Following the hack of its Discord server a few days ago, Bored Ape Yacht Club ( BAYC) holders suffered a loss of NFT worth 200 ETH. Since then, Yuga Labs has fixed a vulnerability by removing some of the code that could have allowed the creation of an unlimited number of NFTs. If this had happened, the supply would have increased infinitely. As a result, a hack would have resulted in significant losses for investors.
Monkey code updated
The company had announced more than a year ago its intention to remove this part of the code. Indeed, it contained a vulnerability that could have led to a potential hack. As a result, an untold amount of new monkeys could have flooded the market.
“The corresponding code in the contract has now been removed. While we had intended to do this for a long time, we had not done so out of an abundance of caution. I felt ready to do it now. This is it.”
EmperorTomatoKetchup, co-founder and developer of Yuga Labs
Following his statement on Twitter, EmperorTomatoKetchup and another Yuga Labs co-founder known as Gargamel provided a link to the deal. As a result, it can be seen that the company revoked the code on June 7 at 7:07pm.
Bored Ape Yacht Club is bored but not fast
The issue of removing this part of the code was previously raised in June 2021. At the time, NonFungibles CEO Dan Kelly pointed out that, according to the Ethereum blockchain code, it was possible for Yuga Labs, the company behind the popular NFT collection, to create as many macaques as it wanted.
Bored Ape Yacht Club holders could have lost a lot if Yuga Labs had used some of the code to create as many NFTs as they wanted.
At the time, the official Twitter account of the collection responded without convincing the community. Indeed, the tweet indicated that Yuga Labs would obviously never execute this code. It also planned to revoke the possibility to use it a few days later.
However, on June 5, 2022, the affected lines were still present. An NFT developer known as foobar alerted the community. He stated that the issue was still present and that Yuga Labs had never revoked it.
The revocation of this flaw could be a relief for monkey owners. The project has, on the other hand, often been the target of phishing attacks. A few days ago, the project’s official Discord server was hacked and 200 ETH ($357,000) of NFT was stolen from users. This is at least the second time this has happened this year. Not long ago, the hack of the Instagram account of the famous NFT collection also caused 2.8 million losses.