In yet another blow to NFT holders, roughly $13 million worth of Bored Ape Yacht Club (BAYC) NFTs and millions of ERC-20 tokens have been stolen after the minter’s official Instagram account was hacked on April 25, 2022.
The attacker(s) took over the official BAYC Instagram account. They then posted a fraudulent “mint” link to followers, directing them to a cloned website with a fake airdrop. NFT holders were then asked to approve transactions, immediately transferring valuable assets in the phishing attack.
It is estimated that 24 Bored, 30 Mutant Apes, and several million dollars of ERC-20 tokens might have been stolen.
This is higher than initial estimates.
From their official Twitter account, BAYC confirmed the hack:
This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.
According to observers, the “hack” seemed to be well-timed. This week, BAYC was to announce a land sale in the upcoming “OutsideMeta”. Therefore, the hacker took advantage of the hype ahead of the sale. From there, it leveraged the official Instagram account in a phishing attack that came as a sucker punch to impacted BAYC holders. Apparently, victims acted fast without “thinking” so as not to miss out on what will be valuable BAYC Land.
However, BAYC’s official communique is done first, through Twitter. Afterward, the same is dispersed in other social media channels like Discord. BAYC confirmed that it never conveys crucial information via Instagram.
The hack is a major blow to the NFT ecosystem. It further questions the community preparedness and the validity of “official” or verified communications. The failure of crypto users has once again caused them to bear huge losses. They have subsequently lost control of scarce and immensely valuable NFTs.
A user on Reddit is urging users to be critical before aping in lest they risk losing their valuable assets:
So, consider this a friendly reminder to all of you NFTers, Bitcoiners, and shitcoiners to use those critical thinking skills before sharing anything with anybody online. Just because an “official” social media entity blasts something out doesn’t necessarily make it so.
According to trackers, hackers have begun moving stolen apes to other wallets when writing. Despite being marked, these NFTs would likely be sold to unsuspecting fans in different markets at a lower price.
- nft blockmagnates: Photo by Tezos on Unsplash