After a somber Saturday where two different trading protocols were compromised and lots of Apes were stolen, Boring Security performed a Christmas miracle by recovering 55 Primates ; bringing joy to the swamp, and giving everyone in the web3 space a wakeup call on the importance of wallet security!
December 16th began as one of the saddest days in Yugaverse history as countless Apes were stolen due to an exploit in NFT Trader’s old smart contract but ended in a renewed feeling of community and ‘Apes Together Strong!’
As the Bored Ape Gazette previously reported, the swamp was shaken early Saturday morning as BAYC members woke up to social media posts about hacks and missing Apes.
““RED ALERT,” Notable BAYC member Dingaling tweeted at 7 A.M. EST. “If you've ever used NFT Trader in the past, revoke approval to their contract ASAP (0x13d8faF4A690f5AE52E2D2C52938d1167057B9af) So far already 37 BAYC and 13 MAYC have already been drained to this address:"
Following the exploit, the Hacker took to Etherscan with a message and said that they were willing to return the Apes for a 10% bounty. But after they sent this message, the Hacker logged off for a bit, leaving the community in limbo.
While the NFT Trader Hacker was gone, another exploit took place at Floor Labs which led to another 14 Bored Apes being stolen.
All seemed lost around the swamp and fear was at an all time high. But like any good story the night is always darkest before dawn.
Boring Security’s Feld got a hold of the hacker via Etherscan and began negotiating the return of the Apes.
“I kind of felt like I was likely just wasting my time, but something told me that someone behaving a bit erratically and seemingly stressed just wanted to get it over with as soon as possible, so I messaged to offer that option,” Feld told the Gazette.
Feld and the NFT Trader Exploiter began messaging one another back and forth negotiating the terms of the Apes release and eventually agreed that Boring Security will send 3 Eth for every one Ape the hacker sends to them.
“There were some ups and downs,” Feld said. “At first she would send only a couple, then stopped and asked for 120eth for the rest. But once they messaged in Chinese, I could tell they just wanted this to be over with. I kept my composure, and kept sending ETH, and they kept sending apes.”
Over the next hour or so, the hacker returned the Apes one by one to Boring Security and the BAYC rejoiced as the primates were returned home!
“THE APES ARE COMING HOME,” Boring Security's 0xQuit tweeted!
Take a look at all the Apes that were saved thanks to Boring Security below:
After the last Ape was returned to Boring Security, the NFT Trader Exploiter sent a message to the BAYC community letting them know that the Apes were returned.
“The warehouse door has been opened,” the NFT Trader Exploiter messaged on Etherscan after the Apes release. “I was the second person to find it. I got the most valuable things and protected them. The items have now been returned to their owners. I also got what I deserved. If it was anyone else, I'm not sure. Will they do this? Probably not, but I do it because I'm a good, kind kid and a beautiful girl.”
Following this message, the NFT Trader Exploiter wished the BAYC a Merry Christmas and warned the club to be more vigilant in the future.
“I'd like to wish you all an early Merry Christmas, so, so, so, so, so, so, so, so, so don't let me catch you next time, okay?”
The Hackers eerie Christmas wish and warning is a stark reminder to the BAYC community that security is important.
“I wish I could give you a soundbite that would realistically protect people in the future, but people need to actually take the time to get educated on security in this space,” Feld told the Gazette. “Maybe in 2025 the answer will be "just get a hardware wallet and a wallet security extension" but we're not there yet. Not by a long shot. We teach live classes, for free, in 7+ languages, 10-15 times per month. We have dozens of articles. If you have real money in this space, if you are your own bank, you need to take security education seriously.”
Apes who would like to find out more about wallet security and how to properly store their NFTs can reach out to 0the Boring Security team on Twitter, @BoringSecDAO, and sign up for one of their classes! Apes who do sign up and do the class soon will also receive a free ApeCoin branded Ledger!
Boring Security is also co-hositng a Twitter Space with the BAYC community Council on Wallet Security at 3 P.M. EST! You can tune in below:
The Bored Ape Gazette will continue to follow Boring Security and will bring you continued coverage of this story. Stay tuned for updates!