Bored Ape Yacht Club NFTs stolen in Instagram phishing attack

Published at: April 25, 2022

As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers.

Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link.

Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from CoinGecko, the floor price of each BAYC NFT is around 139 Ether (ETH), or $400,726. Thus, if the reports are authentic, more than $40 million worth of assets have been lost in the attack. However, the numbers may only represent the lower end of the estimate, as it is based on the floor price. 

There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.

— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022

At the time of publication, it is unclear how hackers gained access to BAYC’s official Instagram account. While social media users point out the importance of two-factor authentication as an effective deterrent against unauthorized log-ins, others say that such methods are not entirely foolproof and can be, in fact, compromised via a SIM-card swap.

BAYC has grown to become an all-time favorite NFT collection in the crypto realm, generating more than $1 billion in sales in 2021. The collection’s supply is fixed at 10,000 NFTs. More than 38,748 ETH worth of Apes were traded on OpenSea in the past 30 days. 

Tags
Nft
Related Posts
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Security firms are making it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …
Adoption / Feb. 23, 2022
Crypto giants co-launch Chainabuse platform to water down rising scams
Seven major crypto companies — Binance.US, Circle, Solana Foundation, The Aave Companies, Hedera, TRM Labs and Civic — joined hands to launch a community-driven scam reporting tool. Named Chainabuse, the tool aims to enable crypto users to issue warnings and discuss ongoing fraudulent activity such as scams and hacks in real-time. Launched on Wednesday, the Chainabuse platform aims to counter the ongoing scams plaguing the crypto ecosystem. On May 4, Cointelegraph warned the community about the rise in Ape-themed airdrop phishing scams. Chainabuse serves as a one-stop-shop platform for crypto users, victims of financial crimes and crypto businesses to actively …
Adoption / May 18, 2022
Google Ads-delivered malware drains NFT influencer’s entire crypto wallet
An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found in a Google Ad search result. The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts. Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing …
Blockchain / Jan. 16, 2023