Hackers compromised the Instagram account and Discord server of the Bored Ape Yacht Club NFT project in an unknown way.
The attackers distributed a fake airdrop advertisement with a malicious link among subscribers, and eventually stole NFTs worth about $3 million.By the way, we recently talked about the fact that More than $600 Million in Cryptocurrency Was Stolen from NFT game Axie Infinity, and also that NFTs May Reveal Users’ IP Addresses.
Representatives of Yuga Labs, the company behind the Bored Ape Yacht Club, reported the hack on their official Twitter.
It is reported that through hacked accounts, attackers announced a fake airdrop, accompanying the ad with a malicious link, following which people got to a phishing site that outwardly imitates the official website of Bored Ape Yacht Club, where they eventually transferred control over their wallets to attackers.
Malicious ads
Interestingly, Yuga Labs claims that two-factor authentication was enabled for the hacked accounts and security measures were generally “tight”. The incident is currently being investigated, but it is still completely unclear how the attackers were able to gain access to the accounts.
According to OpenSea, 24 NFTs from the Bored Apes collection and 30 from the Mutant Apes changed ownership after the hack. However, it is noted that some NFT holders themselves could transfer tokens to other persons for security reasons. The value of these 54 NFTs is approximately $13.7 million.
Independent researcher Zachxbt shared a link to the hacker’s Ethereum address, which is currently flagged as phishing on Etherscan. Apparently, 134 NFTs arrived at this address in a few hours.
