No monkey business: Bored Ape Yacht Club hacked
Updated: Apr 29
Yuga Labs, the collective behind the Bored Ape Yacht Club (BAYC) NFTs, was targeted in a hacking attack via Instagram this week. Approximately USD$3 million worth of the BAYC NFTs were stolen after a hacker seized control of the BAYC Instagram account, and subsequently sent a phishing post that followers clicked on.
Users' crypto wallets were then connected to the hacker's smart contract, enabling the hacker to steal the NFTs held within their wallets.
Blockchains are near impossible to hack, so attacks focus on theft of private keys, and often use elements of social engineering. Global security adviser at ESET - Jake Moore - said:
Unfortunately, however, this takeover has had a huge consequence and resulted in a mass robbery of digital assets. Similar to when physical art is stolen, there will be questions over how they would now be able to sell on these assets, but the problems in NFTs still prevail and users must remain extremely cautious of this still very new technology.
Earlier this month, a user - referred to as s27 - lost roughly $500,000 worth of BAYC NFTs as a result of a similar scam. In that case, s27 was induced into entering into transactions to 'swap' his legitimate BAYC NFTs for 'new' versions of those NFTs with a false verification sticker on them.
Representatives from Yuga Labs were quick to respond, saying:
Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. Two-factor authentication was enabled and the security practices surrounding the IG account were tight.
This is a timely reminder for NFT holders to remain vigilant and aware of the increasingLy creative ways malicious actors are trying to steal crypto assets.
The best cure is always prevention, checking URLs to ensure they are legitimate, and researching any offers or which seem like a time limited deal or something too good to be true.