Jump to
Main Blog Hype NFT Trader hacker returns 56 BAYC and MAYC NFTs for 120 ETH

NFT Trader hacker returns 56 BAYC and MAYC NFTs for 120 ETH

Pic 1

On December 16, a vulnerability in two smart contracts of the NFT Trader platform resulted in some users losing their assets. According to the Revoke.cash, the total losses are estimated at $3 million, most of which are NFTs from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) collections.

However, the hacker got in touch the same day. On December 17, after receiving a reward of 120 ETH (about $268,000), they returned the NFTs to Boring Security, a non-profit web3 security education DAO. Boring Security has begun returning NFTs to their previous owners.

What is NFT Trader

NFT Trader is a peer-to-peer NFT trading platform with advanced social functionality. Users can post ads to buy specific NFTs or securely exchange them on the Ethereum and Optimism blockchains.

NFT Trader largely runs on the Seaport protocol developed by NFT marketplace OpenSea but also has its own smart contracts for some operations.

Smart contracts are programmes operating on the blockchain. They allow users to perform complex operations within the network, such as securely exchanging funds (unlike the alternate transfer of funds from address to address, where one party can cheat the other). Before interacting with any smart contract, users must give it approval to change the balance of their address.

However, like any program, smart contracts can have vulnerabilities, be malicious, and steal funds from approved addresses.

How did the NFT Trader get hacked

As reported by NFT Trader on December 16, an attacker exploited two old smart contracts, stealing NFTs. For the safety of unaffected users, it was recommended to revoke approvals from these smart contracts through services like Revoke.Cash.

According to Revoke.Cash, the stolen NFTs were valued at $3 million. Almost all of them are from the popular BAYC and MAYC collections, 36 and 18 NFTs, respectively.

NFT Trader’s negotiating with the hacker

On the same day, December 16, the hacker got in touch via messages in transactions to their own Ethereum address. The following became known:

πŸ‘©β€πŸ’» The hacker is "a good, kind kid and a beautiful girl". Usually, hackers prefer not to reveal their gender or other identifying information;

πŸ™…β€β™€οΈ She is not the first to find the vulnerability. In her messages, she left an address that had used a similar exploit before, but she decided to transfer the NFTs to her address so that the real attacker would not do so;

πŸ”„ She also expressed her willingness to return the NFTs to their previous owners for 10% of their floor price. So, returning one NFT from the BAYC collection would cost 3 ETH (about $6,700), and returning one from MAYC would cost 0.6 ETH (about $1,340).

Pic 2

Read about how public messages can be sent in Ethereum transactions in our article on the August Curve hack. In that case, the scammer was also negotiating with the protocol.

How BAYC and MAYC NFTs were recovered

On December 17, Boring Security DAO contacted the hacker. Through public correspondence, it was revealed that, for 120 ETH (about $268,000), the exploiter agreed to return all NFTs from the BAYC and MAYC collections. This amount is 1.2 ETH more than the individual owners would have given in total. 

In the end, the funds were provided through the Boring Security DAO by Greg Solano, co-founder of Yuga Labs, which owns the rights to MAYC, BAYC, CryptoPunks, Meebits and other major NFT collections.

On the same day, the hacker returned all the stolen NFTs to Boring Security DAO, which in turn began returning them to their previous owners.

All in all, there was a happy ending, which is not really common after-hacks in DeFi. To be on the safe side, it is worth revoking the approvals of smart contracts and protocols you rarely use. That way, in case of a vulnerability, your funds will be safe. For other tips, read our article: Crypto scam: how to protect yourself.

πŸ‘€You might also like: 

What is NFT

How to create an NFT: a step-by-step guide

Bored Ape NFT creators win $1.6M in trademark infringement case

Maria Kachura
Maria Kachura

Visit her on Facebook or hit her up via Email.

Share this post
Similar articles
Best investment options for 2023
16 February, 2023
Best investment options for 2023
Let’s explore all the pros and cons of currencies, cryptocurrencies, stocks, real estate, and precious metals.
The difference between coin and token: understanding crypto assets
24 April, 2024
The difference between coin and token: understanding crypto assets
Discover the key differences between coins and tokens in the cryptocurrency ecosystem. Learn about their features, roles, and examples in this comprehensive guide.
NFT NYC 2022!πŸŒπŸ¦„
20 June, 2022
NFT NYC 2022!πŸŒπŸ¦„
NFT NYC 2022.
AIBC Americas 2022
8 June, 2022
AIBC Americas 2022
AIBC Americas 2022.
Top 5 NFT games in 2024: the future of blockchain gaming
19 June, 2024
Top 5 NFT games in 2024: the future of blockchain gaming
In this guide, the itez team has gathered the freshest and most exciting information about the Play-to-Earn (P2E) segment and NFT games.
ETH NEW YORK 2022 πŸŒπŸ¦„
24 June, 2022
ETH NEW YORK 2022 πŸŒπŸ¦„