The official BAYC Instagram account @boredapeyachtclub was hacked Monday morning and followers fell victim to a phishing link scam, losing millions of dollars worth of NFTs.
The BAYC Twitter account @BoredApeYC posted a warning, but not before several IG followers believed hackers contacting them were IG admins.
Those followers were sent a link to a fake airdrop and phished – it’s possible for a crypto wallet such as Metamask to be emptied of all non-fungible tokens and cryptocurrency holdings within it, as soon as the owner clicks a link or connects their wallet to a scam site.
BAYC IG Phishing Scam
NFT news media outlets reported the losses to be in the $1 million range, and some NFT Twitter users estimated it to be over $3 million, a calculation based on some of the Apes having rare traits and being worth much more than the current BAYC floor price.
A message on the BAYC Instagram has been posted explaining two-factor authentication was enabled and the best security practices were in place. However the hacking still took place.
The IG hack resulted in 4 Apes, 6 Mutants, 3 Kennels, and some other assorted valuable NFTs being lost. We will be in contact with the users affected and will post a full post mortem on the attack when we can. For now I would like to stress that 2FA was enabled on the account. https://t.co/bsc3tHt9QG
— Garga.eth (@CryptoGarga) April 25, 2022
BAYC retweeted a Yuga Labs cofounder @CryptoGarga saying the IG hack resulted in the following NFTs being stolen:
- 4 Bored Apes
- 6 Mutant Apes
- 3 Kennels (Bored Ape Kennel Club dogs)
- Various other valuable NFTs
Other Twitter accounts put the total at 7 MAYCs and included a CloneX NFT. Some individual NFTs with high rarity were worth upwards of half a million dollars.
Noted crypto investigator @zachxbt reported a total of 91 NFTs were stolen and mapped out the hackers’ address.
Mapped out the hackers address here: pic.twitter.com/HLFFzRSnIn
— zachxbt (@zachxbt) April 25, 2022
The stolen NFTs were instantly sold at whatever the highest current bid price was for each, then the funds transferred through Tornado Cash and various crypto exchanges.
Update – Blockworks have even estimated the hacking may have been for closer to $10 million dollars worth of NFTs.
We’ve written before about NFT airdrop scams, see our coverage of that for tips on how to keep your NFTs safe, including advice from @zachxbt.
Don’t click links or link your wallet to anything without double and triple checking everything – take a look on social media like Twitter and Discord to check if a promotion is what it says it is. In almost 100% of cases a giveaway is fake if you are sent a DM (direct message).
Scammers will make their profile look like the admin of a project, or a celebrity like Elon Musk. Even small Twitter, Telegram and Youtube channels have imposters trying to set up scams, either in the replies and comments or over DM.
In this case Bored Ape NFT owners fell for the scam as there are rumors of a real upcoming airdrop of virtual land plots in the Otherside metaverse, called the ‘Genesis drop’. However that would never have been arranged over a private message.
Its possible some of the Ethereum will have been blacklisted by exchanges and be able to be tracked down and recovered eventually, as happened recently with the Bitfinex exchange hacking. Victims may also be compensated by BAYC creators Yuga Labs – their company has been valued at $5 billion.
Also see our guide to the best NFT wallets.
Cryptoassets are a highly volatile unregulated investment product.
Discuss This Article
Add a New Comment /Reply
Thanks for adding to the conversation!
Our comments are moderated. Your comment may not appear immediately.