Peer-to-peer trading platform NFT Trader suffered a security breach on Dec. 16, allowing hackers to steal millions of dollars worth of nonfungible tokens (NFTs).
NFT Trader confirmed the incident on X (formerly Twitter), saying the attack targeted old smart contracts, urging users to revoke delegations to two addresses: 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af.
Among the NFTs stolen are at least 13 Mutant Ape Yacht Club and 37 Bored Ape tokens, as well as VeeFriends and World of Women NFTs, making up to losses of nearly $3 million, according to Revoke.cash.
The hack was followed by rumors and misinformation on social media platforms. In addition, it’s still unclear how many hackers exploited the security flaw. In a public message, one of the attackers attributed the original exploit to another user. “I came here to pick up residual garbage,” they wrote, requesting ransom payments to return the NFTs.
“At first, as usual, I came here to pick up residual garbage. At first I thought I could only get TOKEN, but eventually I found out that I could also get NFT. […] I’m a good person, the value of these nft’s is enough for a person to live a free life, but i don’t care about that. I prefer to pick up the leftover trash,” one of the attackers said.
The attacker then claimed to have limited technical skills, and proposed victims to pay a 10% bounty in Ether (ETH) in exchange for their NFTs. “My technical skills are limited, I can’t get all the affected nfts at once, and it’s costing me a lot of energy and time. […] If you want the monkey nft back, then you need to pay me a bounty, which is what I deserve,” they wrote.
In another atypical development, one of the victims said the attacker returned a rare NFT along with 31 ETH, worth nearly $70,680 at the time of writing. “And now the hacker just sent me 31 eth? What in the world is going on. Is this real life?,” the victim wrote on X.
Magazine: NFT Creator: J1mmy.eth once minted 420 Bored Apes… and had NFTs worth $150M