A Web3 Security Firm Recovers Stolen Bored Ape and Mutant Ape NFTs
Boring Security, a Web3 security firm, has successfully recovered 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs that were stolen from the NFT Trader platform. The hacker demanded a payment of 120 ETH to return the stolen NFTs and received it from Yuga Labs co-founder Greg Solano. Within 24 hours, Boring Security paid the bounty and recovered the stolen assets.
Hacker Demands Payment to Return NFTs
The NFTs were stolen on December 16th, with the hacker attributing the exploit to another user and demanding a payment of 120 ETH in exchange for returning the NFTs. The hacker stated, “If you want these NFTs back, then you need to pay me 120 ETH […].”
Community Initiative and Recovery
Boring Security organized a community initiative to recover the stolen assets and successfully retrieved them after paying the hacker the agreed-upon bounty. The security firm announced the recovery of the NFTs within 24 hours.
Bounty Paid by Yuga Labs Co-Founder
The 120 ETH bounty was paid by Yuga Labs co-founder Greg Solano, who played a crucial role in negotiating the return of the stolen NFTs to their rightful owners. Yuga Labs is the creator of both the Bored Ape Yacht Club and Mutant Ape Yacht Club NFT collections.
Vulnerability and Revoking Permissions
The vulnerability that allowed the unauthorized transfers of NFTs was introduced 11 days prior when a smart contract upgrade enabled a vulnerability in the multicall feature. The pseudo-anonymous founder and developer of Delegate, Foobar, warned that the NFTs could be stolen again if the permissions were not revoked.
Self Custody Complexity and Importance of Security Education
Boring Security highlighted the complexity of self-custody in decentralized finance and emphasized the need for a culture of security in Web3. The firm encouraged community leaders to contribute to security initiatives, such as providing whitelists for security-educated individuals and offering security modules as prerequisites for community access.
Hot Take: Boring Security Recovers Stolen Bored Ape and Mutant Ape NFTs
Web3 security firm Boring Security successfully recovered stolen Bored Ape and Mutant Ape NFTs after a hacker demanded a payment of 120 ETH to return the assets. Community efforts and the involvement of Yuga Labs co-founder Greg Solano led to the recovery of the stolen NFTs within 24 hours. However, the incident highlights the complexity of self-custody and the need for security education in the Web3 space. Boring Security emphasized the importance of understanding underlying processes and mechanisms to prevent future exploits. The firm encouraged community leaders to prioritize security and advocated for technical training and prerequisites to ensure secure practices in Web3.
Cyrus Dailey stands as a luminary gracefully weaving the roles of crypto analyst, tenacious researcher, and editorial artisan into a captivating narrative of insight. Amidst the intricate world of digital currencies, Cyrus’s perspectives resonate like finely tuned melodies, captivating curious minds from a myriad of perspectives. Her ability to decipher complex threads of crypto intricacies melds seamlessly with her editorial finesse, transforming intricacy into a harmonious composition of understanding.