NFTs worth millions of dollars have been reported stolen after the official Instagram account for Bored Ape Yacht Club (BAYC) was compromised. The Instagram account was then used to post a phishing link that transferred tokens out of users’ crypto wallets.
BAYC disclosed on Twitter by BAYC on Monday morning. “There is no mint going on today,” the Tweet read. “It looks like BAYC Instagram was hacked.”
How the Hack happened
According to Coindesk in an email from a BAYT spokesperson, “The hacker posted a fraudulent link to a copycat of the Bored Ape Yacht Club website, where a safeTransferFrom attack asked users to connect their MetaMask to the scammer’s wallet in order to participate in a fake Airdrop.”
“At 9:53am ET, we alerted our community, removed all links to Instagram from our platforms and attempted to recover the hacked Instagram account.” the spokesperson added.
“Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs estimated at a total value of ~$3m,” the spokesperson said. “We are actively working to establish contact with affected users.”
A Twitter user posted a Tweet purportedly showing an OpenSea page for the hacker’s account receiving more than a dozen NFTs from the Bored Ape, Mutant Ape, and Bored Ape Kennel Club projects — all presumably taken from users who connected their wallets after clicking on the phishing link.
The profile page tied to the hacker’s wallet address was no longer visible on OpenSea at time of publication. The Verge says that OpenSea head of communications Allie Mack confirmed that the hacker’s account had been banned on the platform, as OpenSea’s terms of service prohibited fraudulently obtaining items or otherwise taking them without authorization.
Related Story: Top 5 Valuable NFTs Ever Sold
Yuga Labs, the BAYC creators said in a statement: “Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. Two-factor authentication was enabled and the security practices surrounding the IG account were tight.”
1 Comment
Pingback: NEW! Attackers use new trick on Facebook to steal passwords - Innovation Village | Technology, Product Reviews, Business