Floor Protocol exploited, Bored Apes and Pudgy Penguins gone

Floor Protocol has been exploited, resulting in a variety of Bored Apes and Pudgy Penguins being stolen and stored in a wallet now flagged in connection to a phishing scam.

The NFT protocol advertises the ability to turn tokens into tradeable derivatives meant to represent fractional parts of NFTs. According to the founder of NFT marketplace Delegate, known online as ‘foobar,’ a bad contract upgrade several days ago introduced the vulnerability.

The wallet storing the stolen Bored Apes and Pudgy Penguins, 0x4d0D746E0F66bf825418E6b3deF1a46Ec3c0B847, has now been reported by ‘foobar’ for use in a phishing scam on etherscan.

Read more: Donald Trump sells the clothes off his back in latest NFT promotion

Update audits missing from Floor Protocol firm’s website

Flooring Lab, the firm behind Floor Protocol, claims on its website that “we strive to maintain the highest standards whether it be in terms of user experience, security and asset protection.”

Despite this commitment, the most recent update that introduced this vulnerability doesn’t seem to have been audited.

  • The Halborn audit featured on Flooring Lab’s website is dated September 8, 2023 while the audit by OtterSec is dated October 4.
  • Interestingly, the ‘smart_contract’ repository that OtterSec audited now returns a 404 error.
  • The only repositories listed on Flooring Lab’s GitHub contain logos and config files for the website. 

One of Flooring Lab’s team members announced a fix had been pushed that they “believe patched the issue.”

This exploit of Floor Protocol comes days after a major hack of NFT Trader. Dozens of high-value NFTs were stolen.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.