{"id":26753,"date":"2023-12-17T19:05:44","date_gmt":"2023-12-17T19:05:44","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/nft-traders-stolen-apes-returned-after-bounty-payment\/"},"modified":"2023-12-17T19:05:46","modified_gmt":"2023-12-17T19:05:46","slug":"nft-traders-stolen-apes-returned-after-bounty-payment","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/nft-traders-stolen-apes-returned-after-bounty-payment\/","title":{"rendered":"NFT Trader\u2019s stolen Apes returned after bounty payment"},"content":{"rendered":"

<\/p>\n

\n

All Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) nonfungible tokens (NFTs) stolen from the peer-to-peer trading platform NFT Trader have been returned after a bounty payment.\u00a0<\/p>\n

NFTs worth nearly $3 million were stolen in the hack on Dec. 16. As per public messages, the attacker attributed the original exploit to another user. \u201cI came here to pick up residual garbage,\u201d they wrote, requesting ransom payments to return the NFTs.<\/p>\n

\u201cIf you want these NFT\u2019s back then you need to pay me 120 ETH [\u2026] and then I will send you the NFT\u2019s, it\u2019s as simple as that, and I never lie, believe me [\u2026],\u201d reads<\/a> one of the messages. <\/p>\n

A community initiative led by Boring Security \u2014 a non-profit Web3 security project funded by ApeCoin \u2014 recovered all the assets in less than 24 hours after paying the 120 Ether (ETH) bounty, worth around $267,000 at the time of writing.<\/p>\n

\u201cAll 36 BAYC and 18 MAYC that the exploiter had are now in our possession. We sent her [the hacker] 10% of the floor price of the collections as bounty,\u201d the Boring Security team wrote<\/a> on X (formerly Twitter). <\/p>\n

\n

Congratulations to the @BoringSecDAO<\/a> in getting back those Apes. <\/p>\n

Well done. \u2705 @BoredApeYC<\/a> pic.twitter.com\/brVGQ58Sg2<\/a><\/p>\n

\u2014 realniceguy.eth \u2744\ufe0f (@realniceguy_SRH) December 17, 2023<\/a><\/p><\/blockquote>\n

The bounty was paid by Greg Solano, co-founder of Yuga Labs. The company is the creator of both the NFTs collections and supported negotiations to recover the tokens and return them to their original owners for free.<\/p>\n

According to \u201cFoobar”, pseudonymous founder and developer of Delegate, the vulnerability was introduced 11 days ago after a smart contract upgrade allowed the misuse of a multicall feature, enabling unauthorized transfers of NFTs from their rightful owners due to previously granted trading permissions.<\/p>\n

The incident prompted calls for users to revoke all permissions granted to two old contracts 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af. The NFTs could be stolen again if approvals are not revoked, Foobar said. The developer assisted NFT Trader’s team in stopping the attack shortly after it was discovered. <\/p>\n

Magazine: <\/em><\/strong>NFT Creator: J1mmy.eth once minted 420 Bored Apes\u2026 and had NFTs worth $150M<\/em><\/strong><\/p>\n<\/div>\n