In a major security breach, peer-to-peer trading platform NFT Trader fell victim to hackers on December 16, resulting in the theft of millions of dollars worth of nonfungible tokens (NFTs). Confirmed by NFT Trader on X (formerly Twitter), the attack targeted old smart contracts, prompting users to revoke delegations to specific addresses.
🚨🚨We've suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
— NFT Trader (@NftTrader) December 16, 2023
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af
Among the stolen NFTs were at least 13 Mutant Ape Yacht Club and 37 Bored Ape tokens, along with VeeFriends and World of Women NFTs, leading to losses of nearly $3 million, according to Revoke.cash.
Statement from NFT Trader:
— Revoke.cash (@RevokeCash) December 16, 2023
Looks like losses are close to $3M, mostly Bored Apes and Mutant Apes.https://t.co/DRSKcawa7n
Users Urged to Revoke Delegations
The security breach at NFT Trader exposed vulnerabilities in old smart contracts, allowing hackers to compromise the platform. NFT Trader promptly informed users on X about the incident, urging them to revoke delegations to specific addresses (0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af). The stolen NFTs included significant collections like Mutant Ape Yacht Club, Bored Ape tokens, VeeFriends, and World of Women, totaling losses of nearly $3 million.
Ransom Demands and Conflicting Information: Chaos on Social Media
Following the security breach, social media platforms saw the spread of rumors and misinformation about the incident. The situation became more complicated as conflicting information emerged about the number of hackers involved and their motives. One of the attackers publicly claimed the original exploit was attributed to another user, stating intentions to receive ransom payments in Ether (ETH) to return the stolen NFTs.
Hacker Returns NFT Along with Ether
In an unexpected turn of events, one victim reported that the attacker returned a rare NFT accompanied by 31 ETH, equivalent to nearly $70,680 at the time of the statement. This unusual gesture raised questions and confusion within the affected community. The attacker, acknowledging limited technical skills, proposed victims pay a 10% bounty in Ether for the return of their NFTs, creating a complex and unpredictable situation.
And now the hacker just sent me 31 eth? What in the world is going on. Is this real life?
— Ricky Sanders (@RSandersDFS) December 16, 2023
