When it comes to crypto hacks, it seems like it’s the same story every time. Scammers take advantage of a vulnerability in a blockchain’s design and make off with millions, like in the US$600mil (RM2.6bil)-plus heist involving the play-to-earn NFT game Axie Infinity and the US$77mil (RM334mil) theft that took place Saturday on decentralised finance projects Rari Capital and Fei Protocol.

But a US$3mil (RM13mil) hack last week involving nonfungible tokens from the popular Bored Ape Yacht Club (BAYC) universe exploited a different kind of weakness that isn’t unique to blockchain.