Home
News
Details

Yuga Labs Rescues 68 NFTs from Flooring Protocol Exploit

iconCryptoBriefing
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Yuga Labs rescued 68 NFTs from Flooring Protocol following a DeFi exploit that exposed a critical smart contract flaw. The company secured 29 BAYC NFTs, 4 Mutant Apes, and other high-value assets worth over $500K. The vulnerability allowed attackers to manipulate fpToken balances with minimal WETH deposits. Yuga Labs’ VP, 0xQuit, led the rescue with support from GrailsOTC. All NFTs are now in company custody and will be returned after a protocol update resolves the issue.

Yuga Labs just played firefighter for the NFT world. The company behind Bored Ape Yacht Club executed a white-hat rescue operation, pulling 68 high-value NFTs out of Flooring Protocol after a critical smart contract vulnerability was discovered.

CEO Michael Figge confirmed the operation via X, calling it a strategic intervention to protect assets worth over $500K. The haul included 29 BAYC NFTs, 4 Mutant Ape Yacht Club pieces, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird, 2 Doodles, and 1 BAKC.

The bug that created ghost owners

The vulnerability centered on a critical flaw in how Flooring Protocol’s smart contracts tracked ownership. The bug allowed attackers to create inflated fpToken balances using minimal Wrapped Ether deposits, essentially conjuring ownership stakes out of thin air. The research community dubbed this “ghost ownership.”

Advertisement

The exploit mechanism meant that someone with a trivially small WETH deposit could trick the protocol into thinking they held significant claims on NFTs locked in its liquidity pools, potentially draining entire pools of blue-chip assets.

Credit for identifying the vulnerability goes to CoffeeDev, a researcher who spotted the flaw before it could be weaponized at scale.

How the rescue operation worked

The operation was led by 0xQuit, Yuga Labs’ Vice President of Blockchain, who coordinated the technical side of pulling the NFTs out of the vulnerable protocol. Supporting the effort was GrailsOTC, Yuga’s over-the-counter trading desk, which handled the funding and asset recovery logistics needed to execute the rescue quickly.

No user losses were reported among the NFTs that were successfully recovered. All 68 rescued assets are currently held in Yuga Labs’ custody and will be returned to their rightful owners once Flooring Protocol resolves the underlying issue.

Where DeFi meets NFTs, things break

Flooring Protocol sits at the intersection of DeFi and NFTs. Fractionalization protocols promise to make illiquid NFTs more tradeable by splitting them into fungible tokens, with the tradeoff being complexity — and complexity is where bugs live.

Yuga Labs has indicated it intends to work with Flooring Protocol’s developers to fix the identified vulnerabilities, potentially involving comprehensive updates to the smart contract infrastructure.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.