Flooring Protocol allegedly hacked for NFTs worth $1.5m

  crypto.news 5 h

Three dozen Pudgy Penguins and 15 Bored Ape NFTs worth 690 Ether (ETH) or approximately $1.54 million were reportedly stolen.

Flooring Protocol, a liquidity solution for non-fungible tokens (NFTs), was reportedly attacked on Dec. 16.

According to various accounts on X, the exploit happened on Flooring Protocol’s peripheral or multicall smart contract, with the attacker subsequently dumping the stolen NFTs.

However, the protocol’s developers deployed a fix a few hours after the attack which they believe has patched the vulnerability.

They also gave assurances that the main smart contract was safe and all digital assets in vaults and safeboxes were not affected.

1) There is an exploit on FP’s peripheral/multi-call contract, which led to the hack.
2) Deployed a fix 2 hours ago, which we believe patched the issue.
3) Still monitoring. Talking to devs and audits.
4) The main contract is safe. Assets in vaults and safeboxes are not affected.

— FreeLunchCapital (@FLC_FlooringLab) December 17, 2023

Reports later emerged that the hacker sold the stolen NFTs on Blur, making between $1.5 million and $1.6 million, depending on ETH prices.

Breaking: 36 Pudgy Penguins & 14 #BAYC were just sold on $Blur after being exploited from Flooring protocol #CyberSecurity pic.twitter.com/IKTPgSffIK

— Tom Bibiyan 🇺🇸 (@realtombibiyan) December 17, 2023

Following the attack, the ApeCoin DAO-funded security protocol Boring Security suggested that Flooring Protocol users who lost their NFTs in the attack may not get them back, since the hacker had already dumped them.

The Flooring Protocol attack comes barely hours after the P2P NFT platform NFT Trader was breached. Several blue-chip NFTs were stolen.

In the NFT Trader incident, the exploiter made several demands through on-chain texts, including asking owners of the stolen NFTs to pay a bounty amounting to 10% of the tokens’ market value.

You might also like: P2P platform NFT Trader breached, asks users to revoke approval

However, hours into the incident, the hacker seemingly had a change of heart, willingly giving back some of the items they had stolen, including a World of Women NFT and a couple of Mutant Ape Yacht Club pieces.

The hacker’s address was revealed by a second party, who identified herself as a “female scavenger.”

Flooring Protocol went live two months ago on Oct. 15. Its unique approach of breaking down NFTs into ERC-20s piqued the interest of Azuki Elementals, Pudgy Penguins, and y00ts holders, quickly making the platform a popular hub for these specific NFT collections.

Consequently, it emerged as the primary “holder” of the three collections, injecting a huge surge in their trading volume within the NFT marketplace.

By Oct. 16, Flooring Protocol had successfully amassed 914 Azuki Elementals, 191 Pudgy Penguins, and 365 y00ts, with a total value locked (TVL) exceeding 1,800 ETH.

Upon launch, the protocol’s native token FLC briefly exceeded a fully diluted valuation of $4 billion. There are 25 billion FLC tokens in circulation, with 40% earmarked for community support, while a quarter of the total serves as a reserve.

Half of the community’s 40% allotment is specifically set aside for liquidity incentives via staking.

Despite the attack on Flooring Protocol, FLC prices have jumped 12% in the last 24 hours per data from CoinGecko, with a one-day trading volume of $3.34 million.

The token has also performed well in the last 30 and 14 days, registering upticks of 52% and 8.3% respectively. However, things haven’t been so rosy in the previous seven days, with FLC losing 22.2% of its value over that period.

Source