Yuga Labs Recovers 68 NFTs After Flooring Protocol Exploit

Yuga Labs Recovers 68 NFTs Worth Over $500,000 – White-Hat Operation Targets Flooring Protocol Exploit

Key Takeaways

Yuga Labs recovered 68 NFTs valued at more than $500,000 in a white-hat operation linked to a Flooring Protocol exploit.
The rescued assets include 29 Bored Apes, two CryptoPunks, four Mutant Apes and other high-value NFTs.
The exploit allowed an attacker to mint a near-infinite fpToken balance and drain liquidity pools.
Yuga Labs deployed a contract using the same bug class defensively to secure exposed NFTs.
Flooring Protocol has entered sunset mode and now faces decisions on fixes and potential compensation.

Yuga Labs Secures High-Value NFTs After Flooring Protocol Exploit

Yuga Labs has taken custody of 68 non-fungible tokens following an exploit affecting Flooring Protocol, an NFT liquidity platform. According to statements from Yuga executives, the recovered assets are worth more than $500,000 and will be returned to their original owners once the protocol issue is resolved.

The secured NFTs include 29 Bored Ape Yacht Club tokens, four Mutant Apes, two CryptoPunks, one Bored Ape Kennel Club NFT, one Azuki, two Elementals, 26 Captains, one Moonbird and two Doodles. The largest single portion of the haul consists of Bored Apes. Based on CoinGecko data cited on June 8, Bored Ape floor prices were near 8.95 ETH, or about $15,121 per token, while CryptoPunks were trading above 32 ETH, or roughly $55,248.

At those levels, the 29 Bored Apes alone represented approximately $441,000 in value. Combined with the other recovered tokens, the total exceeded half a million dollars.

How the Flooring Protocol Exploit Worked

Flooring Protocol allows users to deposit NFTs in exchange for fungible fpTokens pegged one-to-one to the deposited assets. These tokens can then be traded or used within liquidity pools.

According to Yuga Labs Vice President of Blockchain, known as 0xQuit, the attacker began with a small amount of Wrapped Ether. They exploited a flaw in the protocol’s packed accounting logic, enabling the creation of a near-infinite fpToken balance.

The vulnerability involved a maliciously crafted token ID that created what 0xQuit described as a ghost ownership state. In this scenario, ownership checks passed under one interpretation of the contract’s logic, while internal bookkeeping diverged under another. This inconsistency allowed the attacker to manipulate balances.

Two unchecked underflows followed, which wrapped the attacker’s balance to an extremely large figure. The attacker then drove fpToken prices toward zero and drained liquidity pools. A secondary opportunistic actor subsequently acquired tokens from the depleted pools and exchanged them for underlying NFTs.

Second Attack Path Exposed Blue-Chip NFT Pools

After the initial exploit, researchers identified a second attack vector affecting higher-value pools. These included collections considered blue-chip within the Ethereum NFT ecosystem, such as Bored Ape Yacht Club and CryptoPunks.

According to 0xQuit, those pools had avoided the first wave of losses largely because they held limited liquidity at the time. However, the second vulnerability left them exposed. The exploit occurred over a weekend period, when fewer teams typically monitor on-chain activity.

Flooring Protocol had entered sunset mode the previous year, and its NFT division was largely unmanaged. The original architect of the protocol remained involved as a liquidity provider and reportedly lost personal assets in the attack.

White-Hat Intervention and Temporary Custody

Yuga Labs CEO Michael Figge stated that he instructed the GrailsOTC desk to front funds and NFTs to facilitate a recovery operation. The team deployed a smart contract that used the same class of bug defensively, a technique previously seen in decentralized finance white-hat interventions.

Through this operation, Yuga Labs transferred the exposed NFTs into its custody. The company has stated that the move is temporary and that assets will be returned to their rightful owners once the protocol is fixed.

The protocol’s architect, posting under the name 0xFreeLunch, accepted responsibility and attributed the flaw to gas-optimized code that concealed the issue from auditors. He also suggested that the exploit may have involved advanced AI tooling, citing the complexity of the attack. No further technical confirmation of that claim has been provided.

Ongoing Risk and Next Steps for Flooring Protocol

Yuga Labs has warned NFT holders not to deposit additional assets into Flooring Protocol, stating that such deposits could become immediately vulnerable. The exploiters still retain other stolen NFTs, and the incident remains unresolved.

As with other decentralized finance projects following major exploits, Flooring Protocol now faces decisions regarding contract relaunches and potential compensation mechanisms for affected users. The scope of losses beyond the recovered NFTs has not been detailed in the available information.

For NFT holders and market participants, the incident highlights operational risks tied to liquidity protocols that tokenize deposited assets. In this case, flaws in accounting logic and balance handling enabled the creation of synthetic supply that destabilized pools and exposed underlying NFTs to extraction.

Our Assessment

Yuga Labs recovered 68 NFTs valued at more than $500,000 after identifying and exploiting the same vulnerability used in an attack on Flooring Protocol. The incident involved flaws in accounting logic that enabled near-infinite token minting and liquidity pool drains. While the recovered NFTs are now in temporary custody and expected to be returned, exploiters still hold additional assets and the protocol must address structural weaknesses before operations can be considered secure again.