Scammers and hackers continue to target Bored Ape Yacht Club (BAYC). After the ApeCoin debacle that saw scammers out in full force, now news has emerged that the official Instagram account of BAYC has been hacked and has scammed users out of their valuable NFTs, with several falling victim to the hacker.
BAYC Warns Users About Hack
The hacker managed to steal 91 NFTs worth an estimated $2.8 million, thanks to a phishing attack carried out through the official Bored Ape Yacht Club Instagram handle. The company revealed some details about the hack through an official tweet and warned its followers not to engage with the account, click on any links posted by the account, mint new tokens, or share their seed phrase.
“This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.”
Fake Updates And Fake Links
The hacker tricked users by sending a fraudulent link for a fake airdrop to all followers. The link led to a copycat website offering free Land in BAYC’s upcoming metaverse, Otherside. The users were directed to another link, which contained a safeTransferForm attack. Once clicked, the attack connected the user’s MetaMask wallet with the scammer’s wallet and drained all of the victim’s assets.
A Significant Haul
It is estimated that the hacker stole 54 Bored Ape Yacht Club and Mutant Ape NFTs. According to available data, the hacker’s wallet currently holds 91 NFTs. Data from Zerion has further established that the NFTs are worth nearly $2.8 million, based on the floor prices of the collections. The stolen items contain four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs. The hacker had also managed to steal one CloneX and other NFTs from collections such as EightBit, Alien Fren, Toxic Skull club, and more.
Bored Ape co-founder Garga stated that the team will be in contact with affected users and will conduct a thorough post-mortem of the attack.
“We will be in contact with the users affected and will post a full post-mortem on the attack when we can. For now, I would like to stress that 2FA was enabled on the account.”
Garga also stated that only 10 Bored Ape and Mutant Ape NFTs were stolen, although numerous reports and tweets put that figure over 50.
NFTs In The Crosshairs
This incident is the latest in a string of high-profile NFT hacks in recent memory. Bored Ape’s Discord server was hacked earlier this month and saw a similar phishing attempt. The largest NFT marketplace, OpenSea, has also been the target of hacks, with NFTs worth millions stolen from users. OpenSea responded to the exploit after discovering that hackers took advantage of the platform’s upgrade process and swindled users out of millions. This resulted in a $1 million lawsuit for OpenSea, filed by an individual who lost his Bored Ape Yacht Club NFT thanks to the bug.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2022/04/hacked-bayc-instagram-account-scams-users-out-of-millions