All NFT Stolen From NFT Trader Has Returned After Prize Payments

Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) were targeted for theft. (photo: x @FrankieQuigs)

All nonfungible tokens (NFT) Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) stolen from the peer-to-peer trading platform NFT Trader have been returned after the payment of the prize.

NFT worth nearly $3 million was stolen in the attack on December 16. According to a public message, the attacker linked the initial exploit to another user. "I came here to take the rest of the trash," he wrote, asking for a ransom payment to return the NFT.

"If you want to get back this NFT, you need to pay me 120 ETH [...] and then I will send you that NFT, that's as easy as that, and I never lie, believe me [...]," reads one message.

A community initiative led by the Boring Security non-profit Web3 security project funded by ApeCoin returned all assets in less than 24 hours after paying a prize of 120 Ether (ETH), worth about US$267,000 at the time of writing.

"All 36 BAYCs and 18 MAYCs owned by the exploiters are now in our possession. We sent them [to hackers] 10% of the basic prices of the collection as gifts," the Boring Security team wrote on platform X (formerly Twitter).

The prize was paid by Greg Solano, co-founder of Yuga Labs. The company is the creator of both NFT collections and supports negotiations to return the token and return it to the original owner for free.

According to "Foobar," the pseudonym founder and developer of Delegate, this vulnerability comes 11 days ago after a smart contract upgrade allowed the misuse of the multicall feature, allowing the transfer of NFT without permission from its legal owner due to the previously granted trading license.

This incident prompted calls for users to revoke all permits granted to two old contracts 0xc310e760778ecbca4c65b65987457a4c4ece0 and 0x13d8faF4A690f5AE52E2DC52938d1167057B9af. "NFT can be stolen again if approval is not revoked," Foobar said. The developer helped the NFT Trader team to stop the attack as soon as it was discovered.