A recent 16 December 2023 incident boomed the requirement for actionable security tips to safeguard digital assets, mainly in the NFT landscape. NFTs worth nearly $3 million, including BAYC and MAYC were stolen in a hack, attributed the original exploit to another user.
Surprisingly! The hacked NFTs are successfully recovered. However, the retrievals succeed with the help of the bounty payment.
What Did the Hackers Actually Do?
NFT Trader, a peer-to-peer (P2P) trading platform got trapped into a hack on 16 December 2023. NFTs worth $3 million were stolen by an anonymous hacker.
“I reached to pick up residual garbage”, the hacker wrote, following a request for ransom payment to return the NFTs.
The attacker demanded 120 Ether (ETH) to return the NFTs. The interaction took place between the hacker and Boring Security, a not-for-profit DAO, through X.
Source: Twitter
Boring Security took the incident seriously, exhibited some trust, and made a decision to agree with the hacker’s demand.
How Did Greg Solano, the Co-Founder of Yuga Labs, Retort?
Agreeing with the hacker’s words, Boring Security finally succeeded in recovering all the digital assets in less than 24 hours.
“All the 36 BAYC and 18 MAYC are successfully retrieved”, the Boring Security team tweeted.
However, the deal required a bounty payment of 120 ETH, which is worth around $267,000. 10% of the floor price of the stolen collection was paid to the hacker as a bounty.
The deal was handled by Yuga Labs, the creator of the NFTs collection.
The company paid the bounty amount to the hacker, recovered the NFTs, and returned them to the original owners for free.
Despite this, Foobar, the founder and developer of Delegate, warned the NFT worlds about such vulnerabilities 11 days ago. Upgrade in the smart contract made it easy to enable unauthorized transfers of NFTs.
The recent incident prompted concerns for individuals, NFT holders, and the entire NFT world, and needs rectification to safeguard digital assets.
What Next?
Hacking challenges are not new to the world. The NFT world needs actionable security tips and a complex structure to fight such situations and protect NFTs from hackers.
After inspection, Boring Security acknowledged the challenges of self-custody in Decentralized Finance (DeFi).
“While developing a user-friendly abstraction layer, the intricacies of managing NFTs become challenging for Ethereum (ETH) developer”, tweeted Boring Security.
To mitigate such challenges and protect individuals’ NFTs, Boring Security came up with a plan, and informed teams to work overtime. The company has partnered with 80 NFT projects in the past 18 months and initiated training for a culture of security in Web3.
Participation in security education, offering security modules, and technical primitives are some major actions initiated by the firm. Also, Boring Security encouraged the team to contribute to the security culture by applying the measures.
In addition to this, hosting special Proof of Attendance Protocol (POAP) events and bonuses for completing the classes will be offered.
Steefan George is a crypto and blockchain enthusiast, with a remarkable grasp on market and technology. Having a graduate degree in computer science and an MBA in BFSI, he is an excellent technology writer at The Coin Republic. He is passionate about getting a billion of the human population onto Web3. His principle is to write like “explaining to a 6-year old”, so that a layman can learn the potential of, and get benefitted from this revolutionary technology.
Source: https://www.thecoinrepublic.com/2023/12/18/stolen-36-bayc-and-18-mayc-nfts-retrieved-after-bounty-payments/