The latest high-profile non-fungible token (NFT) project to be targeted by hackers is the Bored Apes Yacht Club (BAYC), which alerted its community this week that hackers had compromised its Instagram account.
The notice warned community members not to participate in any offers to mint NFTs as it was not carrying out such activity. Bored Apes also reminded their users not to click any links or link their wallets to anything.
🚨There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
Losses rain on BAYC NFT owners
This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer's wallet.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
In an extended update, the BAYC team stated that it was still trying to figure out how the hackers hijacked the Instagram account. At the time of the compromise, 2FA authentication and all security best practices were in place for the account.
The team explained that after gaining control of the Instagram account, the hackers posted a fraudulent link to a replica of the BAYC website. The website offered a fake airdrop where users were asked to mint virtual land in the project’s upcoming metaverse project, the Otherside.
However, users who clicked on the offer were prompted to sign a ‘safeTransferFrom’ transaction. And those who signed in had their assets transferred to the scammer’s wallet.
Despite the team’s swift action to alert the community and remove links to the compromised account from all its other information channels, some users still fell victim to the scammers.
According to reports from multiple sources, including Bloomberg, the hackers stole assets worth around $3 million. An investigation by Zachxbt, a digital assets security researcher, revealed that 91 NFTs were stolen. Among them were four BAYC, seven MAYC, and one CloneX.
Zachxbt also found that most of the funds from the sale of the stolen NFTs found their way to KuCoin, while the rest ended up on Binance. It is possible the hackers also used accounts with stolen KYC on the centralized exchanges.
Yuga Labs is still proceeding with its plans
The BAYC team has directed all affected users to contact them through a designated email address. They also implored the community to only pay attention to announcements from its official Twitter handles, namely @BoredApeYC, @yugalabs, and @OthersideMeta.
The hack has been the second compromise the project has suffered this month. In the first event, the Discord account of the project was hijacked, leading to losses of NFTs. The continued hacks in the industry have raised questions about its sustainability and if projects are nothing more than just hype.
Regardless, BAYC continues to be one of the highest valued NFT collections and enjoys patronage from many celebrities. Yuga Labs, the company behind the project, is also set to launch a metaverse built around the various NFT collections it controls later this month.
Watch: CoinGeek New York panel, Tokenized Assets, Stablecoins and Custody with BSV
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
