A hacker returned NFTs from the collections Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC), which they had stolen from the P2P NFT Trader platform, receiving 120 ETH as a reward.
On Saturday, December 16th, the perpetrator hacked the NFT Trader platform and seized collectible tokens worth approximately $3 million. The hacker left a message expressing their willingness to return the stolen assets in exchange for 120 ETH (approximately $267,000).
Subsequently, thanks to Boring Security, a non-profit project funded by ApeCoin, the thief received the requested amount and returned all tokens from the BAYC and MAYC collections within 24 hours. The "reward" was paid to the hacker by Greg Solano, co-founder of Yuga Labs, the company that created the "bored apes" collections. Solano actively participated in negotiations for the return of the stolen tokens to their rightful owners.
A developer known by the pseudonym Foobar discovered that the vulnerability became known only 11 days after the update of the smart contract, which led to abuse of the multiple requests function. This function allowed unauthorized transfer of NFTs on behalf of their rightful owners based on previously provided trading permissions.
Foobar urges users to revoke all granted permissions associated with the two old contracts: 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af to prevent potential subsequent thefts of NFTs.
Recall that in early December, a French court deemed the hackers who had hacked the decentralized financial service Platypus and stolen $8.5 million as "ethical" because they agreed to return the stolen funds for a reward.
