
"Ethical" hacker steals and sells my NFT, leaving only 10% of assets as a "service fee"
TechFlow Selected TechFlow Selected

"Ethical" hacker steals and sells my NFT, leaving only 10% of assets as a "service fee"
In just two days, NFT Trader and Flooring Protocol were successively hacked.
Author: Fu Ruheshi
Editor: Qin Xiaofeng
Recently, two malicious attacks targeting NFT protocol contracts have drawn market attention—NFT Trader and Flooring Protocol were attacked on the 16th and 17th respectively. Odaily Planet Daily has reviewed these incidents.
On-chain data shows that on December 16, 37 BAYC and 13 MAYC tokens were transferred to a specific address, suggesting NFT Trader had been compromised. Shortly afterward, NFT whale "dingaling" reported that NFT Trader's Batch Swap contract had been attacked.

The attack was quickly confirmed by NFT Trader. The official team stated that hackers exploited vulnerabilities in two outdated smart contracts, resulting in the theft of 37 BAYC and 13 MAYC tokens, with total losses amounting to approximately $4 million.

Based on past experiences, the aftermath usually involves either the project compensating users or negotiating with the hacker for a refund. However, this time the hacker skipped communication entirely, immediately dumping the stolen NFTs and leaving behind a portion of funds as a "bounty."
One hacker posted on-chain stating they were not the original attacker, revealing that the initial attacker was the address ending in "bd46," and humorously referring to themselves as merely a "garbage collector" who came afterward. This hacker claimed they would return the NFTs for just 10% of the bounty, calculating it at 30 ETH per BAYC and 6 ETH per MAYC. Later, the hacker sold one BAYC on Blur for 35 ETH, kept 4 ETH, and returned the rest to the rightful NFT owner.

This sounds like a story of a "conscientious" hacker—selling the victim’s NFTs but only taking a small bounty and returning the remainder—but this cannot justify their actions.
Soon after, a user provided a method to recover the stolen NFTs. @0xQuit explained that by analyzing addresses holding the stolen NFTs, multiple NFTs had authorized access to NFT Trader. Using reverse recovery techniques, these assets could be reclaimed from the hacker.

The method was validated and endorsed by the project team, ultimately leading to successful asset recovery. Boring Security, a public security initiative funded by ApecoinDAO, announced that 36 BAYC and 18 MAYC tokens had been recovered (some had already been sold), and they would offer the hacker a 10% bounty while returning the NFTs to victims free of charge.
Thus, the NFT Trader theft incident temporarily came to a close, with minimal losses to victims. Just hours before the resolution of the NFT Trader incident, another NFT protocol, Flooring Protocol, also fell victim to a hacker attack.
Foobar, founder of Delegate, posted on X stating that Flooring Protocol had lost 14 BAYC and 36 Pudgy Penguins. The hacker then began rapidly selling them on Blur at prices far below floor value—listing BAYC at 26.2 ETH and Pudgy Penguins at 9.2 ETH—earning nearly $1.68 million, all of which went directly into the hacker’s wallet.

Although both Flooring Protocol and NFT Trader suffered attacks, the outcomes for victims were vastly different—victims of NFT Trader were simply fortunate. However, two consecutive high-profile thefts within just two days should serve as a serious wake-up call.
Yu Xian, founder of SlowMist, warned: "If you hold important assets on EVM chains, check and revoke authorizations for those critical assets (especially unlimited approvals). No one can 100% guarantee that even the most well-known protocols won’t encounter security issues."
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










