- NFT worth $3 million stolen due to hacking incident.
- ApeCoin offers $267,000 bounty for resolution.
- Boring Security now holds 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs previously taken by the hacker.
In a recent development, a batch of pilfered Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non-fungible tokens (NFTs) that were unlawfully taken from the NFT Trader platform have been successfully recovered. This heist, amounting to nearly $3 million, occurred on December 16.
Initially, the hacker pointed fingers at another user and demanded a ransom for returning the NFTs. The ransom terms were set at 1 BAYC = 30 ETH and 1 MAYC = 6 ETH, requiring a 10% payment in ETH for their 'services.' Those owning a BAYC were asked for 3 ETH, while holders of both BAYC and MAYC were asked for 3.6 ETH.
Prompt Retrieval by Boring Security
A community-driven effort, spearheaded by Boring Security, a Web3 security non-profit supported by ApeCoin, swiftly acted and managed to retrieve all assets within 24 hours by paying a bounty of 120 Ether (ETH). At current rates, this bounty amounts to roughly $267,000.
Boring Security publicly announced their success in reclaiming all 36 BAYC and 18 MAYC NFTs that were previously in the hacker's possession. Additionally, as a gesture in their retrieval mission, the team rewarded the hacker with a bounty valued at 10% of the floor price of the collections.
Facilitation and Assistance
Greg Solano, co-founder of Yuga Labs responsible for both NFT collections, facilitated the bounty payment without levying any fees for their assistance in negotiating the return of the stolen tokens.
Challenges and Future Collaborations
Boring Security acknowledged the intricacies of decentralized finance and self-custody, emphasizing the ongoing complexity in managing digital assets. They underscored the importance of understanding Web3 processes, advocating for a culture of security through education and technical advancements.
Lessons and Preventive Measures
An identified source highlighted the exploit's origin as an unintended consequence of a platform upgrade 11 days before the incident. Suggestions were made to revoke approvals for old non-fungible token Trader contracts to prevent similar attacks in the future.
Closing Thoughts and Recommendations
The resolution of this incident has drawn attention to the inherent risks in the digital asset sphere. It serves as a stark reminder for all involved parties in the NFT realm to exercise heightened caution and vigilance.
Stressing the need for continuous monitoring, robust security measures, and stringent authentication processes, it calls for proactive steps to fortify the NFT ecosystem against potential threats. This includes enhanced user authorization protocols, regular security audits, and proactive threat monitoring.
By embracing such proactive strategies, the NFT community can pave the way for a secure and promising future while preserving trust and confidence in the evolving landscape of digital assets.