In a significant security breach, the peer-to-peer trading platform NFT Trader experienced a cyberattack on, resulting in the theft of millions of dollars worth of nonfungible tokens (NFTs).
The breach targeted outdated smart contracts, leading NFT Trader to urge its users to revoke delegations to two specific addresses: 0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af.
NFT theft millions in losses
Among the NFTs stolen in this incident are at least 13 Mutant Ape Yacht Club tokens and 37 Bored Ape tokens. Additionally, NFT Trader reported losses involving VeeFriends and World of Women NFTs, cumulatively valued at nearly $3 million, according to Revoke.cash.
The aftermath of the NFT Trader security breach has been marred by rumors and misinformation circulating on various social media platforms.
Moreover, the extent of the security flaw exploitation remains unclear. One of the attackers even attributed the initial exploit to another user and made demands for ransom payments in exchange for returning the stolen NFTs.
Attacker’s statements raise questions
In a public message, one of the attackers provided some insights into their motivations and intentions. The attacker claimed to have initially targeted the platform to collect what they referred to as “residual garbage.” However, they later discovered the opportunity to pilfer NFTs as well.
Despite acknowledging the substantial value of these NFTs, the attacker expressed indifference to their monetary worth, stating, “I’m a good person, the value of these NFTs is enough for a person to live a free life, but I don’t care about that. I prefer to pick up the leftover trash.”
The attacker also revealed their limited technical skills and proposed a unique arrangement with the victims. They suggested that victims pay a 10% bounty in Ether (ETH) to regain possession of their stolen NFTs, claiming that retrieving all the affected NFTs at once was beyond their capabilities and consumed substantial time and energy. In their message, the attacker asserted, “My technical skills are limited, I can’t get all the affected NFTs at once, and it’s costing me a lot of energy and time. […] If you want the monkey NFT back, then you need to pay me a bounty, which is what I deserve.”
Attacker returns NFT and crypto
In a rather atypical turn of events, one of the victims reported that the attacker unexpectedly returned a rare NFT along with 31 ETH, which amounted to nearly $70,680
Expressing bewilderment, the victim took to social media, writing, “And now the hacker just sent me 31 ETH? What in the world is going on. Is this real life?”
In the wake of the NFT Trader security breach, users are advised to remain vigilant and to take precautionary measures to safeguard their NFT assets.
The platform has already identified and publicly disclosed the addresses targeted by the attackers, signaling its commitment to addressing the issue promptly.
An investigation into the breach is currently underway to determine the extent of the damage and to identify potential vulnerabilities in NFT Trader’s security infrastructure.
Users are urged to stay updated on the progress of the investigation and to follow any security recommendations provided by the platform.