Get the weekly summary of crypto market analysis, news, and forecasts! This Week’s Summary The crypto market ends the week at a total market capitalization of $2,17 trillion. Bitcoin continues to trade at around $62,300. Ethereum experiences no changes and stagnates at around $2,400. XRP is down by 2%, Solana by 1%, and Dogecoin by 3%. Almost all altcoins are trading in the red, with very few exceptions. The DeFi sector decreased the total value of protocols (TVL) to around…
User Claims Airdropped ApeCoins by Exploiting Whitelist Oversight
Through a sophisticated chain of transactions, an anonymous user cunningly grabbed $1.1 million from the ApeCoin Airdrop. Despite sticking to the allowed rules of purchase, the user managed to exploit the system.
ApeCoin Launch
On Thursday, the famous designers of the Bored Ape Yacht Club, Yuga Labs, launched an exclusive airdrop containing ApeCoin(APE) tokens. The launch notably spiked Ethereum gas prices barely hours after it began.
Following the launch, designers Yuga Labs offered 15% of a billion ApeCoin tokens to Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club collectors. The collective value of these BAYC tokens amounts to approximately $800 million. The offering split 10,094 APE units to each NFT holder, which is worth around $80,000 to $200,000.
However, a user found a way to benefit from the airdrop without owning any BAYC NFTs. They successfully claimed free APEs by exploiting the algorithm used for allocating tokens in the Airdrop. In effect, they snatched up $1.1 million worth of ApeCoins.
How They Outsmarted the Airdrop Process
Here’s how they pulled off the stunt. The system only picked qualified candidates for the airdrop based on the current owners of BAYC. Without factoring in ownership history, individuals that gain possession of Bored Ape NFTs right before the airdrop are included in the giveaway. This way, one can take advantage of the system by momentarily owning BAYC NFTs for the airdrop.
In a nutshell, one could lend Bored Apes simply for the purpose of benefiting from the airdrop, then return the NFT back to the owner shortly after.
To execute the con, the person first found a vault containing five BAYCs that haven’t been redeemed for ApeCoins.
Vaults are used to tokenize NFTs. People can collect a couple of NFTs and place them in a vault. By so doing, the NFTs become tokens that owners can sell or stake to earn rewards. In the same way, people can turn these tokens back to their respective NFTs.
To secure unclaimed Bay Apes, the actor used a vault built on NFTX. This vault housed five BAYCs; #8167, #9915, #4755, #7594. According to the floor price, the collective value of these NFTs results in $1.4 million. The Bay Apes sat idly in the vault, neither belonging nor controlled by anyone. As a result, nobody had redeemed them for ApeCoin tokens.
However, the person wanted to gain possession of them solely for claiming the airdropped APEs since buying them would have cost a fortune. To workaround this hitch, they sought after DeFi loans.
Deploying Flash Loans in Flash Steal
Flash loans are a handy way to borrow crypto in large quantities on the DeFi space. These loans have a low-risk structure. The protocol used for processing the loan transactions ensures the return of debts.
The APE token snatcher bought a BAYC NFT on OpenSea for less than $300,000, then used it as collateral to collect a flash loan. With the loaned funds, they redeemed five Bored Apes from the NFTX vault.
Hence, they were able to claim the APE airdrop with the NFTs from the vault. They exchanged the tokens acquired for 399 ETH (~$1.1 million) on Uniswap. The person returned the Bored Apes to the vault, converting them back to tokens. Lastly, they used the tokens to clear their flash loan debt.
Whitelists, White Hacks, and Acceptance
While there have been plaudits directed at the anonymous user for a possible genius attempt, some labeled the whole operation an attack. The user exploits holes in the airdrop process’ allowlist.
Blockchain security firm, BlockSec Team insists the user could as well have been a black hat attacker. The security firm suggests the attack is similar to previous black-hat maneuvers with prices.
4/4) We think it's similar to the price manipulation attack that a contract uses the spot price to determine the value of an asset.
— BlockSec (@BlockSecTeam) March 17, 2022
Recently, a white-hat hacker spotted a “whitelist” vulnerability in Coinbase’s algorithm and received a bounty reward. In this case, however, an exploit took place without warning reports, and definitely no noble bounty rewards.
Ukrainian Government Signs Bill Legitimizing the Crypto Industry
Universal Music Group Joins the Bored Ape Club
Written by
More author posts
Publish your own article
Guest post article. Guaranteed publishing with just a few clicks
START PUBLISHING ADVERTISE WITH US