NFT Investor Loses Millions of Dollars Following Cybersecurity Breach
One NFT investor recently reported a cybersecurity incident. The breached P2P NFT trading platform reported losing around $3 million in NFT reserves. As per the details from NFT investors, hackers managed to swap around 18 Mutant Ape Yacht Club and 36 Boring Ape Security Coins.
However, as per the details posted on social media platforms, the stolen NFTs are now fully recovered. The hackers that stole the NFTs seem to have asked for a bounty of 120 ETH coins valued at $267K at the time of the theft.
Boring Security, a non-profit Web3 security platform responded to the incident and managed to pay the ransom amount within 24 hours. Boring Security protocol is funded by ApeCoin and led the expedition to restore all the stolen NFTs.
Meanwhile, the attacker in question that targeted the peer-to-peer trading platform noted on social media platforms that they were capitalizing on an exploit initiated by another hacker.
NFT Hacker Demands 10% in Ransom Money to Return the Stolen Digital Assets
Greg Solano, co-founder of Yuga Labs reportedly released the ETH tokens to fulfill the ransom demand of the NFT robber. The firm is also responsible for creating both NFT collections namely BAYC and MAYC.
Yuga Labs founder also participated in the negotiation process and returned them to the original owners without charging any fee. Cybersecurity reports regarding the incident indicate that hackers were able to invade the peer-to-peer NFT trading platform on account of smart contract vulnerability.
Hackers managed to identify a technical blind spot in the smart contract based on a recent update installed 11 days before zero-day. Foobar, a pseudonymous security expert, who created Delegate identified the loophole and also assisted in stopping the spread of the attack in question.
Following the incident, community members urged all users on the platform to not interact with two old smart contracts and revoke permissions that were at security risk. This step was necessary to halt any further NFT thefts.
Boring Security Advocates Training Against NFT Hack Attempts
Boring Security, posted about the complexity of self-custodial in DeFi protocols. The firm noted that investors in the sector need to understand the workings of Web 3.0 platforms. Revoke.cash, a developer noted that the total number of hackers that participated in the exploit was not confirmed yet.
The dev further stated that hackers participating in the incident claimed that they came to pick up the residual garbage and asked for ransom payments.
Furthermore, an attacker involved in the incident claimed that they had limited technical skills and NFT hack was costing them a lot of time and energy. The attacker further noted that NFT estimation was enough to live a free life but they prefer to pick up the leftover trash.
Meanwhile, the affected party reported that the attackers started by asking for 10% ransom and ended up returning 31 ETH and a rare NFT in return. One surprised remark of the victim was ‘Is this real life’?