In a major security breach, peer-to-peer trading platform NFT Trader fell victim to hackers on December 16, resulting in the theft of millions of dollars worth of nonfungible tokens (NFTs). Confirmed by NFT Trader on X (formerly Twitter), the attack targeted old smart contracts, prompting users to revoke delegations to specific addresses.
Among the stolen NFTs were at least 13 Mutant Ape Yacht Club and 37 Bored Ape tokens, along with VeeFriends and World of Women NFTs, leading to losses of nearly $3 million, according to Revoke.cash.
Users Urged to Revoke Delegations
The security breach at NFT Trader exposed vulnerabilities in old smart contracts, allowing hackers to compromise the platform. NFT Trader promptly informed users on X about the incident, urging them to revoke delegations to specific addresses (0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af). The stolen NFTs included significant collections like Mutant Ape Yacht Club, Bored Ape tokens, VeeFriends, and World of Women, totaling losses of nearly $3 million.
Following the security breach, social media platforms saw the spread of rumors and misinformation about the incident. The situation became more complicated as conflicting information emerged about the number of hackers involved and their motives. One of the attackers publicly claimed the original exploit was attributed to another user, stating intentions to receive ransom payments in Ether (ETH) to return the stolen NFTs.
Hacker Returns NFT Along with Ether
In an unexpected turn of events, one victim reported that the attacker returned a rare NFT accompanied by 31 ETH, equivalent to nearly $70,680 at the time of the statement. This unusual gesture raised questions and confusion within the affected community. The attacker, acknowledging limited technical skills, proposed victims pay a 10% bounty in Ether for the return of their NFTs, creating a complex and unpredictable situation.