An Instagram phishing attack resulted in the theft of 91 Bored Ape Yacht Club NFTs, worth approximately $2.8 million.
BAYC, as it’s known in NFT circles, is run by Yuga Labs, one of the most mysterious NFT collectives in space, which recently raised $450 million at a valuation of $4.5 billion. .
🚨 There is no mint in progress today. It looks like BAYC Instagram has been hacked. Don’t hit anything, click on links, or link your wallet to anything.April 25, 2022
The exploit allowed attackers to steal BAYC NFTs from wallets that were tricked into accepting a fake airdrop, which is usually a method of distributing free NFTs or other digital assets.
BAYC’s Instagram account was used to promote LAND’s fake airdrop, according to The blockwhich is part of the organization’s larger plans to publish NFT-based games.
The attackers wallet received 91 NFTs from the saga, including four Bored Apes, six Mutant Apes and three Bored Ape Kennel Club NFTs, according to to BAYC co-founder Garga. The attacker also stole various other digital assets.
The IG hack resulted in the loss of 4 monkeys, 6 mutants, 3 kennels, and some other valuable NFTs. We will be in touch with affected users and will post a full post mortem on the attack when we can. For now, I want to point out that 2FA has been enabled on the account. https://t.co/bsc3tHt9QGApril 25, 2022
garga mentioned BAYC’s Instagram security practices were “tight” and “nothing of importance will ever be posted on Instagram again.”
Another disturbing Web3 exploit
Whether you think Web3 is the future or not, one thing everyone can agree on is that there is a ground of scams in the emerging space. Almost every week, people are losing crypto assets that are worth something, since the recent $600 million Axie Infinity hack.
This is mostly due to the extremely beggar-thy-neighbour nature of Web3 as it is, often outside of any clear oversight. NFT owners must take extreme measures to protect their assets, including casting a skeptical eye on airdrops that appear real.
Even a well-funded and notable institution like BAYC is not immune, as the latest example proves. On April 1, BAYC also had their Discord server hacked, for similar purposes.
BE CAREFUL. Don’t hit anything from any Discord just yet. A webhook in our Discord was briefly compromised. We caught it immediately, but be aware that we don’t do any stealth April Fools / airdrops etc. Other Discords are also under attack right now.April 1, 2022
The fact that a startup with $450 million – plus proceeds from the sale of its NFTs – cannot protect itself from hacks shows how far the Web3 industry has to go.