Yuga Labs, the collective behind the infamous Bored Ape Yacht Club non-fungible tokens, has been targeted by another cyber attack, or so called phishing attack. In a phishing attack, a criminal poses as someone else, in order to break in. The hackers gained access to the Instagram profile of the Bored Ape Yacht Club. In the attack, 133 NFTs were stolen, which together are estimated to be worth about 2.4 million dollars (more than 2.2 million euros).
Once in the account, the malicious hacker shared a fraudulent link to a fake Bored Ape Yacht Club website. People were promised free NFTs if they linked their wallets, but instead the hacker was able to take over their wallets.
In a tweet the bored Ape club said the following, “This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.”
In the process, the hacker was able to seize control of four Bored Apes, as well as a host of other NFTs.
An NFT (non-fungible token) is a unique digital proof that shows that you own a certain piece of data that you can buy and sell, such as a digital artwork or the first Twitter message.
The stolen four ‘Bored Apes’ together have a value of about 1 million euros. The most expensive among them was Bored Ape 6623, which recently sold for 123 Ethereum, about 345,500 euros.
Bored Ape Yacht Club says it now has access to the Instagram account again. The malicious links have been removed. The NFT maker says it is investigating the situation and asks victims to contact them.
Yuga Labs and Instagram are now investigating how the hacker was able to gain access to the account. Apparently the two-factor authentication was enabled and the security practices surrounding the IG account were very tight.