Fraudsters hacked Bored Ape Yacht Club’s Instagram and Stole $3 Million Worth of NFTs

Hackers compromised the Instagram account and Discord server of the Bored Ape Yacht Club NFT project in an unknown way.

The attackers distributed a fake airdrop advertisement with a malicious link among subscribers, and eventually stole NFTs worth about $3 million.

By the way, we recently talked about the fact that More than $600 Million in Cryptocurrency Was Stolen from NFT game Axie Infinity, and also that NFTs May Reveal Users’ IP Addresses.

Representatives of Yuga Labs, the company behind the Bored Ape Yacht Club, reported the hack on their official Twitter.

Bored Ape Yacht Club

It is reported that through hacked accounts, attackers announced a fake airdrop, accompanying the ad with a malicious link, following which people got to a phishing site that outwardly imitates the official website of Bored Ape Yacht Club, where they eventually transferred control over their wallets to attackers.

Bored Ape Yacht Club
Malicious ads

Interestingly, Yuga Labs claims that two-factor authentication was enabled for the hacked accounts and security measures were generally “tight”. The incident is currently being investigated, but it is still completely unclear how the attackers were able to gain access to the accounts.

According to OpenSea, 24 NFTs from the Bored Apes collection and 30 from the Mutant Apes changed ownership after the hack. However, it is noted that some NFT holders themselves could transfer tokens to other persons for security reasons. The value of these 54 NFTs is approximately $13.7 million.

Independent researcher Zachxbt shared a link to the hacker’s Ethereum address, which is currently flagged as phishing on Etherscan. Apparently, 134 NFTs arrived at this address in a few hours.

Yuga Labs says there were far fewer casualties. According to the company, 4 NFT Bored Apes, 6 Mutant Apes, and 3 BAKC were stolen during the attack, with a total value of approximately $2.7 million.
I just lost over 100 ethers on this. [It was] the official Instagram and the site looked real. Now I am in a situation where I will have to sue Yugo over this hack. I won’t give up my $300,000 because their shit got hacked.writes one of the victims.
It’s like watching a group of people run into a burning building that says ‘free money’.other users gloat.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button