A tumultuous saga unfolded in the digital realm as NFT Trader, a prominent peer-to-peer trading platform, grappled with a severe security breach. Malevolent actors infiltrated the platform, orchestrating an unauthorized exodus of prized non-fungible tokens of immense value. Among the coveted haul were treasures from illustrious collections like the Bored Ape and Mutant Ape Yacht Club, World of Women NFTs, VeeFriends, and Art Blocks, catapulting the financial fallout into the millions.
In a recent X post, NFT Trader sounded the alarm, urging its user base to rescind permissions tethered to two compromised smart contracts. This defensive maneuver aimed to stem the tide of illicit transfers, emphasizing the critical need for heightened user vigilance in safeguarding their digital assets.
Surprisingly, the stolen NFT inventory comprised a minimum of 13 Mutant Ape Yacht Club tokens, 37 Bored Ape tokens, VeeFriends, and World of Women NFTs, culminating in losses nearing an astonishing $3 million, confirmed by Revoke.cash.
NFT Hacker’s Cryptic Moves
The enigmatic orchestrator behind this digital heist shrouded in anonymity, surfaced through blockchain communications. Initially purporting to target “residual garbage,” the situation spiraled into ransom demands. The hacker demanded 3 ETH and 0.6 ETH as ransom for the restitution of Bored Apes and Mutant Apes, respectively. Adding layers of complexity, sporadic refunds of one Bored Ape and 31 ETH to a user, alongside the return of certain staked Bored Apes to their rightful owners while retaining ApeCoin rewards, ensued.
Troubling accounts revealed additional breaches that extracted non-fungible tokens such as Cool Cats and Squiggles from users’ online wallets. Within the tumult, the community’s reaction oscillated between confusion and concern, wrestling with the unpredictable tactics of the hacker. Interestingly, despite increasing queries, NFT Trader has chosen silence regarding these added incidents.
Garga, the luminary founder of Bored Ape Yacht Club, extended an olive branch by offering to cover the 10% ETH bounty demanded by the hacker. While this gesture holds promise in resolving the crisis and reclaiming the pilfered non-fungible tokens, it unfurls concerns of setting a precedent, hinting that ransom ultimatums could yield financial dividends for cyber attackers, opening a perilous gateway for future breaches.