The world of NFT is again hit by a phishing attack. This time, it is the account Instagram Bored Ape Yacht Club, which was the target. Yuga Labs, the company behind this non-fungible token collection estimates the damage at nearly $3 million.
More stolen NFTs
Through a false advertisement announcing an airdrop, a “free” distribution of NFT, the hacker managed to fool 44 people. The false publication encouraged them to connect their MetaMask wallet in order to receive the precious token. The unfortunate people who fell for the trick signed a “smart contract”, a contract that allows transactions in cryptocurrencies, created from scratch by the malicious user to siphon off their wallets.
The fake ad used to fool subscribers to the Bored Ape Yacht Club Instagram account. Screenshot: Vice.
” The hacker posted a fraudulent link leading to an imitation of the Bored Ape Yacht Club site where a safeTransferFrom attack asked users to connect their MetaMask profile to the scammer’s wallet to participate in a fake airdrop. At 9:53 a.m. we alerted our community, removed all Instagram links on our platforms, and attempted to recover access to the account “, a Yuga Labs spokesperson said.
In total, 133 NFTs were stolen. Among them, 4 Bored Ape, 6 Mutant Ape and 3 Bored Ape Kennel Club. The estimated value of the loot at the time of the crime was 3 million dollars.
The hacker went through Instagram
The creators of one of the most highly rated NFT collections of the moment assure that they have done everything possible to secure access to their Instagram as best as possible. ” Two-factor authentication was enabled and security practices around the Instagram account were strict. Yuga Labs and Instagram are currently investigating how the hacker gained access to the account “, the company said in an emailed statement.
This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a ‘safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet.
– Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
” Instagram attacks aren’t new, but they often have a social engineering element “, says Jake Moore, global cybersecurity advisor at security firm ESET, to The Guardian.
Cases of theft and fraud are common currencies In the cryptocurrency and NFT world. Earlier this month, the Bored Ape Yacht Club, as well as other big collections, had already suffered a hack on their respective Discord servers.
The game Axie Infinity was also the target of an attack of the Lazarus group at the end of March. The North Korean hackers had seized 625 million dollars in cryptocurrencies.
