More Than $500,000 in NFTs Rescued in Yuga-Led White-Hat Operation

Yuga Labs has recovered 68 NFTs price greater than $500,000 in an emergency white-hat operation, securing belongings uncovered by a Flooring Protocol exploit earlier than attackers may drain them.

The recovered haul contains 29 Bored Apes, two CryptoPunks, and 4 Mutant Apes, now held in Yuga’s custody for return to house owners as soon as the protocol is mounted.

How the Exploit Unfolded

Flooring Protocol is an NFT liquidity platform. Users lock NFTs and obtain fungible fpTokens pegged one-to-one to these deposits.

The attacker began with a small quantity of Wrapped Ether (WETH). They then abused a flaw in the protocol’s packed accounting logic to mint a near-infinite fpToken stability.

According to Yuga’s VP of blockchain, 0xQuit, a maliciously crafted token ID created what he referred to as a ghost possession state. Ownership checks handed beneath one studying whereas inner bookkeeping diverged beneath one other.

A Flooring exploit as we speak turned a mud quantity of WETH right into a near-infinite fpToken stability, permitting the attacker to empty Flooring swimming pools.

This led to a followup opportunist scooping up tokens from the now depleted swimming pools and exchanging them for underlying NFTs.

1/🧵

— Quit (@0xQuit) June 8, 2026

Follow us on X to get the most recent information because it occurs

Two unchecked underflows adopted, wrapping the attacker’s stability to an unlimited determine. They dumped fpToken costs towards zero and drained the affected swimming pools.

Why Yuga Stepped In

Researchers then discovered a second assault path that uncovered higher-value swimming pools, together with blue-chip NFT collections. Those belongings had escaped the primary wave solely as a result of their swimming pools held little liquidity.

The stakes sat in these flagship traces. Bored Ape flooring stood close to 8.95 ETH, about $15,121, whereas CryptoPunks held above 32 ETH, or roughly $55,248, based on CoinGecko information on June 8.

At these ranges, the 29 Bored Apes alone had been price about $441,000, the biggest single line in the haul.

That math squares with the determine of greater than $500,000 throughout all 68 NFTs cited by 0xQuit. The exploit additionally struck over the weekend, when fewer groups monitor on-chain exercise.

Flooring Protocol entered sundown mode final 12 months, and its NFT division was left largely unmanaged. The authentic architect stayed on as a liquidity supplier and misplaced his personal belongings in the assault.

CEO Michael Figge mentioned he instructed the GrailsOTC desk to entrance cash and NFTs for the rescue. The group then deployed a contract that used the identical bug class defensively, echoing earlier white-hat recovery efforts throughout DeFi.

We’ve simply completed a whitehat operation on an exploit found in Flooring Protocol.

Now safely in the custody of Yuga Labs:

29 bored apes
4 mutant apes
1 bakc
2 cryptopunks
1 azuki
2 elementals
26 captains
1 moonbird
2 doodles@0xQuit, our VP of Blockchain recovered the…

— figge (@mfigge) June 8, 2026

Yuga, which additionally acquired the CryptoPunks collection, framed the transfer as momentary. The architect, posting as 0xFreeLunch, took accountability and blamed gas-optimized code that hid the bug from auditors.

What Happens Next

The architect additionally suspects the attacker used superior AI tooling, given the exploit’s complexity. Quit, in the meantime, urged holders to remain away from the platform.

“It’s vital to NOT deposit any extra NFTs into Flooring Protocol, as these may turn into instantly weak,” Quit stated.

The exploiters nonetheless maintain different stolen NFTs, so the case is just not closed. Like different DeFi projects after exploits, Flooring now faces attainable contract relaunches and choices on compensating affected holders.

The publish More Than $500,000 in NFTs Rescued in Yuga-Led White-Hat Operation appeared first on BeInCrypto.