Hacker Returns 54 NFTs Stolen from NFT Trader

Reading Time: 2 minutes
  • A hacker has returned 54 Bored and Mutant Apes he had stolen from the NFT Trader marketplace
  • All stolen NFTs were worth close to $3 million
  • He agreed to return the collectibles after receiving 120 ETH as a bounty from Yuga Labs’ Greg Solano

A malicious actor has returned 54 NFTs worth nearly $3 million that he had siphoned from the NFT Trader marketplace. The hacker agreed to return the funds after Yuga Labs co-founder Greg Solano agreed to pay him 120 ETH worth roughly $267,000 at the time of writing. According to the malicious actor, he managed to steal the collectibles after another attacker compromised the security of the NFT exchange, raising questions on whether the original exploit was discovered and how many hackers capitalized on the flaw.

Picking Up Residual Garbage

The security on NFT Trader was breached on December 16 leading to the loss of 36 Bored Apes, 18 Mutant Apes and other NFTs, with the platform disclosing that the hacker targeted recently upgraded old smart contracts.


In a blockchain message, the hacker said that he was picking “up residual garbage,” adding that he initially wanted to steal tokens associated with the collectibles but later learnt that he “could also get NFT[s].”

Web3 platform Boring Security helped recover and distribute the collectibles after the hacker’s demands were met. Solano said that he paid the bounty on behalf of the affected collectors and does not expect any refund from them.

Likely to be Compromised Again

Some individuals in the web3 community have noted that the P2P NFT exchange is bound to be compromised again if traders fail to revoke permissions they had granted using the old smart contracts.

Although the hacker’s actions correspond to a trend where malicious actors exploit web3 platforms and then request a 10% bounty, it’s not a common occurrence in the NFT space.

With the number of hackers that have exploited NFT Trader likely to be more than one, the exact number of stolen NFTs is likely higher.