With the anticipation skyrocketing around BAYC’s launch of a new token, an unknown user gamed the system and received more than 60,000 APE tokens. After paying off the flash loan and the fees, they netted $820,000 (almost 300 ETH).
CryptoPotato reported yesterday the frenzy around the new ApeCoin that led to a pump and dump in Bored Ape Yacht Club’s floor price.
This happened because of people buying BAYC-related NFTs to participate in the highly-anticipated airdrop.
According to CertiK, an unknown user took advantage of the ongoing craze by claiming a large amount of ApeCoin in the airdrop.
They bought NFT number 1060 from OpenSea and used it as the flash loan fee to flash loan 5.2 BAYC tokens from the NFTX Vault – a platform allowing users to create liquid markets for illiquid NFTs. Users can deposit their NFTs into the vault and mint a fungible ERC20 token which can then be redeemed for specific NFTs from the vault.
The attacker used the borrowed BAYC tokens to redeem the following BAYC NFTs – 7594, 8214, 9915, 8167, and 4755.
Owning so many BAYC NFTs allowed the attacker to claim APE tokens for each, resulting in a total amount of 60,564 APE. They sold the majority on the market for ETH.
After that, the attacker minted BAYC NFTs to BAYC tokens to pay back the flash loan and fees. Ultimately, they netted 293 ETH, worth just over $820,000 as of today’s prices.
Contracts Vulnerability Analysis:
The getClaimableTokenAmountAndGammaToClaim() function in the AirdropGrapesToken contract to calculate the amount of ApeCoin to claim based on how many NFT the caller has doesn’t consider how long the caller owns those NFTs. pic.twitter.com/ihDcFBWjvp
— CertiK Alert (@CertiKAlert) March 17, 2022