P2P platform NFT Trader breached, asks users to revoke approval

NFT Trader is suspected to have been breached after several blue-chip non-fungible tokens (NFTs) were wrongfully transferred.

According to an X post by Chinese crypto news reporter Colin Wu, the NFTs were transferred to the address 0x909F2159780e64143CF08f32dBBF56Ed19478fda

Wu gave an update about the address holder’s on-chain message, denying they hacked the P2P trading platform, and claiming they rescued the NFTs to return them.

The holder, who identified themselves as a female “scavenger,” revealed the real hacker’s address as 0x3dc115307c7b79e9ff0afe4c1a0796c22e366a47b47ed2d82194bcd59bb4bd46

NFT Trader also announced it has suffered an attack on old smart contracts on X (formerly Twitter), asking users to remove delegations via Revoke.cash to the following addresses:

• 0xc310e760778ecbca4c65b6c559874757a4c4ece0
• 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af

The P2P trading platform is fairly unknown by most NFT traders. its website shows its CEO is John Pak, working together with co-founders Mattia Migliore and an individual who goes by the pseudonym “Bruckzr.”

On X, an NFT collector (@dingalingts) urged traders to “revoke approval to their contract ASAP” if they’ve used NFT Trader before. They identified all the stolen digital assets, which amounted to more than $2 million, including 37 BAYC, 13 MAYC, 4 World of Women, and 6 VeeFriends

For the hacker to return the NFTs, they sent some demands through their on-chain message, insisting owners need to pay them a bounty because “it is what they deserve,” asking for 10% of the NFTs’ values for their “work.”

## Don’t ‘blindly send ETH‘

The crypto community is skeptical about the demands. Market analysts like ZachXBT are warning traders not to “blindly send their ETH.”

ZachXBT exchanged some words with the exploiter, questioning the integrity of their word to return the assets.

The analyst reckoned that if they were up to giving back the stolen assets, they should consider listing the Apes to the original wallet address or using a middleman for the process

Nonetheless, there could be a light among the dark clouds seen by the victims of the NFT Trader hack, as BAYC’s founder Greg Solano has offered to pay 10% of the bounty the exploiter has asked for to see the NFTs have been returned to their rightful owners.

Hacker returns one NFT without bounty

In a remarkable twist, the exploiter has willingly given back a World of Women (WOW) NFT without charge, per Etherscan data. After returning the stolen WOW NFT, the hacker also returned a BAYC and a VFT to its rightful owners, without any further demand for payment

This unexpected twist has added a sense of unpredictability to the ongoing saga, leaving the community both astonished and uncertain about the hacker’s motives.