Gate.ioBlogThe Official Bored Ape Yacht Club Instagram account hacked with over $13.7 Million worth of BAYC NFTs stolen.
The Official Bored Ape Yacht Club Instagram account hacked with over $13.7 Million worth of BAYC NFTs stolen.
11 May 18:16
Monday, April 25, 2022, Hackers got total control of the Official Instagram Handle of the Bored Ape Yacht club (BAYC). The phishing takeover led to over 91 Apes, Mutants, and Kernel NFTs being lost by many users, worth approximately 13.7 Million USD and more based on the floor price of the digital assets.
The hacker used the Instagram account to provide a fake airdrop and a faux link to a clone website. The airdrop required users to sign a transaction known as "safeTransferFrom," which sent NFTs to the hacker's wallet. The hacker carefully planned this attack to have a connection with the upcoming metaverse game of the Yuga Labs named 'OthersideMeta'. The linked website falsely claimed that Yuga Labs, the creator of the Bored Ape, was giving away free NFT land for its future Otherside metaverse game.
The Bored Yacht Ape Club team, on the other hand, announced on Twitter that the team coordinated no such action and that it was a hack. 'There is no mint going on today,' they said. BAYC's Instagram account appears to have been hacked. "Do not mint anything, click any links, or connect your wallet to anything."
It is sad to note that this information came late, and before the response, many investors had already lost their NFTs to this Theft.
source: Twitter @melbo.et
The Hacking Process
Yuga labs, the Famous Creator of the Renowned NFTs collection, the Bored Ape Yacht Club, has taken to its Twitter account to admit the attack on its Instagram account in the early hours of April 25 and immediately warned its community members not to mint any NFT clearly stating that the airdrop announcement and link on its Instagram page was dropped by hackers who had gotten control of the clubs official Instagram account despite their security measures.
It was confirmed that the hacker connected his NFT wallet to a fake minting link he provided on the account, which connected users to a lookalike BAYC website where he displayed the false information of the airdrop. According to the announcement on the fake website, everyone who linked their Metamask or Ethereum enabled wallet would get a free airdrop of virtual land, even if they didn't possess a Bored Ape. This land was related to BAYCs upcoming metaverse project 'OthersideMeta', which is projected to be launched on April 30, 2022, by Yuga Labs. The Co-Founder of Yuga labs, @CryptoGarga, in his statement about the hack, tweeted
'The IG hack resulted in 4 Apes, 6 Mutants, 3 Kennels, and some other assorted valuable NFTs being lost. We will be in contact with the users affected and will post a contact the affected users andr now, I would like to stress that 2FA was enabled on the account.'
It is still unknown how the hacker got access to the Twitter account with the two-factor authentication enabled, a security mechanism that should have made illegal access exceedingly tricky. However, according to BAYC regarding this incident, they are currently working with Instagram and investigating the incident and would also get in contact with those who lost their NFTs. According to their report, a smaller number of NFTs were stolen.
More detailed research performed by @zachxbt, the Freelance Crypto Investigator who followed the link and dropped the hacker's Ether address, revealed 91 NFTs, including 3 BAKC, 4 BAYC,7 MAYC,1 CloneX, and other NFTs, were transferred into the Hackers wallet during the hacking period. He traced the hacker moving the stolen funds from the NFTs to three different centralised exchange wallets through his on-chain analysis.
Source: @zachxbt
Uncertain Value of Missing Digital Assets
At the time of this writing, the particular amount of Worth in Monetary value and the total number of NFTs stolen are still yet to be confirmed as several research teams have come up with several varying values. According to CoinDesk, 24 Bored Apes and 30 Mutant Apes stolen are worth $13.7 Million based on their floor price, While Perkshield, a Blockchain security firm, maintained that the BAYC Instagram attack resulted in the Theft of 765.3ETH and about 91NFTs.
This is not the first attack on BAYC Collection, as it was recalled that a similar attack was performed on April 1, where her discord channel was also hacked. Some community members' believed this should have made the team improve their social media security on all fronts. In addition, the company has stated not to announce any of its essential updates forward on Instagram.
BAYC's Steps towards Security
The Bored Ape Yacht Club NFT collection is still considered the company's most valuable asset. Despite Yuga Labs' recent acquisition of Cryptopunks from Larva Labs, The BAYC is a collection of over 10,000 Unique NFTs built on the Ethereum Blockchain, which grants owners some exclusive club membership privileges.
In March, Yuga Labs launched a new Know Your Customer (KYC) procedure, which was received with fierce opposition from the community. However, the team claimed that this was important for the company regarding its next level, moving beyond just a nominal NFT project. With initiatives like this and more, we believe Yuga Labs should be able to protect its community members from future attacks from scrupulous hackers.
Conclusion The rate at which NFT scams are on the increase is quite alarming. The toll is that top and famous NFT projects also fall prey to petty scammers who deceive ignorant NFT enthusiasts robbing them and disappearing with valuable digital assets and NFTs of Huge monetary value. These theft activities are a call for a more security-conscious NFT community.
Author: Gate.io Observer M. Olatunji Disclaimer: * This article represents only the views of the observers and does not constitute any investment suggestions. *Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.
This page is not intended for residents and citizens of Spain, Cuba, Bolivia, Venezuela and other Spanish-speaking jurisdictions listed in the Restricted Locations related terms of Gate.io's User Agreement.Español
This page is not intended for residents and citizens of France, Canada and other French-speaking jurisdictions listed in the Restricted Locations related terms of Gate.io's User Agreement.Français (Afrique)