Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert
Zero fees, no slippage
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security
Hacker Returns Stolen NFTs After Receiving Bounty Payment

Hacker Returns Stolen NFTs After Receiving Bounty Payment

CryptodailyCryptodaily2023/12/20 03:40
By:Amara Khatri

Table of Contents

  • Stolen NFTs Recovered
  • Bounty Paid By Yuga Labs Co-Founder
  • Complexity Of Self Custody

A Web3 security firm, Boring Security, has announced that it has successfully recovered 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs. 

The hacker returned the stolen NFTs after receiving a payment of 120 ETH from Yuga Labs co-founder Greg Solano. 

Stolen NFTs Recovered 

The assets were stolen from the peer-to-peer trading platform NFT Trader. The hack occurred on the 16th of December, with the hacker stealing $3 million worth of NFTs. According to available public messages, the hacker attributed the exploit to another user, adding that they had come to pick up “residual garbage.” The hacker stated in their message, 

“I came here to pick up residual garbage. “If you want these NFTs back, then you need to pay me 120 ETH […], and then I will send you the NFTs; it’s as simple as that, and I never lie, believe me […].”

Blockchain security firm Boring Security organized a community initiative to recover the stolen assets. Boring Security is a non-profit security project funded by ApeCoin. The security firm recovered the stolen NFTs within 24 hours after paying a 120 ETH bounty worth around $267,000 at the time. The Boring Security team announced the recovery on X, stating, 

“All 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her [the hacker] 10% of the floor price of the collections as bounty.”

Bounty Paid By Yuga Labs Co-Founder 

The 120 ETH bounty was reportedly paid by the co-founder of Yuga Labs , Greg Solano. Yuga Labs is the creator of both NFT collections in question (Bored Ape Yacht Club and Mutant Ape Yacht Club) and played a crucial role during the negotiations to recover the stolen NFTs and return them to their rightful owners. 

According to the pseudo-anonymous founder and developer of Delegate, Foobar, the vulnerability in question was introduced 11 days ago when a smart contract upgrade enabled a vulnerability that facilitated the misuse of a multicall feature. This allowed the unauthorized transfers of NFTs from their owners due to trading permissions granted previously. Foobar stated that the NFTs could be stolen again if the permissions were not revoked. 

Complexity Of Self Custody 

Boring Security acknowledged the complexity of self-bustody in decentralized finance. The team stated that while ETH developers have made considerable progress in creating user-friendly abstraction layers, managing digital assets remains a complex problem. 

“As we finish up getting these apes back to their rightful owners, I just want to give a huge shoutout to the team for working overtime this weekend to come together on this.”

Boring Security stressed the importance of understanding the underlying processes and mechanisms of Web3 despite upcoming improvements in user interfaces. The security firm, which has partnered with over 80 NFT projects, also stressed the importance of advocating a culture of security in Web3 with the help of free, instructor-led training. The security firm encouraged community leaders to contribute to this initiative by providing whitelists for security-educated individuals. It also advocated for adopting technical primitives and training moderators to be security champions, and offering security modules as prerequisites for community access. 

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like