Someone Used Flash Loans To Exploit $800,000 In ApeCoin Tokens

Bored Ape NFTX vault atomically rinsed by an MEVor

buys vault token -> redeems entire pool -> claims airdrop of 60k APE -> re-supply's the poolhttps://t.co/X83URmgyBK

— Will Sheehan (@wilburforce_) March 17, 2022

An analysis of the incident by CertiK revealed that the hacker orchestrated the attack by borrowing NFT 1060 from OpenSea and using it as the loan fee to flash loan 5.2 BAYC tokens from the NFTX Vault.

#CommunityAlert 

At 12:13:14 PM UTC, an attacker claimed a large amount of #APECOIN in the airdrop event by flashloan using $BYAC tokens to redeem for #BAYC NFTs.

The total profit of the attack is around ~ $820K (293 #ETH) pic.twitter.com/g5RIhQjGIB

— CertiK Alert (@CertiKAlert) March 17, 2022

See Also: DeFi Flash Loans Will Become The New Standard Of Financial Security | Opinion

The attacker then used the borrowed BAYC tokens to redeem BAYC NFTs and claim 60,564 ApeCoin tokens as a reward in the airdrop contract.

The hacker then sold the majority of these APE tokens for 293 Ethereum ETH/USD earning him a profit of around $820,000. He minted the BAYC NFTs to BAYC tokens in order to pay back the flash loan and the fees.

“We think the issue here is that the AirDrop of APE token only considers the spot state that whether NFTs are hold by someone [sic],” wrote blockchain security firm BlockSec in its own analysis of the event.

“This is fragile since the attacker can manipulate the spot state using a flash loan. If the cost of the flash loan is smaller than the value of the AirDrop token, then it creates an attack opportunity.”

Price Action: According to data from CoinGecko, APE was trading at $11.44, up 83% from a low of $6.21 earlier today. The token has amassed a market cap of over $1.3 billion in under 24-hours from its launch.

Read Next: ApeCoin Launched: Here Are The Details And How To Get It

Photo courtesy: ApeCoin.com