NFT Trader Hack

In December 2023, NFT Trader, a platform for trading non-fungible tokens, suffered a significant hack due to reentrancy vulnerabilities in its older smart contracts.

Attackers exploited these flaws, which allowed them to repeatedly withdraw assets before the contract updated its internal state.

The vulnerabilities affected users who had granted permissions to the compromised contracts, enabling attackers to steal high-value NFTs, including Bored Apes and Mutant Apes, worth an estimated $3 million.

Multiple attackers were involved, with one claiming to have replicated an existing exploit and demanding a ransom for the stolen NFTs.

Some NFTs were returned to their owners after ransom negotiations. The incident highlighted the critical need for comprehensive smart contract audits, particularly for older or deprecated contracts, as these vulnerabilities could have been detected and mitigated through automated tools or security audits.

The hack underscored the persistent risks of reentrancy vulnerabilities in the Ethereum ecosystem and emphasized the importance of ongoing security testing to protect user assets in decentralized platforms