Bored Ape Yacht Club’s Instagram account hack led to NFTs theft
An unknown hacker compromised the official Instagram account of Bored Ape Yacht Club (BAYC) and posted a phishing link. This phishing attack transferred tokens out of users’ crypto wallets. It seems Bored Ape Yacht Club’s Discord server was also hacked to spread the phishing link.
The phishing link claims that users could mind ‘land’ in the upcoming OthersideMeta. Users who clicked the link have been compromised. The phishing link takes users to a fake website that looks exactly similar to Bored Ape Yacht Club’s website. The phishing link asks users to connect their MetaMask to the scammer’s wallet for participating in a fake Airdrop. A series of Bored Apes and Mutant Apes were transferred to new wallets.
At the time of writing this article, around 24 Bored Apes and 30 Mutant Apes have been transferred according to recent OpenSea transfers. The value of these NFTs is around $13.7 million calculated by floor price. Some of these may be genuine transfers. The company has confirmed a rough estimation of losses. It says that 4 Bored Apes, 6 Mutant Apes, and 3 BAKC along with assorted other NFTs are estimated at a total value of ~$3m.
The company’s spokesperson said that Yuga Labs and Instagram are still investigating how the account was compromised.