Yuga Labs NFT rescue operation saves 68 NFTs worth over $500K

On June 8, Yuga Labs completed a rare Yuga Labs NFT rescue operation, pulling 68 high-value digital assets out of an active exploit before attackers could drain them from Flooring Protocol’s compromised liquidity pools. The rescued NFTs included Bored Apes, CryptoPunks, Azuki, Doodles, and Moonbirds, and their combined value topped $500,000.

CEO Michael Figge confirmed the rescue was finished, and he said the recovered assets are now safely in Yuga Labs’ custody. Meanwhile, the response drew immediate attention across the NFT and blockchain security community because of both its speed and its precision.

Flooring Protocol, for readers unfamiliar with the project, lets users lock NFTs in exchange for fungible tokens. In practice, that simple idea became the weak point: a deeply hidden bug in the protocol’s smart contract logic turned the mechanism into an attack path.

Yuga Labs NFT rescue operation secures 68 blue-chip NFTs

The full rescued haul includes 29 Bored Apes, 4 Mutant Apes, 1 BAKC, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird, and 2 Doodles. Together, the assets form a who’s who of blue-chip NFT collections, which is why their exposure alarmed traders and security researchers so quickly.

What Yuga Labs recovered and where the NFTs are now

All 68 NFTs are currently held securely by Yuga Labs. The company has said it will return them to their rightful owners after Flooring Protocol’s development team deploys a proper fix. Until that patch is confirmed live, no assets will be transferred, which shows the company is prioritizing user safety over speed.

That matters because these were not obscure assets sitting in a forgotten protocol corner. Several of the rescued NFTs belong to collections that trade for tens of thousands of dollars each. If an attacker had drained all of them, the result would have been a very public loss for the NFT ecosystem.

How the Flooring Protocol exploit worked

Why the bug could mint near-unlimited fpTokens

The technical path behind the breach is important. Yuga Labs’ blockchain lead, known on-chain as 0xQuit, traced the vulnerability to packed ownership and indexing logic inside Flooring Protocol’s smart contract.

In plain language, a malicious token ID could pass ownership verification checks while the underlying accounting recorded a different result. That mismatch created what 0xQuit described as “ghost ownership,” where a token appeared owned but the balance calculation disagreed. From there, an unchecked balance update triggered an underflow, inflating attackers’ fpToken balances far beyond what they should have held.

As a result, a tiny amount of WETH was enough to create what was effectively a near-infinite supply of fpTokens. That fungible token exploit then became the tool used to target NFT liquidity pools.

Impact on Flooring Protocol V2 and BitmapPunks

Once attackers had the inflated token balance, the rest of the attack followed a mechanical pattern. They pushed fpToken prices toward zero, drained the liquidity pools, and then redeemed the underlying NFTs. Flooring Protocol V2 and BitmapPunks were both affected, and the BitmapPunks team’s own liquidity pools were also hit through the same attack vector.

Flooring Protocol lead developer 0xFreeLunch publicly acknowledged the exploit and said the vulnerability survived multiple security reviews. He explained that gas-saving bit-level code concealed the flaw from auditors and took direct responsibility for the contract’s architecture. That admission raises uncomfortable questions about how many audited contracts may still carry buried risks.

Inside the rescue effort and the warning for users

Speed was everything in the Yuga Labs NFT rescue operation. Yuga Labs’ trading desk, GrailsOTC, fronted the capital and NFTs needed to move the at-risk assets out of the vulnerable pools before attackers could reach them. Security researcher Coffee also joined the operation and helped throughout the process.

Some collections had already been partially raided before the team understood the full scope of the threat. Even so, the rescue still recovered 68 NFTs worth more than $500,000, which makes the outcome more significant given that the attack was already underway.

The coordinated response across Yuga Labs’ internal teams and outside researchers reflects a model of rapid, community-driven security work that the broader NFT industry could learn from. When a protocol lacks the resources or speed to defend itself, outside support can make a real difference.

However, the vulnerability has not been patched yet, and that point remains the most important one for users. 0xQuit issued a direct warning: do not deposit any new NFTs into Flooring Protocol while the vulnerability remains open. Any newly deposited assets would face the same exploit vector.

The Flooring Protocol team is tracing extracted assets and working with security teams and exchanges to limit further damage. Even so, users should treat the protocol as off-limits for deposits until a formal patch announcement says otherwise.

This is also not Flooring Protocol’s first security incident. A prior breach cost the protocol about $1.5 million in NFTs, which adds context to the urgency here and to the questions now surrounding the protocol’s design choices.

More broadly, the incident shows that audited smart contracts are not automatically safe. Packed data structures, bit-level optimizations, and edge-case logic can hide serious flaws that only surface under adversarial conditions. For any protocol that holds real assets on behalf of users, that gap between “audited” and “secure” can translate into real financial damage.

FAQ

What was the nature of the Flooring Protocol exploit?

A bug in Flooring Protocol’s smart contract allowed attackers to generate a near-infinite balance of fpTokens using a small amount of WETH. The flaw came from packed ownership and indexing logic that created “ghost ownership,” which then enabled balance underflows and drained NFT liquidity pools.

How many NFTs did Yuga Labs rescue and what was their value?

Yuga Labs rescued 68 NFTs, including Bored Apes, Mutant Apes, CryptoPunks, Azuki, Doodles, Moonbirds, and others. The rescued assets were worth more than $500,000.

Who assisted Yuga Labs in the rescue operation?

Yuga Labs’ trading desk GrailsOTC provided the capital and NFTs needed to move assets out of vulnerable pools. Security researcher Coffee also assisted in the operation.

Are NFTs safe to deposit into Flooring Protocol now?

No. Yuga Labs blockchain lead 0xQuit has warned users not to deposit new NFTs into Flooring Protocol until the vulnerability is fully patched and a fix is officially deployed.

What caused the vulnerability in Flooring Protocol’s smart contract?

The flaw came from packed ownership and indexing logic in the contract’s code. A gas-saving bit-level optimization hid the bug during multiple security reviews, and the vulnerability allowed malicious token IDs to pass ownership checks while the balance accounting returned a different result.