The NFT world is once again hit by a phishing attack. This time, the Bored Ape Yacht Club Instagram account was the target. Yuga Labs, the company behind this collection of non-fungible tokens, estimates the damage at nearly $3 million.
More stolen NFTs
It was through a false advertisement announcing an airdrop, a “free” distribution of NFTs, that the hacker managed to fool 44 people. The misleading post urged them to connect their MetaMask wallet in order to receive the valuable token. The unfortunates who fell into the trap signed a “smart contract”, an intelligent contract which allows transactions in cryptocurrencies to be authorized, created from scratch by the malicious user to siphon off their wallets.
German wind turbines, new targets for Russian pirates?
The fake ad used to fool followers of the Bored Ape Yacht Club Instagram account. Screenshot: Vice.
” The hacker posted a fraudulent link leading to a fake Bored Ape Yacht Club site where a safeTransferFrom attack asked users to connect their MetaMask profile to the scammer’s wallet in order to participate in a fake airdrop. At 9:53 a.m. we alerted our community, removed all Instagram links on our platforms and attempted to regain access to the account said a Yuga Labs spokesperson.
A total of 133 NFTs were stolen. Among them, 4 Bored Ape, 6 Mutant Ape and 3 Bored Ape Kennel Club. A booty estimated at 3 million dollars at the time of the facts.
The hacker went through Instagram
The creators of one of the most popular NFT collections of the moment claim to have done everything possible to secure access to their Instagram as best as possible. ” Two-factor authentication was enabled and security practices around the Instagram account were strict. Yuga Labs and Instagram are currently investigating how the hacker gained access to the account. the company said in an emailed statement.
This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
” Instagram attacks aren’t new, but they often have an element of social engineering says Jake Moore, global cybersecurity advisor at security firm ESET, to The Guardian.
Cases of theft and scams are commonplace in the world of cryptocurrency and NFTs. Earlier this month, the Bored Ape Yacht Club, along with other big collections, had already suffered a hack on their respective Discord servers.
The Axie Infinity game was also the target of an attack by the Lazarus group at the end of March. North Korean hackers had seized $625 million in cryptocurrencies.