NFT Trader, a renowned peer-to-peer trading platform, was compromised on December 16, leading to a significant theft of nonfungible tokens (NFTs) valued at almost US$3 million.
The breach was confirmed by the platform on X, where it was revealed that older smart contracts were the hackers' target.
The stolen assets include at least 13 tokens from the Mutant Ape Yacht Club and 37 from the Bored Ape collection, alongside NFTs from VeeFriends and World of Women.
In the wake of the breach, NFT Trader urgently advised users to revoke access to two specific smart contract addresses to prevent further unauthorised transactions.
⚠️ We've heard reports that popular peer to peer trading platform NFTTrader may have been exploited.We don't know the details yet. We recommend revoking to be on the safe side. We'll update the exploit checker with more information when we know it.https://t.co/Qc2dkPNWug
— Revoke.cash (@RevokeCash) December 16, 2023
Hacker demands 10% bounty
Amidst the ensuing confusion and speculation on social media, one of the attackers publicly admitted to exploiting the system initially to obtain tokens but subsequently discovered the ability to steal NFTs.
In a statement, the attacker claimed to be a "good person" and expressed disinterest in the monetary value of the NFTs.
However, they demanded a 10% bounty in Ether (ETH) for the return of the stolen items.
Adding to the complexity of the situation, a victim reported an unusual act of repentance by the hacker, who returned a rare NFT along with 31 ETH, worth nearly $70,680.
The victim expressed their astonishment on X, questioning the reality of the situation.
In a weird turn of events the NFTTrader hacker has sent not only @RSandersDFS BAYC backBut sent an extra 31 ETH to his wallet..
Wtf is going on????? pic.twitter.com/lyuo1yvQVb
— FFV (@FFVV1211) December 16, 2023