Bored Ape Airdrop Exploited To Steal $1.5 Mln in Apecoin
A vulnerability within the Bored Ape Yacht Membership’s (BAYC) airdrop was exploited to steal about $1.5 million in ApeCoin tokens (APE), a analysis report confirmed. APE tokens have been initially distributed to holders of BAYC NFTs this Thursday, earlier than being out there to commerce on the open market.
Cybersecurity researcher Check Point Research said the hacker used a way referred to as “flash mortgage” to rapidly borrow BAYC NFTs and redeem a lot of tokens.
The primary vulnerability within the airdrop was that BAYC didn’t test how lengthy the NFT holders had owned the asset, Verify Level mentioned. As such, the attacker needed to personal a BAYC NFT for under a quick second to assert the token.
The hacker additionally used an NFT vault platform referred to as NFTX to establish BAYCs that had not been used to assert the airdrop, which they then exploited to assert APE tokens. Verify Level mentioned the attacker offered the APE tokens on the open marketplace for $1.5 million.
A separate report from safety agency CertiK mentioned the hacker made a revenue of round $800,000.
No snapshot earlier than APE airdrop
BAYC creator Yuga Labs didn’t create a snapshot, ie, a document of all BAYC holders, earlier than the airdrop. This allowed folks to purchase BAYCs in actual time to assert the airdrop.
Knowledge from NFT price floor exhibits that BAYC’s value flooring, ie the bottom value at which one can purchase into the undertaking, had surged by practically 20% after the announcement of the airdrop. The worth, together with BAYC gross sales, had continued to extend because the airdrop started, peaking at 105.91 ETH (USD 313,938).
APE marks a extremely unstable debut
ApeCoin marked giant value swings in its buying and selling debut. The token surged to as a lot as $40, earlier than sinking all the way down to $6 after the airdrop, and because it started buying and selling on a number of main exchanges. On the time of writing, the token was buying and selling at about $13.2, having misplaced 16% over the previous 24 hours.
The token was revealed earlier this week. About 15% of whole provide was distributed by the airdrop.