Yuga Labs, the corporate behind Bored Ape Yacht Membership and CryptoPunks, accomplished a covert whitehat operation on June 8 to rescue 68 blue-chip NFTs — value greater than $500,000 — from an lively exploit focusing on Flooring Protocol, deploying its personal funds and appearing earlier than further attackers might drain belongings that included a few of the most beneficial tokens in NFT historical past.
Yuga Labs CEO Michael Figge (@mfigge) introduced the profitable operation on X, publishing a full stock of the rescued belongings now held within the firm’s custody: 29 Bored Ape Yacht Membership NFTs, 4 Mutant Apes, one Bored Ape Kennel Membership token, two CryptoPunks, one Azuki, two Elementals, 26 Captains, one Moonbird, and two Doodles. “We’ve simply completed a whitehat operation on an exploit found in Flooring Protocol,” Figge wrote, noting that Yuga Labs VP of Blockchain 0xQuit (@0xQuit) led the on-chain restoration effort.
The operation was funded by way of GrailsOTC, Yuga Labs’ over-the-counter buying and selling desk — which Figge stated he “quietly instructed” to entrance the capital and NFTs wanted to tug the at-risk belongings out of the protocol earlier than further dangerous actors might act on the identical vulnerability. The corporate plans to return all 68 NFTs to their unique homeowners as soon as a technical repair has been deployed and verified.
How The Crypto Exploit Labored
The mechanics of the assault, defined in a technical thread by 0xQuit on X, reveal a classy vulnerability embedded in Flooring Protocol’s core accounting logic. A malicious actor turned a mud quantity of WETH — a negligible amount — right into a near-infinite fpToken stability by exploiting an edge case in how the protocol dealt with token possession information. The attacker then used the inflated stability to empty Flooring swimming pools, with a subsequent opportunist scooping up the now-depleted pool tokens and exchanging them for the underlying NFTs.
The deeper vulnerability, per 0xQuit’s submit, got here from packed possession and indexing logic — a technical design selection the place a malicious token ID might make possession verification checks cross whereas downstream accounting recorded a unique consequence fully, creating what he described as “ghost possession.” An unchecked stability replace then induced an arithmetic underflow, handing the attacker a stability far bigger than legitimately entitled. As soon as that inflated stability was in place, token costs could possibly be pushed close to zero and liquidity extracted from the pool at will.
After reviewing the preliminary assault path, Yuga Labs’ group recognized a second, broader vulnerability that uncovered further NFT swimming pools not but touched by the unique attacker. That discovery triggered the emergency whitehat operation — the group moved to tug all at-risk belongings earlier than one other actor might discover and exploit the identical second path independently.
ETH's value information some upside on low timeframes as seen on the every day chart. Supply: ETHUSD on Tradingview
The Protocol Behind The Incident
Flooring Protocol’s architect, @0xFreeLunch, acknowledged on X that the vulnerability originated in gas-saving bit-level code design — a category of optimization the place builders cut back computational prices by packing a number of values into shared storage slots. Regardless of a number of safety evaluations, the flaw went undetected, per his submit. The admission is notable: gasoline optimization trade-offs that seem protected in isolation can create exploitable floor space when token IDs fall outdoors anticipated ranges.
Flooring Protocol had already been winding down its consumer-facing NFT providers since September 2025 — the platform suggested FPv2 token holders to redeem belongings and exit fractional positions earlier than October of that 12 months. But its good contracts remained reside with consumer belongings inside, creating precisely the form of legacy publicity that attackers more and more goal in getting older DeFi infrastructure.
0xQuit warned on X that some NFTs stay underneath attacker management and urged all customers to keep away from depositing further NFTs into Flooring Protocol till a verified repair is deployed. CryptoPunks — two of which had been among the many rescued belongings — at the moment carry a flooring value of roughly 32.7 ETH, or roughly $54,612 per token, whereas BAYC NFTs sit round 9.16 ETH, per CoinGecko information.
This improvement marks a pivotal and strange second for the nascent sector’s method to DeFi safety. A blue-chip NFT firm deploying its personal stability sheet to rescue third-party belongings from an lively exploit — unprompted, at velocity, and at price — is a type of ecosystem duty the area not often sees. The query the business will now ask is what number of different getting older protocols nonetheless carry related vulnerabilities of their legacy contracts, ready for the attacker who finds the second path earlier than anybody else does.
Cowl picture from Grok, ETHUSD chart from Tradingview
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluate by our group of high know-how specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
Yuga Labs, the corporate behind Bored Ape Yacht Membership and CryptoPunks, accomplished a covert whitehat operation on June 8 to rescue 68 blue-chip NFTs — value greater than $500,000 — from an lively exploit focusing on Flooring Protocol, deploying its personal funds and appearing earlier than further attackers might drain belongings that included a few of the most beneficial tokens in NFT historical past.
Yuga Labs CEO Michael Figge (@mfigge) introduced the profitable operation on X, publishing a full stock of the rescued belongings now held within the firm’s custody: 29 Bored Ape Yacht Membership NFTs, 4 Mutant Apes, one Bored Ape Kennel Membership token, two CryptoPunks, one Azuki, two Elementals, 26 Captains, one Moonbird, and two Doodles. “We’ve simply completed a whitehat operation on an exploit found in Flooring Protocol,” Figge wrote, noting that Yuga Labs VP of Blockchain 0xQuit (@0xQuit) led the on-chain restoration effort.
The operation was funded by way of GrailsOTC, Yuga Labs’ over-the-counter buying and selling desk — which Figge stated he “quietly instructed” to entrance the capital and NFTs wanted to tug the at-risk belongings out of the protocol earlier than further dangerous actors might act on the identical vulnerability. The corporate plans to return all 68 NFTs to their unique homeowners as soon as a technical repair has been deployed and verified.
How The Crypto Exploit Labored
The mechanics of the assault, defined in a technical thread by 0xQuit on X, reveal a classy vulnerability embedded in Flooring Protocol’s core accounting logic. A malicious actor turned a mud quantity of WETH — a negligible amount — right into a near-infinite fpToken stability by exploiting an edge case in how the protocol dealt with token possession information. The attacker then used the inflated stability to empty Flooring swimming pools, with a subsequent opportunist scooping up the now-depleted pool tokens and exchanging them for the underlying NFTs.
The deeper vulnerability, per 0xQuit’s submit, got here from packed possession and indexing logic — a technical design selection the place a malicious token ID might make possession verification checks cross whereas downstream accounting recorded a unique consequence fully, creating what he described as “ghost possession.” An unchecked stability replace then induced an arithmetic underflow, handing the attacker a stability far bigger than legitimately entitled. As soon as that inflated stability was in place, token costs could possibly be pushed close to zero and liquidity extracted from the pool at will.
After reviewing the preliminary assault path, Yuga Labs’ group recognized a second, broader vulnerability that uncovered further NFT swimming pools not but touched by the unique attacker. That discovery triggered the emergency whitehat operation — the group moved to tug all at-risk belongings earlier than one other actor might discover and exploit the identical second path independently.
ETH's value information some upside on low timeframes as seen on the every day chart. Supply: ETHUSD on Tradingview
The Protocol Behind The Incident
Flooring Protocol’s architect, @0xFreeLunch, acknowledged on X that the vulnerability originated in gas-saving bit-level code design — a category of optimization the place builders cut back computational prices by packing a number of values into shared storage slots. Regardless of a number of safety evaluations, the flaw went undetected, per his submit. The admission is notable: gasoline optimization trade-offs that seem protected in isolation can create exploitable floor space when token IDs fall outdoors anticipated ranges.
Flooring Protocol had already been winding down its consumer-facing NFT providers since September 2025 — the platform suggested FPv2 token holders to redeem belongings and exit fractional positions earlier than October of that 12 months. But its good contracts remained reside with consumer belongings inside, creating precisely the form of legacy publicity that attackers more and more goal in getting older DeFi infrastructure.
0xQuit warned on X that some NFTs stay underneath attacker management and urged all customers to keep away from depositing further NFTs into Flooring Protocol till a verified repair is deployed. CryptoPunks — two of which had been among the many rescued belongings — at the moment carry a flooring value of roughly 32.7 ETH, or roughly $54,612 per token, whereas BAYC NFTs sit round 9.16 ETH, per CoinGecko information.
This improvement marks a pivotal and strange second for the nascent sector’s method to DeFi safety. A blue-chip NFT firm deploying its personal stability sheet to rescue third-party belongings from an lively exploit — unprompted, at velocity, and at price — is a type of ecosystem duty the area not often sees. The query the business will now ask is what number of different getting older protocols nonetheless carry related vulnerabilities of their legacy contracts, ready for the attacker who finds the second path earlier than anybody else does.
Cowl picture from Grok, ETHUSD chart from Tradingview
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluate by our group of high know-how specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
