NFT Trader Hacked: Millions in NFTs Stolen, Including Bored Apes

The NFT world is reeling from a significant security breach. NFT Trader, a popular peer-to-peer NFT trading platform, has suffered a major hack, resulting in the theft of high-value NFTs worth millions of dollars. Among the stolen assets are coveted Bored Ape Yacht Club and Mutant Ape Yacht Club NFTs, sending shockwaves through the community. Let’s dive into what happened and what it means for NFT security.

What Happened to NFT Trader?

• The Breach: Hackers exploited vulnerabilities in NFT Trader’s “old smart contracts.”
• The Loot: Millions of dollars worth of NFTs were stolen, including Bored Apes, Mutant Apes, World of Women, VeeFriends, and Art Blocks.
• The Warning: NFT Trader has urged users to immediately revoke access to two compromised smart contracts.

NFT Trader confirmed the attack via an X post, stating that “old smart contracts” were the point of entry. They strongly advised users to revoke any permissions granted to these contracts.

The Aftermath and the Hacker’s Demands

According to X user foobar, the attacks have ceased following NFT Trader’s update to its smart contracts, which addressed a reentrancy vulnerability.

The alleged primary attacker left a public message on the blockchain, attributing the NFT exploit’s invention to another user. They claimed the attack was simply to “pick up residual garbage.”

In a bizarre twist, the attacker offered to return stolen NFTs in exchange for ransom payments: 3 ETH per Bored Ape and 0.6 ETH per Mutant Ape.

Adding to the confusion, the attacker has made seemingly random moves, such as refunding one Bored Ape and 31 ETH to a user, and returning staked Bored Apes while retaining the ApeCoin rewards.

Alongside the main attacker, reports have surfaced of auxiliary hacks, with users reporting losses of tokens like Cool Cats and Squiggles from their wallets.

The hacker’s justification? “I’m a good person, the value of these NFTs is enough for a person to live a free life, but I don’t care about that… My technical skills are limited, I can’t get all the affected NFTs at once, and it’s costing me a lot of energy and time, so.. If you want [your NFTs] back, then you need to pay me a bounty, which is what I deserve.”

NFT Trading Volume Soars Amidst the Chaos

Interestingly, this security breach occurred against a backdrop of increased NFT market activity. Sales have surged by 52.81% in the past week, reaching $503.35 million.

NFTs on the Bitcoin network have taken the lead, generating $276.79 million in sales, surpassing Ethereum’s $99.67 million.

DappRadar noted in a recent report, “The burgeoning interest and investment in NFTs could be partly attributed to the general sentiment of a bull market in the crypto sphere. Typically, in such market conditions, capital tends to flow towards NFTs.”

The week’s top sales included Ethereum’s Fidenza #985, which sold for $277K, and a Bitcoin-based NFT of a Van Gogh painting, which fetched $263K.

Key Takeaways and Actionable Advice

• Revoke Contract Access: If you’ve interacted with NFT Trader’s old smart contracts, revoke access immediately.
• Stay Informed: Keep up-to-date with the latest security news and best practices in the NFT space.
• Be Cautious: Exercise caution when interacting with new or unfamiliar smart contracts.
• Hardware Wallets: Consider using a hardware wallet for added security.

In Conclusion: A Wake-Up Call for NFT Security

The NFT Trader hack serves as a stark reminder of the importance of security in the rapidly evolving NFT landscape. While the market shows signs of growth and increasing interest, security vulnerabilities remain a significant concern. Users must take proactive steps to protect their assets and stay informed about potential risks. This incident underscores the need for ongoing vigilance and robust security measures within the NFT ecosystem.