A few stolen Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) non-fungible tokens (NFTs) from the peer-to-peer trading platform NFT Trader have been returned. The theft, which occurred on December 16, involved NFTs valued at almost $3 million.
The hacker, in public messages, initially blamed another user for the exploit and demanded a ransom for the NFTs' return. The hacker stated that a payment of 1 BAYC = 30 ETH and 1 MAYC = 6 ETH, required a 10% payment in ETH for their work.
If someone possessed a BAYC, they were asked to pay 3 ETH, and if they had both a BAYC and MAYC, the payment was 3.6 ETH.
Responding promptly, a community-driven effort led by Boring Security, a non-profit Web3 security project backed by ApeCoin, successfully retrieved all the assets within 24 hours after paying the 120 Ether (ETH) bounty. As of now, the bounty payment equates to approximately $267,000.
The Boring Security team has announced on X (formerly Twitter) that they have successfully acquired all 36 BAYC and 18 MAYC NFTs that were previously in the hands of the exploiter. In their efforts to recover the stolen tokens, the team also rewarded the hacker with a bounty worth 10% of the collections' floor price.
The bounty payment was facilitated by Greg Solano, the co-founder of Yuga Labs, the company responsible for both NFT collections. Yuga Labs played a crucial role in negotiating the return of the stolen tokens and did not charge any fees for their assistance.
Boring Security expressed its recognition of the challenges involved in decentralized finance and self-custody. While developers of Ethereum have made significant strides in creating more user-friendly abstraction layers, the team admitted that managing digital assets remains a complex issue.
Boring Security emphasized the need to comprehend the underlying processes and mechanisms of Web3, despite upcoming improvements in user interfaces. The security company, which has partnered with more than 80 NFTs projects, also emphasized the significance of promoting a culture of security in Web3 through free, instructor-led training.
They urged community leaders to contribute by providing whitelists for individuals educated in security. Additionally, they recommended implementing technical primitives, training moderators to be security advocates, and making security modules mandatory for community access.
According to "Foobar," the founder of Delegate, the exploit originated from a platform upgrade that occurred 11 days before the incident. This upgrade inadvertently allowed unauthorized NFT transfers due to previously granted trading permissions.
Foobar and others recommend revoking approvals given to old non-fungible token Trader contracts as a safeguard against potential repeat attacks, now that the stolen NFTs have been returned to their rightful owners without any cost.
The resolution of the recent theft and the successful recovery of the tokens have brought attention to the numerous risks present in the digital asset domain. This incident serves as a reminder for all stakeholders involved in NFTs—be it developers, platforms, or traders—to be extra cautious and vigilant.
It emphasizes the necessity for continuous monitoring of networks, robust security measures, and stringent authentication processes to safeguard valuable digital assets and preserve the trust that is fundamental to the entire NFT marketplace.
Furthermore, this security breach highlights the significance of taking proactive steps to strengthen the NFT ecosystem against potential threats. Implementing improved user-authorization protocols, conducting regular security audits, and actively monitoring for potential threats are a few key measures that should be carefully considered.
By embracing such proactive strategies and investing in secure protocols, the NFT community can confidently unlock the potential of this sector while ensuring a promising future that is safeguarded against repeated security breaches, thus preserving public faith in the process.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.