Bad news for the Bored Ape Yacht Club. In the last few hours, a hacker managed to steal NFT worth $ 1 million, simply by hacking the collection’s Instagram account. Through a series of maneuvers, the hacker managed to post a phishing link on the profile that transferred tokens from users’ crypto wallets. The attack was announced by the BAYC Twitter account, which said yesterday morning: “There is nothing to be done today. It appears that the BAYC Instagram account has been hacked “.
Bored Ape Yacht Club victim of a hacker attack
In the last few hours, Twitter began to populate with tweets from users commenting on the hack suffered by the Bored Ape Yacht Club. The hacker reportedly activated an “airdrop”, i.e. the release of a free token, for all users who have linked their MetaMask wallet. Soon the thief began receiving more than a dozen NFTs from the projects Bored Ape, Mutant Ape e Bored Ape Kennel Club. All allegedly stolen from users who linked their wallets after clicking on the phishing link.
The hacker’s wallet was apparently linked to a profile on OpenSea. The platform required us to block the profile right away, as its terms of service strictly prohibit obtaining items fraudulently. Yet, given the decentralized nature of NFTs, the hacker’s wallet is also visible elsewhere. As far as we can see, they have been 134 NFTs were stolen at the Bored Ape Yacht Club, for a sale value that exceeds one million dollars. At this point, it remains to understand how the hacker managed to access the Instagram account. In fact, according to Yuga Labs, both two-factor authentication and security protocols were enabled at the time of the attack.
Typically, NFT owners never link their digital wallet to third party platforms. Still, the fact that the phishing link was sent via BAYC’s official account probably convinced victims that it was legitimate, thus raising difficult questions about the responsibility of the matter. At this point, it remains to be seen whether users will be compensated or not. Maybe.