What just happened? Several owners of what is arguably the most famous NFT collection, Bored Ape Yacht Club (BAYC), have had their digital assets stolen after a hacker or hackers took over the official BAYC Instagram and Discord accounts. It’s estimated that the non-fungible tokens pilfered in the hack are worth millions of dollars.
The scam involved taking over the social media accounts and pushing out messages with a link that claimed users could mint land in the upcoming Otherside metaverse. Those who clicked on the link and connected their MetaMask wallets found that their Bored Apes NFTs had been transferred to new, hacker-owned wallets, as had tokens from Mutant Apes and Bored Ape Kennel Club—projects that also come from Yuga Labs.
“There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links or link your wallet to anything,” the project tweeted.
🚨There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
“The hacker posted a fraudulent link to a copycat of the Bored Ape Yacht Club website, where a safeTransferFrom attack asked users to connect their MetaMask to the scammer’s wallet in order to participate in a fake Airdrop. At 9:53am ET, we alerted our community, removed all links to Instagram from our platforms and attempted to recover the hacked Instagram account,” said a spokesperson for Yuga Labs.
CoinDesk writes that the value of the 54 NFTs calculated by floor price is $13.7 million, though Yuga Labs claims the actual value is lower. Exactly how the hacker compromised Instagram is unknown as Yuga Labs says two-factor authentication was enabled at the time, and it followed “tight” security practices.
The hacker’s OpenSea page showed the account receiving the stolen NFTs. The marketplace says it has now banned the account for violating its terms of service.
Victims of the hack have been expressing their anger. “I’m at the point where I have to sue yugo over this hack. Im not walking away from $300k because their shit was hacked,” wrote one user (via Vice). No word yet on whether Yuga Labs plans to compensate those who lost NFTs due to the hack.
Phishing scams are a popular way of stealing NFTs. MetaMask recently warned Apple users to disable iCloud backups after a $650,000 phishing scam, and the method was believed to be used in an OpenSea theft earlier this year.