Recent reports unveil a significant security lapse within the peer-to-peer non-fungible token (NFT) marketplace, as NFT Trader falls victim to a breach. The platform has officially confirmed the incident, attributing the compromise to an exploited outdated smart contract. The consequence of this breach is the unauthorized removal of approximately $3 million worth of prestigious digital collectibles, notably featuring pieces from the Mutant Ape Yacht Club (MAYC) and Bored Ape Yacht Club (BAYC) NFT collections.
NFT Trader Compromised: Losses Tally $2.85 Million in High-Value NFTs
The compromised NFT trading platform, NFT Trader, is now grappling with the aftermath of a substantial security breach, resulting in an estimated loss of around $2.85 million in high-value NFTs. In response to the incident, NFT Trader promptly issued a public statement on X, cautioning users about the breach and urging action.
The statement read, “We’ve fallen victim to an attack on outdated smart contracts. Please take immediate action to remove delegation using revoke cash to the following addresses,” providing two specific addresses along with the affected smart contract details.
🚨🚨We’ve suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af— NFT Trader (@NftTrader) December 16, 2023
Official accounts from Revoke Cash X disclosed that the perpetrator made off with approximately $3 million worth of NFTs, predominantly comprising Bored Apes and Mutant Apes. While the exact modus operandi of the theft remains shrouded in uncertainty, Revoke Cash’s website, summarizing the breach, indicated a silver lining.
Some of the pilfered NFTs have been returned by the exploiter, fostering a glimmer of hope for affected users to reclaim a portion of their digital assets. “The exploiter has demonstrated a partial restitution by sending back several stolen NFTs to the rightful owners, offering a ray of optimism for users seeking asset recovery,” noted Revoke Cash.
⚠️ We’ve heard reports that popular peer to peer trading platform NFTTrader may have been exploited.
We don’t know the details yet. We recommend revoking to be on the safe side. We’ll update the exploit checker with more information when we know it.https://t.co/Qc2dkPNWug
— Revoke.cash (@RevokeCash) December 16, 2023
As we approach the end of 2023, the NFT Trader incident becomes another entry in a series of recent security breaches, closely following the Ledger Connect Kit Library mishap and the Okx Dex hack. Recent research from the past month revealed a staggering $343 million pilfered from both centralized and decentralized crypto exchanges. The increasing value of non-fungible token (NFT) assets has rendered them attractive targets, contributing to the surge in such security incidents.
In recent years, NFT owners have faced a growing threat from phishing attacks employing a variety of deceptive strategies. These scams employ tactics to deceive victims into revealing critical information, which is then exploited by attackers to compromise security systems.
Related: Farcana Raises $10M for Bitcoin-Payout NFT Esports Shooter
The primary objective is to infiltrate the digital wallets of unsuspecting individuals and seize control of their valuable NFTs. For instance, in January 2022, an owner of a New York gallery fell victim to a phishing scam, resulting in the loss of NFTs valued at $2.2 million. This illustrates the evolving and persistent nature of security challenges within the NFT space.
