Yuga Labs Secures 68 NFTs in Flooring Protocol Exploit
Yuga Labs Rescues 68 NFTs From Flooring Protocol Exploit – White-Hat Operation Secures Assets Worth Over $500,000
Key Takeaways
- Yuga Labs secured 68 NFTs valued at more than $500,000 from vulnerable Flooring Protocol pools during an active exploit.
- The recovered assets include 29 Bored Ape Yacht Club NFTs, 4 Mutant Apes, 2 CryptoPunks, and other blue-chip tokens.
- The vulnerability allowed attackers to generate near-infinite fpTokens using a small WETH deposit and drain NFT pools.
- Yuga Labs is holding the NFTs temporarily and plans to return them after a verified protocol fix.
Yuga Labs Conducts Coordinated White-Hat Operation
Yuga Labs carried out a coordinated white-hat operation to secure 68 non-fungible tokens from Flooring Protocol, an Ethereum-based NFT liquidity platform that was undergoing an active exploit. According to disclosures made on June 8 by CEO Michael Figge, the rescued NFTs were valued at more than $500,000 based on floor prices at the time of recovery.
The assets were removed from vulnerable liquidity pools before attackers could extract them. Yuga used its internal over-the-counter NFT trading desk, GrailsOTC, to front both capital and NFTs required to pull the at-risk tokens out of the compromised pools.
Figge stated that he instructed GrailsOTC to intervene quietly to secure the assets. The NFTs are now in Yuga Labs’ custody and will remain there until Flooring Protocol deploys and verifies a fix for the underlying vulnerability.
Details of the Recovered NFT Collections
The 68 NFTs recovered in the operation span several well-known collections. According to Figge’s public disclosure, the assets include:
– 29 Bored Ape Yacht Club NFTs
– 4 Mutant Apes
– 1 Bored Ape Kennel Club NFT
– 2 CryptoPunks
– 1 Azuki
– 2 Elementals
– 26 Captains
– 1 Moonbird
– 2 Doodles
These collections are often described as blue-chip NFTs within the Ethereum ecosystem. The intervention marks a case in which a major NFT issuer treated a third-party protocol failure as an incident requiring direct response, using its own trading infrastructure to prevent further losses.
No equivalent prior operation by an NFT creator of Yuga’s scale has been publicly documented, according to the information provided.
How the Flooring Protocol Exploit Worked
Flooring Protocol allows NFT holders to fractionalize assets into micro-tokens and pool them to access liquidity. The protocol uses ERC-20 tokens known as fpTokens to represent fractionalized ownership of locked NFTs.
The vulnerability was traced to the platform’s BT404-style smart contract, specifically to packed storage and token-indexing logic. Yuga Labs’ Vice President of Blockchain, known on-chain as 0xQuit, identified that a small deposit of Wrapped Ether could be used to generate a near-infinite balance of fpTokens.
With that artificially manufactured balance, an attacker was able to drain NFT pools and redeem the underlying NFTs. 0xQuit described the core issue as “ghost ownership,” where the contract’s local state recorded an attacker as the legitimate owner of assets they did not actually possess. This accounting mismatch extended to secondary pools, increasing the scope of the exploit.
A second related attack path was later identified, exposing additional risk to pools that included Yuga-affiliated NFTs. Security researcher Coffee assisted 0xQuit in assessing the full extent of the vulnerability.
Yuga Labs’ Custody and Ongoing Risk Warnings
After confirming the second attack path, Yuga Labs moved to extract the at-risk NFTs before further malicious activity could occur. By acting as a white-hat participant, GrailsOTC effectively preempted potential attackers by interacting with the vulnerable state before it could be exploited again.
Yuga Labs has stated that it does not consider the recovered NFTs permanently transferred. The company intends to return them to their rightful owners once Flooring Protocol deploys a verified fix.
Figge warned that the unpatched vulnerability continues to pose risks to holders of Bored Ape Yacht Club and CryptoPunks NFTs if not addressed. He also noted that exposure may extend beyond what has already been exploited.
Separately, 0xQuit advised users not to deposit additional NFTs into Flooring Protocol until a confirmed fix is live.
Unresolved Losses and Pending Remediation
Some NFTs remain under attacker control, according to 0xQuit’s accounting. The total scale of the initial attack prior to Yuga’s intervention has not been independently quantified, and overall losses to Flooring Protocol liquidity providers have not been confirmed.
As of the reported timeframe, Flooring Protocol had not published a post-mortem analysis or provided a remediation timeline. The absence of a verified fix means that the protocol’s pools may remain vulnerable until corrective measures are implemented and audited.
Our Assessment
Yuga Labs intervened directly in an active exploit affecting Flooring Protocol, securing 68 NFTs valued at more than $500,000 through its GrailsOTC desk. The exploit involved a smart contract flaw that enabled attackers to generate near-infinite fpTokens and drain NFT pools. While the rescued assets are being held pending a verified fix, some NFTs remain under attacker control and the protocol has not yet issued a post-mortem or confirmed remediation timeline. The incident highlights operational and smart contract risks within NFT liquidity platforms and the potential for third-party protocol failures to affect major NFT collections.
