Trader of NFTs successfully retrieves stolen Bored Apes through a $267k reward

All NFTs stolen from the NFT Trader platform, including those from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC), have been successfully recovered thanks to a bounty payment of $267,000. On December 16, a security breach occurred on the peer-to-peer platform, resulting in the theft of NFTs valued at nearly $3 million. The attacker claimed to have exploited a vulnerability initially used by another user and demanded a ransom of 120 Ether (ETH), equivalent to $267,000 at the time, for the return of the stolen NFTs. In response, Boring Security, a non-profit web3 security project funded by ApeCoin, led a community effort to secure the return of the assets within 24 hours of complying with the ransom demand. Boring Security confirmed the recovery of all 36 BAYC and 18 MAYC NFTs and the payment to the hacker, which amounted to 10% of the floor price of the collections. The bounty was paid by Greg Solano, co-founder of Yuga Labs, the creator of the NFT collections, who facilitated negotiations to recover and return the tokens to their original owners at no cost. The breach was traced back to a vulnerability introduced by a smart contract upgrade 11 days prior, which allowed unauthorized transfers of NFTs. The loophole was identified by “Foobar,” a pseudonymous founder and developer who assisted NFT Trader’s team in stopping the attack. Following the incident, users were urged to revoke permissions granted to two old contracts that posed potential security risks to prevent future thefts. Boring Security emphasized the importance of understanding web3 mechanisms and highlighted the progress made by Ethereum developers in creating user-friendly interfaces. They stressed the need for vigilance in managing digital assets and called for regular training to combat NFT hacks. Boring Security has partnered with over 80 entities in the NFT space and advocates for a culture of security in web3. They offer free training sessions and propose measures such as creating whitelists for security-educated individuals, integrating security modules into community access requirements, and training moderators in security protocols. The firm also suggested incentives like hosting special events and providing bonuses for completing security classes to encourage participation in security education. Boring Security urged community leaders to collaborate in enhancing and safeguarding their communities and invited them to share insights and seek guidance.