coinspress.com
A notable breach occurred on the NFT Trader platform, a hub for peer-to-peer trades, resulting in the unauthorized transfer of several valuable NFTs.
Among the affected collections were renowned tokens from Bored Ape and Mutant Ape Yacht Club, World of Women NFTs, VeeFriends, and Art Blocks. The financial impact is substantial, with losses reaching millions.
🚨🚨We've suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af— NFT Trader (@NftTrader) December 16, 2023
In response, NFT Trader promptly urged its users to revoke permissions associated with two compromised smart contracts. This step aims to prevent further unauthorized transactions. The company acknowledged the breach in “older smart contracts” in a recent post, emphasizing the critical role of user vigilance in safeguarding digital assets.
The primary hacker, who remains unidentified, communicated through the blockchain, initially claiming the exploit aimed to clear out “residual clutter.” However, the situation escalated, with the hacker demanding 3 ETH and 0.6 ETH as ransom for Bored Apes and Mutant Apes, respectively.
In a twist, the hacker unexpectedly refunded one Bored Ape and 31 ETH to a user, and returned certain staked Bored Apes to their rightful owners while keeping the ApeCoin rewards.
READ MORE: Coinbase Challenges SEC for New Crypto Rules
Additional reports surfaced of secondary breaches resulting in the loss of various NFTs, such as Cool Cats and Squiggles, from users’ wallets. The community response varied, encompassing confusion and concern due to the unpredictable nature of the hacker’s actions. NFT Trader has yet to address inquiries regarding these supplementary incidents.
Amid the crisis, Garga, the founder of Bored Ape Yacht Club, stepped in, offering to pay the 10% ETH bounty demanded by the hacker. While this move aims to resolve the situation and retrieve the stolen NFTs, it raises apprehensions about establishing a precedent for future cyber threats, potentially incentivizing ransom demands and benefiting hackers financially.