TLDR
- Yuga Labs completed a whitehat rescue operation on June 8 after an exploit hit Flooring Protocol
- 68 NFTs were saved, including Bored Apes, CryptoPunks, Azuki, Doodles and Moonbirds, worth over $500,000
- A bug allowed attackers to mint near-unlimited tokens and drain NFT liquidity pools
- Flooring Protocol warned users not to make new deposits while the vulnerability remains unresolved
- The team is working with developers to return the rescued assets once a fix is in place
Yuga Labs rescued 68 NFTs on June 8 after an exploit was discovered in Flooring Protocol, a platform that allows users to lock NFTs in exchange for fungible tokens.
Yuga Labs completes whitehat rescue of high-value NFTs in Flooring Protocol exploit
Yuga Labs CEO Michael Figge said the team has completed a whitehat rescue operation for an exploit discovered in Flooring Protocol.
The rescued NFTs are now safely in Yuga Labs’ custody,… pic.twitter.com/ds7f3plmqE
— Wu Blockchain (@WuBlockchain) June 8, 2026
CEO Michael Figge confirmed the operation was complete and that the assets are now in Yuga Labs’ custody.
The rescued collection included 29 Bored Apes, 4 Mutant Apes, 1 BAKC, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird and 2 Doodles.
How the Exploit Worked
The vulnerability allowed a small amount of WETH to generate a near-infinite balance of fpTokens, the protocol’s fungible tokens.
Yuga Labs blockchain lead, known as 0xQuit, explained the bug came from packed ownership and indexing logic. A malicious token ID could pass ownership checks while the accounting showed a different result.
This created what 0xQuit called “ghost ownership.” An unchecked balance update then caused an underflow, giving attackers a far larger token balance than they should have had.
With that inflated balance, attackers could push token prices close to zero and drain liquidity from the pools, then redeem the underlying NFTs.
Rescue Operation Details
Yuga Labs’ trading desk, GrailsOTC, fronted the funds and NFTs needed to move the at-risk assets out of the vulnerable pools before attackers could reach them.
Security researcher Coffee also assisted in the operation. Some collections had already been raided before the team identified the full risk.
0xQuit estimated the rescued assets were worth more than $500,000.
Yuga Labs said it will hold the NFTs securely and work with Flooring Protocol’s development team to return them once a patch is deployed.
Protocol Still Vulnerable
Flooring Protocol’s lead developer, known as 0xFreeLunch, confirmed the exploit affected Flooring Protocol V2 and BitmapPunks.
He said both projects used contracts where fungible tokens were pegged 1:1 to locked NFTs. The vulnerability allowed excess tokens to be minted and redeemed despite multiple security reviews.
0xFreeLunch said the attack surface was larger than the first attacker appeared to realize. The same vector also drained liquidity pools belonging to the BitmapPunks team.
0xQuit warned users not to deposit any more NFTs into Flooring Protocol. Newly deposited assets could be at risk while the vulnerability remains open.
The Flooring Protocol architect said he takes responsibility for the contract design and that gas-saving bit-level code hid the flaw from earlier audits.
This is not the first time the protocol has faced a security breach. A previous incident resulted in losses of around $1.5 million in NFTs.
The team is currently tracing extracted assets and coordinating with security teams and exchanges.
Be the first to comment