NFT Trader, a peer-to-peer non-fungible token trading platform, has suffered a set of multiple exploits leading to multi-million dollar losses in users’ assets. The incident occurred on December 16, with the bad actors carting away $3 million worth of tokens, including 13 Mutant Ape Yacht Club, 37 Bored Ape, some VeeFriends, and World of Women NFTs.
NFT Trader has since confirmed the attack via an X post advising users to revoke access to some of its old smart contracts, which it claims to have been compromised. According to a post by X user foobar, the attacks are now over after NFT Trader implemented a smart contract update to eliminate a reentrancy vulnerability on its platform.
🚨🚨We’ve suffered an attack on old smart contracts, please remove the delegation using https://t.co/zEMgkS96nP to the following addresses:
-0xc310e760778ecbca4c65b6c559874757a4c4ece0
-0x13d8faF4A690f5AE52E2D2C52938d1167057B9af— NFT Trader (@NftTrader) December 16, 2023
NFT Trader Exploiter Seeks 10% Bounty To Return Stolen Asset
In an interesting turn of events following the attacks, one of the NFT Trader hackers shared a message in which he attributed the origin of the exploits to another attacker. In this message, the hacker claims to be a…
