After NFTTrader Was Hacked, Yuga Is Working To Get The Stolen Apes Back& The BAYC Rallies Together!
It was a somber day in the swamp when a hacker discovered malicious code in the trading platform, NFTTrader's old smart contract, using it to steal 37 Bored Apes and 18 Mutant Apes. Now, Yuga Labs is stepping in to assist in recovering these stolen NFTs, while Bored Ape Yacht Club (BAYC) community leaders are stepping up to educate their fellow primates about wallet security!
The swamp was shaken early Saturday morning as BAYC members woke up to social media posts about hacks and missing Apes.
“RED ALERT,” Notable BAYC member Dingaling tweeted at 7 A.M. EST. “If you've ever used NFT Trader in the past, revoke approval to their contract ASAP (0x13d8faF4A690f5AE52E2D2C52938d1167057B9af) So far already 37 BAYC and 13 MAYC have already been drained to this address:
As the morning went on, many other BAYC members took to Twitter to report that their Apes were gone.
NFT Trader, the peer-to-peer digital asset trading platform whose old smart contracts were exploited and made today’s events possible, took to Twitter this afternoon with an explanation on how this happened and thanked 0xf4d3 and 0xFoobar for their help in solving the exploit.
“There was a malicious code execution from a third party to our two older smart contracts, the platform tweeted. “However, we've implemented all necessary measures to prevent any such incidents in the future.”
While NFT Trader said that the issue was resolved, the platform still recommended that users use Revoke.Cash to cancel any interactions that NFT collectors’ assets may be interacting with or connected to.
Following the exploit, the Hacker took to Etherscan with a message and said that they were willing to return the Apes for a 10% bounty.
“After you send me the reward, I’ll return the monkey to you, with the caveat that you’ll need to unauthorize the exploit contract, The Hacker wrote. “These are the two (that I know of so far)”
After the Hacker’s message was shared on social media by blockchain detective, ZachXBT, Yuga Labs Co-Founder, Garga said that he will gladly pay the Hacker’s bounty.
“And if the info below is real, I will gladly put up the ETH to see these 50 apes back to their rightful owners,” he wrote.
Yuga Labs CEO, Daniel Alegre echoed Garga’s tweet and said that Yuga Labs will pay for its members' assets' return.
“For those involved in the NFT Trader exploit, return the NFTs and Yuga will provide compensation for identifying the exploit upon safe return of the NFTs,” he said.
While today’s events were awful, BAYC members were happy to see Yuga Labs rally around its holders, reminding everyone that this community is like a family.
“Unexpected offer and greatly appreciated ty,” impacted BAYC member, King Black Bored tweeted.
As Yuga Labs works to get the stolen Apes home, BAYC members like Boring Security Founder, 0xQuit, and ApeCoin DAO Special Council Member, Gerry, shared tons of information on wallet security, revoking permissions, and ways to ensure that Apes are safe in the future.
“At Boring Security, we teach that you should NEVER have open approvals for your valuable assets,” 0xQuit tweeted. The reason we created the class was to prevent an eventual "doomsday" for apes. It appears we failed, and that day has come. Hoping for the best for everybody affected today. If (big if) all of these apes get returned, even for a 10% bounty, maybe this exploit was a blessing in disguise. A wake up call to web3: keep your cold wallets cold.”
Check out Gerry’s video below on how to revoke permissions via Revoke.Cash below:
Apes who would like to find out more about wallet security and how to properly store their NFTs can reach out to 0xQuit and the Boring Security team on Twitter and sign up for one of their classes free of charge! Apes who do sign up and do the class soon will also receive a free ApeCoin branded Ledger!
The Bored Ape Gazette will continue to follow this story and will let you know when these Apes are returned to their rightful owners. Stay tuned for updates!
Comments