Bored Ape Yacht Club hack. $3 million worth of NFT stolen
Reading time:
10 min
Hackers compromised the Instagram account and Discord server of the NFT project Bored Ape Yacht Club in an unknown manner. The attackers distributed a fake airdrop ad with a malicious link to subscribers and ended up stealing NFTs worth about $3 million in total.
Representatives of Yuga Labs, the company behind Bored Ape Yacht Club, said of the hack on official Twitter.
Looks like BAYC's Instagram has been hacked. No minting, don't click on links and don't link your wallet to anything, Yuga Labs warned.
Hackers reportedly announced a fake airdrop through the compromised accounts, accompanying the ads with a malicious link that led people to a phishing site that looked to mimic the official Bored Ape Yacht Club website, where they ended up handing over control of their wallets to the criminals.
Interestingly, Yuga Labs assures that two-factor authentication was enabled for the compromised accounts and security measures in general “were tight”. An investigation into what happened is underway, but it's still quite unclear how the attackers were able to gain access to the accounts.
According to OpenSea, 24 NFTs from the Bored Apes collection and 30 from Mutant Apes have changed owners since the hack. It is noted, however, that some NFT holders may themselves have transferred tokens to others for security reasons. The value of these 54 NFTs is approximately $13.7 million.
Independent researcher Zachxbt shared a link to the hacker's Ethereum address, which is currently being tagged as a phishing site on Etherscan. Apparently, this address received 134 NFTs in a matter of hours.
Yuga Labs claims that there were far fewer victims. According to the company, 4 NFT Bored Apes, 6 Mutant Apes and 3 BAKC were stolen in the attack, with a total value of approximately $2.7 million.