Phishing attack is the latest in a string of recent NFT hacks
- Over $3 million worth of NFTs stolen in Instagram phishing hack.
- 91 NFTs stolen in total, including 4 BAYC, 7 MAYC, 3 BAKC and 1 CloneX.
- Yuga Labs immediately alerted its community and removed links from the compromised IG account. But the damage was done.
Yesterday morning, Bored Ape Yacht Club was the victim of another malicious hack. Hackers broke into BAYC’s Instagram account and used a phishing scheme to steal over $3 million worth of precious NFTs.
Bored Ape Yacht Club announced yesterday that its Instagram account had been hacked and a phishing scam had been deployed to cheat holders out of their NFTs.
BAYC’s official Discord channel warned users in capital letters: ‘THERE IS A FAKE LAND MINT WEBSITE BEING SHARED BY THE BAYC IG. DO NOT MINT ANYTHING.’
The hackers broke into BAYC’s real Instagram account and advertised a fake land airdrop. As per the official BAYC Twitter page, ‘the hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a “safeTransferFrom” transaction. This transferred their assets to the scammer’s wallet’.
According to blockchain detectives, 91 NFTs were stolen in total, amounting to more than $3 million. Digital sleuth zachxbt even posted a link to the hacker’s etherscan address, where anyone is free to view the transactions. It’s certainly an odd sight to see Clone X and Bored Ape Kennel Club NFTs being transferred for $0.
So far, anyone with any authority is doing what they can to limit the hacker’s ability to move the stolen NFTs. Etherscan has blacklisted the account with a Fake_Phishing label and OpenSea has blocked their profile.
Using DappRadar’s Portfolio tracker, we can see the wallet the scammer used to initially store the NFTs here. But the stolen goods are long gone from there and the legion of blockchain detectives are busy searching for where they’ve gone. It’s too early to say exactly who is guilty and where the loot currently sits, but one Twitter user thinks they’ve found where the stash is stored.
In terms of how, or if, the unfortunate victims will recover their NFTs, that remains to be seen. Anonymity is a key feature of blockchain technology. But we have seen various crypto hackers being captured by authorities based on their on-chain behavior.
In a world where speed matters, mistakes are inevitable
This is not the first time that Bored Apes have been misappropriated. Thefts from OpenSea have been in the news recently and it seems a sad inevitability that as long as there is money to be stolen, someone will steal it.
The fast-paced nature of NFT trading is also the perfect environment for thieves to effectively carry out their dirty business. The difference between being the first to mint an NFT and missing out altogether can be a matter of seconds.
With these sorts of time pressure, it’s no wonder so many people fell for this latest scam. It came directly from the real BAYC Instagram account and with rumors already swirling about a potential land sale, the hacker’s airdrop story works.
So without thinking too much, people rushed to get their hands on the hot commodity. In the process, they got burnt.
There is no solution, at the moment, to this frantic system. Making sure you do your due diligence is the best advice you can follow.
You can use DappRadar’s NFT trackers and tools to help you verify whether or not a dapp, token or NFT is legit. Our Twitter page sends out the latest updates quickly so when we hear of a scam, our followers will be the first to know. You can also stay tuned to our blog to get the latest stories and analysis.