Yuga Labs Removes Dangerous Code That Could Bring BAYC Floor Price Down

KEY POINTS

Around 200 ETH ($360,000) NFTs were stolen because of the Discord server hack that happened a few days ago
There is a code that when exploited could allow malicious actors to mint BAYC NFT infinitely
Bored Ape Yacht Collection's floor price is 93.88 ETH

Yuga Labs, the blockchain tech company that develops Non-Fungible Tokens (NFTs) and other digital collectibles, has announced that it has removed the code that gives the ability to mint Bored Ape Yacht Club NFTs, thereby revoking a possible hack vulnerability that could see malicious actors flood the market with BAYC NFTs, eventually plummeting its floor price.

The hack on Discord servers a few days ago resulted in a lot of stolen NFTs amounting to around 200 ETH, which could be one of the reasons why Yuga Labs finally decided to fix an exploitable vulnerability by revoking a code that would allow malicious actors to mint infinite number of BAYC NFTs. Last year, the team announced its plan to remove the dangerous code but was only able to do so this week.

"The contract owner has now been burned. While we’d been meaning to do this for a long time, we hadn't out of an abundance of caution. Felt comfortable doing it now. All done. In lay terms: The issue flagged in this article is now impossible," Yuga Labs co-founder and BAYC developer who goes by the Twitter handle EmperorTomatoKetchup tweeted. They also provided a link to the transaction where they revoked the said code.

BAYC upcoming — Thumbnail of BAYC’s upcoming Metaverse the "Otherside." YouTube

The contract owner has now been burned. While we’d been meaning to do this for a long time, we hadn't out of an abundance of caution. Felt comfortable doing it now. All done.
In lay terms: The issue flagged in this article is now impossible.
— EmperorTomatoKetchup (@TomatoBAYC) June 7, 2022

Yuga Labs was made aware of the issue in June 2021 when NonFungibles CEO Dan Kelly pointed it out via a tweet that Yuga Labs can mint as many BAYC NFTs as it liked. "Obviously, we're never going to call that function again and we're planning on revoking ownership in the next day or two," Bored Ape's Twitter handle told Kelly at the time, adding that the team was "talking about this."

It seems that the hard cap is not actually 10k since the owner can "reserve"/mint as many as they like. @BoredApeYC, any plans to remove the contract owner (or set to an non-existant wallet)? pic.twitter.com/3V7ffXh8yB
— Dan 'AF' Kelly (dafky2000.eth) (@dafky2000) June 2, 2021

However, it looks like the team did not do anything about this code as proven by an NFT developer who goes by the Twitter handle foobar. "There is a single private key out there that can mint an infinite number of new OG @BoredApeYC at any time. If the token contract owner (a personal wallet, not a multisig) gets hacked or phished, you might see thousands of new bored apes minted and dumped onto the market," they tweeted Monday.

There is a single private key out there that can mint an infinite number of new OG @BoredApeYC at any time.

If the token contract owner (a personal wallet, not a multisig) gets hacked or phished, you might see thousands of new bored apes minted and dumped onto the market pic.twitter.com/CLZGaDz1Yx
— foobar (@0xfoobar) June 5, 2022

It was only Tuesday that Yuga Labs acted and revoked the dangerous code. Bored Ape Yacht Collection's floor price is 93.88 ETH with a 24-hour volume of 732.64 ETH as of 4:32 a.m. ET on Thursday as per CoinGecko's latest data.