YEREVAN (CoinChapter.com) – Boring Security, a non-profit Web3 security project funded by ApeCoin, recovered stolen NFTs. Earlier, on Dec 16, a hacker exploited a vulnerability in the smart contract of the peer-to-peer trading platform NFT Trader, resulting in the theft of valuable NFTs, including Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) tokens, valued at nearly $3 million.
Boring Securities Uses Hack As a Teaching Tool
The team behind Boring Securities posted follow-up tweets, further discussing the issue of the stolen NFTs. They urged their followers to know how things work “under the hood” to avoid the possible pitfalls. The project also asserted they partnered with over 80 NFT projects in the last year and a half, to ensure more security in Web3.
It turns out that being your own bank is complicated. It isn’t something that a quick soundbite or tweet thread is likely going to get you prepared for. The ETH devs have worked hard to create digestible abstraction layers for users, but things aren’t always as straightforward as they may seem.”
said the team.
Boring Securities also listed several necessary steps through which “community leaders” could ensure a safer web3. Giving whitelists for “security-educated folks,” offering security modules to complete before getting full access to the community, and creating or adopting primitives in the ecosystem, to name a few.
What Happened to NFT Trader?
The exploit targeted old smart contracts on the NFT Trader platform. The hacker manipulated these contracts, which are fundamental to operations on the blockchain, to illegally transfer numerous high-value NFTs.
Following the breach, NFT Trader updated its smart contracts to fix a reentrancy vulnerability and urged users to revoke any previous permissions granted to these contracts to prevent further exploits.
The hacker, who interacted publicly on the blockchain, initially claimed to have executed the attack to “pick up leftover trash.” However, they then demanded ransoms for the return of the stolen NFTs, specifically requesting 3 ETH for each Bored Ape and 0.6 ETH for each Mutant Ape.
This move is an unusual approach, as they even refunded one Bored Ape along with 31 ETH to a specific user and returned certain staked Bored Apes to their rightful owners while keeping the ApeCoin rewards.
In total, the hacker demanded a ransom of 120 Ether (ETH), approximately $267,000 at that time, to return the stolen NFTs. Boring Security led a community initiative to negotiate with the hacker and successfully recovered all the stolen assets within 24 hours after paying the ransom. The funds for the ransom were provided by Greg Solano, co-founder of Yuga Labs, the creator of the Bored Ape and Mutant Ape collections.
