NFT Trader Security Breach
A security breach struck the NFT Trader platform on 16 December, resulting in the illicit acquisition of millions of dollars’ worth of nonfungible tokens (NFTs).
The incident, acknowledged by NFT Trader on X (formerly Twitter), targeted outdated smart contracts.
Users were promptly advised to revoke delegations to specific addresses, namely
Diverse NFT Losses
Among the stolen NFTs were at least 13 Mutant Ape Yacht Club and 37 Bored Ape tokens, alongside VeeFriends and World of Women NFTs.
The losses, assessed by Revoke.cash, tallied to nearly $3 million.
As the crypto community grappled with the aftermath, misinformation propagated on social media, adding to the confusion.
The extent of the hack remains ambiguous, with uncertainties surrounding how many hackers exploited the security flaw.
In a public message, one of the attackers distanced themselves from the initial exploit, attributing it to another user.
They demanded ransom payments for the return of the pilfered NFTs.
One of the attackers wrote:
“At first, as usual, I came here to pick up residual garbage. At first I thought I could only get TOKEN, but eventually I found out that I could also get NFT. I’m a good person, the value of these NFT’s is enough for a person to live a free life, but i don’t care about that. I prefer to pick up the leftover trash,”
Attackers Rewards Proposal
Despite limited technical skills, the attackers proposed a 10% bounty in Ether (ETH) in exchange for the return of victims’ NFTs.
The attackers wrote:
“My technical skills are limited, I can’t get all the affected nfts at once, and it’s costing me a lot of energy and time. […] If you want the monkey nft back, then you need to pay me a bounty, which is what I deserve,”
This unusual turn of events included a victim reporting the unexpected return of a rare NFT accompanied by 31 ETH, valued at almost $70,680.
The victim expressed disbelief, questioning the surreal nature of the situation on X.