Yuga Labs has rescued about $570,000 worth of NFTs after an exploit affected Floor Protocol on Sunday. The team behind Bored Ape Yacht Club said the operation removed exposed assets before another actor could drain them.
- Yuga Labs rescued about $570,000 worth of NFTs after a Floor Protocol exploit exposed vulnerable pools.
- The whitehat operation secured 29 Bored Apes and two CryptoPunks before another actor could drain them.
- Yuga Labs currently holds the rescued NFTs while coordinating with Floor Protocol developers on returns.
The rescued items included 29 Bored Apes and two CryptoPunks, among other NFTs. Yuga Labs said it now holds the assets while working on a return process.
Yuga Labs moves exposed NFTs from pools
According to Yuga Labs vice president of Blockchain 0xQuit, the team found the exploit after reviewing Floor Protocol activity. Floor Protocol had stopped operations last year, but some NFT pools still contained assets. The platform previously allowed users to deposit NFTs into pools and receive fungible μTokens. Users could then trade those tokens or burn them to redeem the underlying NFT. The Sunday exploit created a path to drain those pools.
0xQuit said the team found another exploit route after deeper review. “After digging deeper, we found another related exploit path,” 0xQuit wrote on X. The post said the route could affect more vulnerable Flooring pools. Yuga Labs then moved exposed NFTs from those pools before another exploit attempt. The team described the action as a whitehat operation.
The rescued assets included high-value Ethereum NFT collections. Yuga Labs said it acted to protect Bored Apes and other exposed items. The operation also covered two CryptoPunks, according to the provided report. The team now maintains control of the NFTs. It plans to coordinate with Floor Protocol developers on the next steps.
Floor Protocol exploit involved μToken balances
Floor Protocol used a liquidity model tied to deposited NFTs and μTokens. The system allowed users to gain liquidity without directly selling their NFTs. However, the exploit reportedly targeted the relationship between wrapped Ethereum and μToken balances. According to 0xQuit, attackers could turn a small amount of wETH into a nearly unlimited μToken balance. That balance could then help drain NFTs from affected pools.
Yuga Labs said its goal involved removing exposed assets before another party used the same method. 0xQuit wrote that the team wanted to extract vulnerable NFTs first. The post said another malicious actor could have used the same paths. The team therefore moved the assets to stop further losses. Yuga Labs did not say the owners had already received the NFTs back.
Yuga Labs CEO Michael Figge also commented on the response. “Thanks to this move, we were able to save dozens of assets,” Figge wrote on X. He said the action prevented market impact and protected Flooring protocol tokens. The company’s statements framed the move as a recovery effort. Floor Protocol developers still need to help settle ownership and return issues.
NFT market remains below 2022 levels
The rescue took place after a long decline in NFT trading activity. Bored Apes traded above $300,000 during the market peak in early 2022. At that time, Ethereum NFT daily sales often topped $100 million, according to CryptoSlam data.
In 2026, the highest daily sales volume reached $32.3 million. The figures show a much smaller market than the 2022 peak. The Floor Protocol incident involved assets from a platform that no longer operates actively. Even so, remaining pools still carried exposure to smart contract risks. Yuga Labs said it acted after finding the exploit route on Sunday morning. The team continues to hold the rescued NFTs while seeking a return plan. The next step depends on coordination with Floor Protocol developers.
