Bored Ape Instagram hack cost NFT owners US$3mil

The Bored Ape Yacht Club non-fungible token (NFT) collection on the OpenSea marketplace on April 8, 2022. Hacked owners cumulatively lost four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs – together worth roughly US$3mil. — Bloomberg

Hackers made away with about US$3mil (RM13.06mil) worth of some of the world’s most popular nonfungible tokens after gaining access to the Instagram account belonging to the Bored Ape Yacht Club (BAYC) collection.

Once in, the hackers uploaded a post that linked to a cloned version of BAYC’s official website and included an offer of free crypto tokens. Anyone who tried to claim the free tokens by authenticating and connecting their digital wallets to the fraudulent site instead gave the hackers free rein to access and transfer their NFTs and other cryptoassets.

“Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account. We’re still investigating,” BAYC owners Yuga Labs said in a statement. The Instagram account was protected with two-factor authentication, the company said. Instagram did not return a request for comment.

Hacked owners cumulatively lost four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs together worth roughly US$3mil (RM13.06mil), Yuga said. The average price of a Bored Ape, which rank among the most popular and sought-after, is currently more than US$430,000 (RM1.87mil), per tracker DappRadar.

It’s not the first time scammers have targeted affluent crypto owners, nor is it the first hack targeting BAYC. Earlier this year, 17 users of NFT marketplace OpenSea lost a slew of tokens to a phishing attack. Other people have been fooled by hackers selling them NFTs that turned out to be unauthorised fakes.

“In this case we saw a hacker hack an Instagram account in order to set up an elaborate fraud,” said Ari Redbord, a former federal prosecutor who is now the head of legal and government affairs at TRM Labs, a blockchain intelligence company. “We are seeing more and more hacks and scams perpetrated on crypto businesses from exchanges to Axie Infinity to NFTs. One thing that many of these hacks have in common is social engineering and some degree of human error.”

Ronghui Gu, CEO of blockchain security firm CertiK, said that since the BAYC Instagram account used two-factor authentication, it’s likely that hackers gained access to the account by tricking an administrator through social engineering. This practice involves using personal or professional information to gain someone’s trust, enabling a scammer to then elicit additional data or credentials for a sensitive or valuable account. – Bloomberg

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

NFTs , hacker


Next In Tech News

Exclusive-Grab sees no big layoffs despite weak market
Opinion: Profits and security? Who cares
Opinion: Just reboot it
Tech workers flooded Hawaii in the pandemic. With remote work on the decline, what now?
‘Omega Strikers’ is a mish-mash of genres that somehow works
Australia's Optus contacts customers caught in cyber attack
A world without passwords: What Big Tech's switch to Fido 2 means
Hanoi closes Instagram hotspot 'Train Street' over safety concerns
’FIFA 23’ will let you play as fictional football coach Ted Lasso
Bankrupt crypto lender Voyager's CFO to exit months after appointment

Others Also Read