Thief steals $1 million worth of Bored Ape Yacht Club NFTs with Instagram hack

Thief steals $1 million worth of Bored Ape Yacht Club NFTs with Instagram hack

Thief steals $1 million worth of Bored Ape Yacht Club NFTs with Instagram hack

A hacker stole multimillion-dollar NFTs after compromising the official Bored Ape Yacht Club (BAYC) Instagram account and using it to post a phishing link that transferred tokens out of crypto wallets users.

The hack was leaked on Twitter by BAYC just before 10 a.m. ET on Monday morning. “There is no mint going on today,” the Tweet read. “Looks like BAYC Instagram has been hacked.”

Another Tweeter from a user unaffiliated with the project claimed to show the image that was posted from the BAYC account, promoting an “airdrop” – essentially a free token giveaway – for all users who connected their wallets MetaMask.

Unfortunately, BAYC’s warning came too late for a number of holders of the extremely expensive Bored Ape NFTs, as well as many other valuable NFTs stolen in the hack. A screenshot posted by a Twitter user showed an OpenSea page for the hacker’s account receiving over a dozen NFTs from the Bored Ape, Mutant Ape and Bored Ape Kennel Club projects – all likely taken from users who connected their wallets after having clicked on the phishing link.

The profile page linked to the hacker’s wallet address was no longer visible on OpenSea at the time of publication. OpenSea communications manager Allie Mack confirmed The edge that the hacker’s account had been banned on the platform because OpenSea’s terms of service prohibited fraudulently obtaining items or otherwise taking them without permission.

But given the decentralized nature of NFT, the contents of the hacker’s wallet can still be viewed on other platforms. Viewed through the Rarible NFT platform, the wallet contained 134 NFTs, including four Bored Apes and many other items from projects made by Yuga Labs – the creators of BAYC – such as Mutant Apes and Bored Ape Kennel Club.

Independently, each of the stolen monkeys is worth well into six figures based on the most recent sale price. The cheapest Ape, #7203, was last sold four months ago for 47.9 ETH, which equals $138,000 at the current exchange price. Ape #6778 was last sold for 88.88 ETH ($256,200), while Ape #6178 sold for 90 ETH or $259,400. And Bored Ape #6623 was the most valuable of them all, selling three months ago for 123 ETH ($354,500) – meaning collectively the total value of the four stolen apes is just over a million of dollars.

It is not yet clear how the hacker was able to compromise the project’s Instagram account. In a statement sent to The edge via email and also posted on Twitter, Yuga Labs mentioned that two-factor authentication was enabled at the time of the attack and that Instagram account security followed best practices. Yuga Labs also said the team is actively working to establish contact with affected users.

Although NFTs can be bought and sold for huge sums of money, they are often held in smartphone wallets rather than more secure environments, as the popular decentralized crypto wallet app MetaMask only supports NFT display on mobile. It also encourages users to manage NFTs through the smartphone app rather than the browser-based extension. This means that using Instagram to provide a phishing link is an effective way to steal NFTs, as the phishing link is more likely to interact with a mobile wallet.

While security advice in the crypto space suggests that NFT holders never connect their wallet to an unknown or untrusted third party, the fact that the phishing link was sent via the official BAYC social media account likely convinced the victims that it was legitimate, raising difficult questions about where exactly the fault lies.

Yuga Labs did not respond to an email from The edge asking if the victims of the hack would be compensated by the project for their losses.

#Thief #steals #million #worth #Bored #Ape #Yacht #Club #NFTs #Instagram #hack

Tags: , , , , , , , , , ,

Leave a Reply

Your email address will not be published.