Attacker claims 60,000 ApeCoins and pockets $820,000 (almost 300 ETH) in profits
An unidentified attacker has made away 60,000 ApeCoins, totaling a profit of $820,000 (almost 300 ETH) in an airdrop event by using Bored Ape Yacht Club (BYAC) tokens to redeem BAYC NFTs.
Here is an account of the attack as reported by CertiKAlert:
1. The attacker bought NFT No.1060 from OpenSea, which was later used as the flash loan fee to flash loan 5.2 BAYC tokens from the NFTX Vault – a platform that lets users deposit their NFTs into the vault and mint a fungible ERC20 token which can then be redeemed for specific NFTs from the vault.
2. Used the BAYC tokens borrowed in step 1 to redeem BAYC NFTs (NFT token ID: 7594, 8214, 9915, 8167, 4755)
3. Afterwhich the attacker claimed 60,564 ApeCoin tokens as a reward in the Airdrop contract and sold the majority of $APE on the market to #ETH
4. Finally, the attacker minted BAYC NFTs to BAYC tokens to pay back the flash loan and fees
ApeCoin — launched two days ago — is the native governance token behind the APE ecosystem, which includes the community of BAYC and Mutant Ape Yacht Club (MAYC), two of the most sought after NFT collections on the Ethereum blockchain. The skull token’s board includes Reddit founder, Alexis Ohanian and FTX’s Amy Wu, Yat Siu of Animoca Brands, Maaria Bajwa of Sound Ventures, and Dean Steinbeck at Horizen Labs.