According to a study report, a flaw in the Bored Ape Yacht Club’s (BAYC) airdrop was exploited to steal around $1.5 million in ApeCoin tokens (APE). This Thursday, APE tokens were given to BAYC NFT holders before being made accessible for trading on the general market. The hacker used a mechanism known as “flash loan” to swiftly borrow BAYC NFTs and redeem a significant quantity of tokens, according to cybersecurity expert Check Point Research.
According to Assess Point, the fundamental flaw in the airdrop was that BAYC did not check how long the NFT holders had had the asset. As a result, the attacker only needed to own a BAYC NFT for a short time to claim the token. The hackers also used NFTX, an NFT vault platform, to find BAYCs that had not been used to claim the airdrop, which they then used to claim APE tokens. According to Check Point, the attacker sold the APE tokens for $1.5 million on the open market. According to a different assessment from security firm CertiK, the hacker made about $800,000.
Before the airdrop, BAYC creator Yuga Labs did not create a snapshot, i.e., a list of all BAYC holders. This allowed users to claim the airdrop by purchasing BAYCs in real time.According to data from NFT price floor, BAYC’s price floor, or the lowest price at which one can buy into the project, increased by over 20% after the announcement of the airdrop. As the airdrop began, the price, along with BAYC sales, continued to rise, culminating at 105.91 ETH (USD 313,938).
ApeCoin’s trading debut was accompanied by huge price swings. After the airdrop, the token soared to $40 before plummeting to $6 as it began trading on many major platforms. At the time of writing, the cryptocurrency was selling for around $13.2, down 16 percent in the previous 24 hours. Earlier this week, the token was unveiled. The airdrop was responsible for about 15% of the overall supply.