Popular NFT collection Bored Ape Yacht Club scarcely needed any introduction, especially to someone who knows about crypto. It turned out to be a crucial part of digital collectibles from the NFT space. Being one of the most well-known collections in the NFT market has also made it a popular target for scammers, hackers, and other sketchy characters.
The sophistication of exploits and hacks increases as the NFT market expands. This was prominently on show over the weekend when a clever plot led to the theft of a sizable portion of the Bored Ape collection.
Exploits and hacks that target users of Bored Ape are nothing new. Case studies surrounding the collection go back well over a year; we’ve seen a wide range of effective BAYC exploit attempts, from exploits involving the whole Discord server to vulnerabilities involving Hollywood actor Seth Green.
These exploits continue to highlight how important wallet security is for owners of the well-known NFT collection, despite the fact that Yuga Labs is not at fault. Furthermore, the majority of the main “blue chip” NFT collections contain these kinds of exploits, therefore Bored Ape Yacht Club is by no means the only collection that contains them.
The most recent instance of all of this occurred over the weekend and involved extraordinary levels of social engineering, serving as a sobering reminder to the community that these days, being diligent and detail-oriented is insufficient to secure your assets.
In the most recent breach, 14 Bored Ape Yacht Club NFTs were taken from a single owner using a complex plan that includes advanced social engineering.
The most recent hacks show how much effort and attention to detail today’s exploiters are ready to put in. In this instance, the hacker was able to rapidly sell the NFTs for slightly over $1M, or around 850 ETH.
A thorough thread from a well-known web3 security analyst deconstructs the tale succinctly and in great detail.
The hacker pretended to be a casting director at a LA-based studio looking to license an NFT in exchange for a sizable payment in the social engineering plan; while the studio exists, the pseudonym the hacker used does not. However, hours of calls, phony partnership proposals, false email domains, and other factors were the driving force behind this theft.
The plan had been developed for at least a few months. Another illustration of why cold storage is the safest solution for high-value NFTs and why contract signing or interaction can be extremely risky unless thoroughly checked beforehand. Using several wallets, verifying identities, and refraining from signing random signatures or transactions are crucial guidelines for NFT holders, the analyst stated in his thread.
Source: https://www.thecoinrepublic.com/2022/12/19/bayc-over-a-million-worth-nft-reported-stolen/