Monday, 18 December 2023
by Rose White
NFT Trader, a peer-to-peer non-fungible token trading platform, has suffered a set of multiple exploits leading to multi-million dollar losses in users’ assets. The incident occurred on December 16, with the bad actors carting away $3 million worth of tokens, including 13 Mutant Ape Yacht Club, 37 Bored Ape, some VeeFriends, and World of Women NFTs.
NFT Trader has since confirmed the attack via an X post advising users to revoke access to some of its old smart contracts, which it claims to have been compromised. According to a post by X user foobar, the attacks are now over after NFT Trader implemented a smart contract update to eliminate a reentrancy vulnerability on its platform.
We’ve suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:-0xc310e760778ecbca4c65b6c559874757a4c4ece0-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af
— NFT Trader (@NftTrader) December 16, 2023
In an interesting turn of events following the attacks, one of the NFT Trader hackers shared a message in which he attributed the origin of the exploits to another attacker. In this message, the hacker claims to be a scavenger who came “for the leftover trash.”
The hacker said:
the original exploiter of the vulnerability wasn’t me, it was him, 0x3dc115307c7b79e9ff0afe4c1a0796c22e366a47b47ed2d82194bcd59bb4bd46. At first, as usual, I came here to pick up residual garbage. At first, I thought I could only get TOKEN, but eventually, I found out that I could also get NFT.
The exploiter claims to have just realized the high value of NFTs. They also admitted to having limited technical skills and are open to returning the stolen NFTs to users in return for a 10% bounty paid in Ether (ETH), which represents 3 ETH per Bored Ape and 0.6 ETH per Mutant Ape Yacht.
However, in another puzzling development, a victim of the NFT Trader exploit claims the same hacker has now returned some of the loot, including 31 ETH and a rare NFT, albeit holding on to the Apecoin rewards.
In more positive news, the total volume of hacks in the crypto ecosystem has experienced a major decline over the last year. According to recent data from TRM labs, the sum of $1.7 billion was lost to crypto hackers in 2023. And while this figure is quite significant, it represents a decrease of over 50% from the $4 billion recorded in 2022.
In its security report, TRM notes that this reduced loss volume can be attributed to several factors, including enhanced security protocols, increased law enforcement actions, and improved industry coordination.
At the time of writing, the crypto market remains valued at $1.541 trillion, having experienced a 3.21% loss in the last week.