NFT Trader Platform Hacked, Users Lose Millions of USD
On the evening of December 16th, the NFT Trader platform fell victim to a significant hacking incident, resulting in the loss of numerous high-value NFTs belonging to its users, including assets from the Bored Ape Yacht Club, valued at millions of USD.
Some thoughts on this hack.
— Stats (@punk9059) December 16, 2023
1) Millions of dollars of NFTs were stolen. I've never seen anything of this size. Some of the absolute top apes -- a few worth $300k+ -- were taken.
2) It appears to have hit people who did trades on NFT Trader in the past and still had permissions… pic.twitter.com/EAjbDwqsFU
NFT Trader disclosed that their smart contracts were compromised by hackers, urging users to promptly revoke access permissions.
🚨🚨We've suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
— NFT Trader (@NftTrader) December 16, 2023
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af
The hacker subsequently posted a series of messages claiming the attack was aimed at thwarting another hacker's actions. However, they offered affected users the option to pay ransom in exchange for recovering their stolen NFTs.
Additionally, the attacker made perplexing gestures such as returning a Bored Ape NFT along with 31 ETH to an investor, while retaining staking rewards and randomly returning assets to other users.
The hacker also sent this ape owner 31 ETH. (ape owner is @RSandersDFS --- who still has some apes stolen).
— Stats (@punk9059) December 16, 2023
This is likely because he sold one of his apes for 35 ETH (ht @_mutatis).
Hacker is also returning the World of Women and VeeFriends to their owners. https://t.co/JVUEEwfcYI
NFT Trader attributed the incident to a third-party update that impacted the code of their legacy smart contracts. The project has since implemented necessary updates to prevent similar incidents in the future.
By the morning of December 17th, another NFT project, Flooring Protocol, also reported being attacked, resulting in an estimated loss of 1.54 million USD.
The NFT fragmentation protocol Flooring Protocol was suspected of being attacked. 14 BAYC and 36 Pudgy Penguins were stolen and sold. The hacker made a profit of 690 ETH (worth approximately US$1.54 million). https://t.co/3Fgi2Gikv2
— Wu Blockchain (@WuBlockchain) December 17, 2023
