An ethereum coder has claimed more than $600,000 worth of ape coins through flashloan ‘borrowing’ a Bored Apes Yacht Club (BAYC) NFT that was immediately returned after the airdrop was claimed.
In the first operation of its kind, the leet coder wrote a smart contract (pictured) that flash loaned all the NFTX vault tokens to redeem the pool, claim the APE, then re-supplied the pool.
NFTX so being a platform where NFTs are tokenized, with the pool in this case running on SushiSwap.
Conceptually the operation seems simple. You buy/borrow all the tokens, redeem them for the NFT that backs them, send the NFT to claim the airdrop, then send it back to the pool and give them back the tokens.
The best part of course being that none of this is actually happening as far as humans are concerned. The tokens or the NFT don’t really ‘move.’
This is simply a code operation, with the ethereum network verifying it all checks out, and so completes the operation in one block to then effectively end with the equivalent of print: ape claimed tokens.
We can see those steps above, including the ‘Null Address’ magic that does all the token to NFT transformation, and then the circa 60,000 claimed Ape Coins, worth more than half a million dollars.
The contract however doesn’t look too simple, although it is just 330 lines of code. But very condensed code that we can’t easily read.
The fee for all this was just 0.23 eth, worth about $670. That’s all he has paid to flashloan and borrow, convert and re-convert and claim, turning his total ‘investment’ into a 1,000x return.
Anyone could do this, as long as you’re willing to learn how to flashloan, with this being one of the biggest crypto native invention that was not possible before.
Source: https://www.trustnodes.com/2022/03/21/hacker-flashloans-600000-ape-airdrop