- Yuga Labs CEO and 0xQuit rescued 68 NFTs worth $500K using the same exploit defensively.
- Attacker minted excess fungible tokens to redeem all NFTs held by Flooring Protocol.
- The developer suspects the attacker used advanced AI tooling to find and execute the exploit.
Yuga Labs CEO Michael Figge and blockchain security researcher 0xQuit led an emergency whitehat operation on Sunday to recover dozens of blue chip NFTs from a critical vulnerability in Flooring Protocol before malicious actors could drain the remaining exposed assets.
The team successfully secured:
- 29 Bored Apes
- 4 Mutant Apes
- 2 CryptoPunks
- 1 BAKC
- 1 Azuki
- 2 Elementals
- 26 Captains
- 1 Moonbird
- 2 Doodles
The total value of rescued assets exceeded $500,000. All NFTs are now in Yuga Labs custody pending return to rightful owners.
How the Exploit Worked
Flooring Protocol allows users to convert NFTs into fungible tokens on a 1:1 basis and redeem them freely. An attacker discovered a vulnerability that allowed minting excess fungible tokens and using them to redeem all NFTs held by the protocol’s smart contract. The same attack vector was used against BitmapPunks, draining liquidity pools in the process.
Developer coffeedev identified that the attack surface extended far beyond what the initial exploiter realised, putting BAYC and CryptoPunk collections at significantly greater risk. That discovery triggered the whitehat response.
0xQuit used the same broad vulnerability class defensively, deploying a rescue contract to remove exposed NFTs from vulnerable Flooring pools before another malicious actor could reach them first.
“It’s no coincidence that these exploits tend to happen on weekends when malicious actors know that fewer people are around to pay attention,” 0xQuit said.
The Architect Takes Responsibility
The contract’s original architect, FreeLunchCapital, published a detailed post-mortem accepting full responsibility. The vulnerability originated in aggressive bit-manipulation techniques used during the protocol’s original development when minimising Ethereum gas costs was a primary engineering constraint. The flaw survived multiple security audits because of the complexity buried within that low-level code.
“Given the complexity required to exploit it, we strongly suspect the attacker used advanced AI tooling to assist the attack,” FreeLunchCapital said.
Flooring Protocol had entered sunset mode last year following liquidity challenges, leaving the NFT division without active management. FreeLunchCapital said he is now in talks to regain control of the protocol and is working with security teams and exchanges to trace the extracted funds.
What Remains Unresolved
The whitehat team was clear that the situation is not fully resolved. Exploiters still hold NFTs that were drained before the rescue operation began. Anyone with assets currently deposited in Flooring Protocol is urged not to add further deposits as those could become immediately vulnerable.
Related: CZ Says NFTs and DAOs Are Coming Back and the Next Version Will Look Different
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
