On Monday afternoon, the Bored Ape Yacht Club announced that its account instagram had been hacked and that a fraudulent link had been shared by the hacker.
44 users have been victims of the scam and the total loot of the hacker could approach 2.4 million dollars according to an estimate, of which one million comes from stolen Bored Ape.
Several dozen victims
Earlier in the week, a post on the official Instagram account of the Bored Ape Yacht Club (BAYC), an ultra-popular collection of NFTs loved by influencers and celebrities, promised an “airdrop”. Airdrops are a popular marketing tactic in the field, where project developers offer free tokens to users, often to promote a new collection or project. Lured by the greed of BAYC NFTs typically fetching several hundred thousand dollars, several users clicked on the post’s link to get what they thought was a free token. In reality, the account had been hacked and the link belonged to a hacker.
By connecting their MetaMask wallets and confirming the transaction on the scam site, users saw their NFTs disappear and be transferred to the scammer’s account. Despite the warning from the Bored Ape Yacht Club on its Twitter account and on its other communication channels, the hack would have caused several dozen victims. As visible on Rarible, the hacker’s wallet contains hundreds of NFTs, including four Bored Ape, which alone are worth more than a million dollars. According to Molly White of Web3 is Going Great44 people were allegedly victims of the scam and the loot amassed by the hacker amounted to 133 NFTs, which would correspond to approximately $2.4 million in total.
A still mysterious hack
How was access to the Bored Ape Yacht Club Instagram account obtained by the hacker? It’s not clear yet. In a thread, the creators of the collection indicate that they followed the ” best practices in terms of security for their account, and that two-factor authentication was enabled. They also say they are working with the social network team to determine how their account may have been compromised. In the meantime, access to the account has been recovered by the collective, which has removed the fraudulent links.
For the moment, the group has not spoken publicly about compensation for the victims, but they are invited to contact it via an email address made available to them. They also take advantage of this thread on Twitter to remind them of their practices. They indicate that none mint will be announced in priority on their projects’ Instagram accounts and that official information is published on their Twitter accounts and verified by a message on their Discord.
On the same subject :
The Bored Ape Yacht Club’s NFTs will become… a trilogy of animated shorts
Sources: The Verge, Web3 is Going Great, Twitter
19