the resolution and securing the return of the NFTs at no additional cost.
The attack was attributed to a vulnerability in a recently updated smart contract, specifically related to a multicall feature. This flaw allowed unauthorized transfers of NFTs using previously granted trading permissions. The vulnerability was identified by “Foobar,” the pseudonymous founder and developer of Delegate, who aided the NFT Trader team in swiftly addressing the breach.
Following the security breach, users have been urged to revoke permissions granted to two specific old contracts identified as potential risks. These contracts pose a continued threat, and if approvals are not revoked, the stolen NFTs could potentially be compromised again.
This incident highlights the ongoing vulnerabilities within the NFT space and emphasizes the importance of robust security measures. The successful recovery of the stolen assets demonstrates the effectiveness of rapid response and crisis management in the digital asset domain. It also underscores the collaborative efforts between different entities within the NFT ecosystem, including developers, platform owners, and community initiatives, in safeguarding assets and maintaining trust.
The incident serves as a wake-up call for the NFT community to prioritize security and remain vigilant against potential exploits. Continuous monitoring and updating of smart contracts are essential in preventing similar occurrences in the future. As the NFT market continues to evolve, ensuring the security of digital assets remains a top priority for both creators and investors.