Bored Ape Instagram hack cost NFT owners US$3mil


The Bored Ape Yacht Club non-fungible token (NFT) collection on the OpenSea marketplace on April 8, 2022. Hacked owners cumulatively lost four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs – together worth roughly US$3mil. — Bloomberg

Hackers made away with about US$3mil (RM13.06mil) worth of some of the world’s most popular nonfungible tokens after gaining access to the Instagram account belonging to the Bored Ape Yacht Club (BAYC) collection.

Once in, the hackers uploaded a post that linked to a cloned version of BAYC’s official website and included an offer of free crypto tokens. Anyone who tried to claim the free tokens by authenticating and connecting their digital wallets to the fraudulent site instead gave the hackers free rein to access and transfer their NFTs and other cryptoassets.

“Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. We’re still investigating,” BAYC owners Yuga Labs said in a statement. The Instagram account was protected with two-factor authentication, the company said. Instagram did not return a request for comment.

Hacked owners cumulatively lost four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs together worth roughly US$3mil (RM13.06mil), Yuga said. The average price of a Bored Ape, which rank among the most popular and sought-after, is currently more than US$430,000 (RM1.87mil), per tracker DappRadar.

It’s not the first time scammers have targeted affluent crypto owners, nor is it the first hack targeting BAYC. Earlier this year, 17 users of NFT marketplace OpenSea lost a slew of tokens to a phishing attack. Other people have been fooled by hackers selling them NFTs that turned out to be unauthorised fakes.

“In this case we saw a hacker hack an Instagram account in order to set up an elaborate fraud,” said Ari Redbord, a former federal prosecutor who is now the head of legal and government affairs at TRM Labs, a blockchain intelligence company. “We are seeing more and more hacks and scams perpetrated on crypto businesses from exchanges to Axie Infinity to NFTs. One thing that many of these hacks have in common is social engineering and some degree of human error.”

Ronghui Gu, CEO of blockchain security firm CertiK, said that since the BAYC Instagram account used two-factor authentication, it’s likely that hackers gained access to the account by tricking an administrator through social engineering. This practice involves using personal or professional information to gain someone’s trust, enabling a scammer to then elicit additional data or credentials for a sensitive or valuable account. – Bloomberg

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
NFTs , hacker

Others Also Read