A rescue effort carried out by technology and Web3 company Yuga Labs enabled the recovery of 68 non-fungible tokens (NFTs) worth more than $500,000 after a vulnerability in DeFi platform Flooring Protocol exposed assets belonging to some of the most well-known collections in the Ethereum ecosystem.
Among the recovered NFTs are 29 Bored Apes, 2 CryptoPunks, and 4 Mutant Apes. For now, These assets will remain in Yuga’s temporary custody. Meanwhile, solutions will be developed to fix the issues detected in the affected protocols.
The incident occurred at Flooring Protocol, a platform designed to provide liquidity to the NFT market.. That operation allows users to lock NFTs and receive fpTokens backed by those assets. These tokens can be exchanged more easily, helping to split the value of NFTs and create liquidity in a market that is typically less dynamic due to a lack of buyers and high prices for some collections. While this model aims to facilitate operations in traditionally illiquid markets, it can also pose risks if the technology infrastructure fails.
According to information released regarding this incident, The attacker used a small amount of Wrapped Ether (WETH) to launch the exploit. A flaw in the protocol’s internal accounting allowed it to generate a virtually unlimited amount of fpTokens, causing its value to plummet and emptying several liquidity reserves.
How did the attack take place?
A vice president at Yuga Labs, known by the pseudonym 0xQuit, explained that the vulnerability was caused by a manipulated token identifier that caused a type of “ghost property.” In practice, external ownership verification continued to work, but internal accounting recorded different information. This discrepancy proved critical for systems whose security relies on precise correspondence between deposited NFTs and issued tokens.
The failure was made worse by two types of errors: underflowa situation in which a mathematical operation exceeds the minimum limits allowed by the system and produces unexpected results, eventually causing the system to collapse. As a result, attackers were able to artificially inflate balances and manipulate the protocol’s internal economy to withdraw funds from the liquidity pool.
As a result of analyzing the incident, Researchers have identified a second method of attack This puts much higher value NFTs at risk, including assets from top-level collections. These were not affected in the first phase. exploit Because they were in the reserve with little activity, the attackers did not notice them at first.
The severity of the discovery prompted Yuga Labs to intervene immediately. According to CEO Michael Figge, resources have been mobilized through the GrailsOTC platform to fund defense operations. The team deployed a contract that exploits the same vulnerability used by the attackers.but the purpose is to store assets before they are stolen. This type of intervention is known in the industry as a “white hat” or “white hat” operation. white hat.
The situation was also favorable to exploitation. As the company noted, the attack occurred over the weekend, when on-chain activity is typically less monitored. Furthermore, Flooring Protocol had been in a phase of gradual deactivation since the previous year, with its NFT-focused division operating with limited controls, a situation that increased its exposure to sophisticated attacks.
The vulnerability went unnoticed
Yuga Labs guarantees: NFT will be returned to owner If safe technological solutions exist. The company emphasized this point to distinguish this operation from unilateral misappropriation of funds, which is a particularly sensitive issue within the ecosystem.
The original designer of Flooring Protocol, known under the pseudonym 0xFreeLunch, was responsible for the incident. As he explained, The vulnerability would not have been noticed during the audit This is because the code is highly optimized to reduce gas costs, which is a common practice on Ethereum and can make security reviews difficult.
The developer also revealed that he is a liquidity provider within the platform and lost his own assets during the attack. Furthermore, he raised the possibility that Those responsible may have used sophisticated artificial intelligence tools There is currently no evidence to support this hypothesis, but the vulnerability cannot be identified or exploited.
The identity of the attacker remains unknown And some of the stolen NFTs remain in the control of those affected. This means that although Yuga’s intervention managed to contain a significant portion of the losses, the case remains unsolved.
This incident once again highlights the risks facing NFT liquidity protocols and shows that even the most prestigious collections can be affected by hidden errors in the infrastructure that supports them.
(Tag Translation)Hacker
