Stolen NFTs Returned After Ransom Payment
The stolen NFTs from Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) on the NFT Trader marketplace have been returned following a ransom payment. The attacker returned the NFTs, valued at nearly $3 million, after receiving a ransom of 120 Ether (ETH) paid by the founders of Yuga Labs.
The recovery initiative was led by Boring Security, a non-profit Web3 security project funded by ApeCoin. Within 24 hours, the 120 ETH ransom, valued at approximately $267,000 at the time of payment, successfully retrieved all the assets. Boring Security confirmed the return of the 36 BAYC and 18 MAYC on X (formerly Twitter).
Vulnerability in NFT Trader’s Smart Contract
According to ‘Foobar,’ a developer and pseudonymous founder of Delegate, the vulnerability was introduced 11 days ago during a smart contract update. This update allowed for the abusive exploitation of a multicall feature, resulting in unauthorized transfers of NFTs. Foobar advised revoking all permissions granted to two outdated contracts to prevent further abuse. This precautionary measure is crucial for the security of NFT holders.
If you have any doubts, you can use the Revoke Cash tool to revoke permissions made by your address.