Image credit: Shutterstock
White hat researchers rescued more than $500,000 in NFTs from vulnerable Flooring Protocol pools after an exploit exposed several blue-chip collections. The affected collections included Bored Ape Yacht Club, Mutant Ape Yacht Club, CryptoPunks, Azuki, Moonbird and Doodles.
Yuga Labs CEO Michael Figge said the rescued assets are now in Yuga’s custody and will be returned once Flooring Protocol developers complete a fix. The rescue involved Yuga’s blockchain lead 0xQuit, security researcher Coffee and GrailsOTC, which provided the funds and NFTs needed to move assets out of exposed pools.
FloorProtocol V2 and BitmapPunks Were Hit
Flooring Protocol’s 0xFreeLunch said the exploit affected FloorProtocol V2 and BitmapPunks. Both systems used contracts where fungible tokens were pegged one-to-one to NFTs locked inside the protocol.
The flaw let attackers mint excess fungible tokens and redeem them for NFTs. Some collections had already been raided before researchers found another path that could have put more high-value assets at risk.
Ghost Ownership Created Inflated fpToken Balances
0xQuit said the bug came from packed ownership and indexing logic in Flooring Protocol’s BT404-style accounting system. A malicious token ID could pass one ownership check, while later accounting returned a different result. He described that mismatch as ghost ownership.
That state then triggered an unchecked balance underflow, giving the attacker a near-infinite fpToken balance. Once the balance wrapped, the attacker could push token prices near zero, drain liquidity and redeem NFTs from the protocol’s pools.
Rescued Assets Include 29 Bored Apes
The recovered assets included 29 Bored Apes, four Mutant Apes, one Bored Ape Kennel Club NFT, two CryptoPunks, one Azuki, two Elementals, 26 Captains, one Moonbird and two Doodles.
0xQuit warned users not to deposit new NFTs into Flooring Protocol while the vulnerability remains open. Newly deposited assets could still face the same exploit path until the affected contracts are patched.
2023 Exploit Cost Flooring About $1.5M
The latest incident follows a 2023 Flooring Protocol exploit worth about $1.5 million.
For users, the immediate guidance is to avoid new deposits and wait for a formal fix. Yuga said the rescued NFTs will be returned once Flooring Protocol developers complete the patch.
