ApeCoin smart contract exploited, ‘well-prepared claimant’ walks away with $380,000

Source: AdobeStock / Sergey Nivens

A Bored Ape Yacht Club (BAYC) The owner of non-fungible tokens (NFTs) allegedly exploited a vulnerability in the smart contract that airdropped ApeCoin (APE) tokens to community members, walking away with almost $380,000 in profits.

ApeCoin airdrop exploit explained in detail by digital asset manager and trading platform provider Amber Groupwho said it was likely the first exploit to be performed with NFTs and NFT Automated Market Makers (AMMs) on Ethereum (ETH).

According to the rather technical exploit walkthrough that Amber Group posted on its blog, to get 14.15 ETH ($42,710) and 60,564 APE ($656,514), the exploiter paid 106 ETH ($319,944). USD) — i.e. it walked with a profit of USD 379,280 at current prices.

The exploit occurred minutes after the ApeCoin Decentralized Autonomous Organization (DAO) had launched its airdrop, while gas prices on Ethereum were still high as users rushed to claim their new APE tokens.

“5 minutes into the airdrop launch, a well-prepared claimant leveraged BAYC liquidity on NFTX for a pretty smart arbitrage/exploit”, Amber Group said about the incident on Twitter.

And although the person operating the smart contract was able to more than double their initial investment, Amber Group said in the blog post that they were still able to replicate the results.

“Based on the aforementioned information, we can replicate the exploit by purchasing BAYC vTokens on SushiSwap and using those vTokens as a redemption/minting fee,” the company wrote. He added that all available APE tokens can be redeemed using a “flash loan” feature.

Flash loans are a type of unsecured loan that is sometimes enabled by decentralized finance (DeFi) protocols. Lending has been at the heart of a number of DeFi exploits and other incidents in recent years.

“With the help of our internal blockchain data analytics platform, we have identified 8,647 out of 10,000 BAYC as having been used to claim the free ApeCoin as of the end of March 21, 2022. This means that at At the time of writing, one can still collect monkeys, claim ApeCoin airdrop and make a profit,” the Amber Group researchers concluded by saying.

Cryptonews.com has contacted ApeCoin DAO for comment.

As of 12:04 UTC, APE price does not appear to have been affected by the incident. The token has risen 3.5% in the past 24 hours, trading at a price of $10.84.


Learn more:
– DeFiance founder’s $1.76 million loss is a lesson for NFT investors
– BlockFi, Swan Bitcoin, Pantera advise users how to stay safe after data hack in Hubspot CRM raid

– Another suspect in Ethereum DAO hack emerges, questioning coin mixing
– IRA Financial Trust Hack reportedly saw $36 million worth of crypto stolen from users

– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Errors
– Santa’s hackathon? Visor Finance scores 7th hack in December

About Chris McCarter

Check Also

Ethereum Merge Makes the Network More Vulnerable to Attack — Security Researcher

Although the Ethereum merger is being touted as a major upgrade to the blockchain network, …