- NFT Trader has suffered a hack on “old smart contracts,” letting at least one hacker make off with high-value NFTs worth millions of dollars, including several Bored Ape Yacht Club and Mutant Ape Yacht Club NFTs.
- NFT Trader has warned users to revoke access to two compromised smart contracts as the main hacker demands ransom payments for the stolen NFTs.
High-value NFTs worth millions of dollars, including rare Bored Ape and Mutant Ape Yacht Club tokens, World of Women NFTs, VeeFriends, Art Blocks, have been stolen in a major hack of peer-to-peer trading platform NFT Trader earlier today.
🚨🚨We've suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af— NFT Trader (@NftTrader) December 16, 2023
NFT Trader confirmed in an X post that “old smart contracts” had been attacked and urged users to revoke any permissions they had given the smart contracts in the past.
📢There was a malicious code execution from a third party to our two older smart contracts. However, we've implemented all necessary measures to prevent any such incidents in the future.
— NFT Trader (@NftTrader) December 16, 2023
An X user foobar has claimed the attacks have finished after NFT Trader updated its smart contracts to fix a reetrancy vulnerability.
All exploits have now stopped pic.twitter.com/bS2YUl0l7i
— foobar | Clusters (@0xfoobar) December 16, 2023
The apparent main attacker posted a public message to the blockchain, pinning the invention of the NFT exploit on another user and claiming the attack was to “pick up residual garbage.”
The attacker offered to return tokens to victims after being paid a ransom of 3 eth per Bored Ape and 0.6 eth per Mutant Ape.
The attacker has also made a series of confusing moves, refunding one Bored Ape along with 31 eth to one user and returning certain staked Bored Apes to their owners, while keeping the ApeCoin rewards.
NFT Trader exploiter also pulled $165,000 worth of $APE from staked BAYC/MAYC that they drained
Looks like they're sending back the apes that were staked and keeping the $APE as the bounty pic.twitter.com/HzA51xeFLB
— Cirrus (@CirrusNFT) December 16, 2023
Aside from the main hacker, there have been reports of auxiliary hacks that have drained tokens such as Cool Cats and Squiggles from users’ wallets.
Other wallets appear to be stealing assets as well. This one took a CoolCat and a Squiggle. Using what appear to be similar methods. pic.twitter.com/ctfKtX9zhp
— Stats (@punk9059) December 16, 2023
After the hack, the hacker said,
“I’m a good person, the value of these NFTs is enough for a person to live a free life, but I don’t care about that… My technical skills are limited, I can’t get all the affected NFTs at once, and it’s costing me a lot of energy and time, so.. If you want [your NFTs] back, then you need to pay me a bounty, which is what I deserve.”
NFTs Trading Volume Soar
In the backdrop of this security breach, the NFT market experienced a surge in activity. Sales soared by 52.81% over the past week, amassing $503.35 million.
NFTs on the Bitcoin network emerged as a dominant force, raking in $276.79 million and eclipsing Ethereum’s $99.67 million.
“The burgeoning interest and investment in NFTs could be partly attributed to the general sentiment of a bull market in the crypto sphere. Typically, in such market conditions, capital tends to flow towards NFTs,” DappRadar said in a recent report.
The week’s most notable sales included Ethereum’s Fidenza #985, fetching $277K, and a Bitcoin-based NFT of a Van Gogh painting, which sold for $263K.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.