Bored Ape Yacht Club Hacked Again, Losses in the Millions over Instagram Phishing Post
The multibillion-dollar collective, behind the iconic Bored Ape Yacht Club non-fungible tokens, ‘Yuga Labs’, has recently been hit with another hacking attack, one of several carried out by dark web hackers in pursuit of stealing millions of dollars in ape-themed NFTs.
The cartoon apes are a series of algorithmically generated images, and are one of the most popular type of NFTs by going as far as to shape both the market and consumer demand. What makes these tiny, niche pieces of artwork so valuable? They’re one of the first examples of digital assets you see out there, as a form of artwork whose ownership is kept on a decentralized ledger of transactions similar to those used by cryptocurrencies, like Bitcoin and Ethereum.
According to BAYC, the hacker took over the Instagram account temporarily, and published a phishing post that tricked hundreds of followers by having them click on it link. Their crypto wallets were then connected to the dark web hackers’ “smart contract” – a mechanism for executing a crypto transaction. As a result, the hackers was able to take the assets stored in the wallets and seize control of various NFTs – which raked up a sum of $3 million – along with four Bored Apes.
Hackers Target Celebrity’s NFT Assets
Considering the Bored Ape Yacht Collection is one of the most notable NFT collections, BAYC holders, many of which are celebrity owners like Madonna and Eminem, are often prime targets for theft perpetrated by dark web hacking groups.
For example, one pseudonymous owner, “s27”, lost a $500,000 ape collection after being duped into exchanging it for counterfeits. The scammer created NFTs that were visually identical to the BAYC images, save for the green tick symbol meant to symbolize the “verified” icon of the platform used for the trade.
In December alone, Ape holder, Todd Kramer, revealed his own loss of $2.2m in a tweet. Kramer had fallen victim to a similar hack as s27, but was able to recover a fraction of his stolen Apes with the help of the NFT trading platform OpenSea – but not before the statement “all my apes gone” was widely criticized online by those who questioned the legitimacy of the NFT craze.
As of now, BAYC creators, Yuga Labs has released a public statement, stating that both they and Instagram are investigating the methods behind the hacker’s access to the Bored Ape account, considering two-factor authentication was enabled, and the IG account’s security standards were tightly sealed – Ironclad.