Boring Security DAO Leads Swift Recovery
The Boring Security DAO, a blockchain security firm, played a paramount role in the recovery process, swiftly retrieving the stolen NFTs within an impressive 24-hour timeframe. The hacker, who was identified through public messages, demanded a payment of 120 ETH (approximately $267,000) in exchange for the safe return of the stolen NFTs.
Yuga Labs Supports Negotiations
Yuga Labs, the creator of the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collections, actively supported the negotiations. Greg Solano, co-founder of Yuga Labs, contributed by paying the 120 ETH bounty. This amount represented 10% of the floor price of the collections.
The exploit was aided by a vulnerability introduced 11 days before the hack, as revealed by “Foobar,” the pseudonymous founder and developer of Delegate. A smart contract upgrade inadvertently allowed unauthorized transfers of NFTs due to trading permissions that had been previously granted.
In response, Foobar urged users to revoke all permissions granted to two old contracts (0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af). Both the developer and the NFT Trader’s team acted swiftly to halt the ongoing attack and secure the platform.
The hacker, described as having limited technical skills but claiming to be “a good person,” presented their compensation demands during negotiations. The negotiation process involved specific payment terms, with the hacker specifying a percentage-based compensation structure for each type of NFT. Ultimately, Yuga Labs co-founder Greg Solano paid the bounty, ensuring the safe return of the stolen tokens to their rightful owners.
Yuga Labs not only provided financial support during the recovery but also actively participated in the negotiations, demonstrating their commitment to the security and integrity of their NFT collections. This involvement brings reassurance to the affected community.