$3M Worth of NFTs Siphoned After Bored Ape Instagram Hack

Bored Ape Yacht Club, a non-fungible token marketplace selling "unique digital collectibles living on the Ethereum blockchain", announced that its Instagram account was temporarily taken over on Monday, April 25. As a result of the hack, roughly $3 million worth of digital assets.

Allegedly secure Instagram account compromised

The NFT marketplace posted a series of explanatory Twitter updates. In short, after the Instagram account was taken over by the hackers, the malicious party posted a fake link to a website set up to mimic the official Bored Ape Yacht Club (BAYC) website. Visitors to the fake page were greeted with a fake Aidrop, which prompted them to sign a 'safeTransferFrom' transaction, according to the Twitter updates. Doing this effectively transferred the assets of those who went for the bait into the wallet of the hacker.

BAYC removed the fraudulent link as soon as it was spotted, but it seems management is still unsure how exactly the attack succeeded in the first place. According to the Twitter posts, multi-factor authentication was enabled on the Instagram account and all security settings on the account "followed best practices".

The company running BAYC is currently investigating the incident. The way the assets stolen in the attack are described in the announcement can be a source of some confusion for those not familiar with NFTs. The hack of the BAYC Instagram attack led to the theft of "4 Bored Apes, 6 Mutant Apes, and 3 BAKC", along with "assorted other NFTs".

Victims urged to contact marketplace

BAYC stated that nobody will be contacted first by the company and any such efforts are once again scammers. Anyone affected by the hack can reach out to the company running the marketplace through email.

You will be forgiven if you're starting to lose track of the NFT-related incidents since the start of 2022 alone. The sudden emergence of a digital space populated by digital, primarily artistic assets that people collectively agreed are worth a lot of money, has created a fertile environment for hackers and various other malicious actors.

Two of the bigger incidents in the NFT space that took place recently were the theft of $1.7M stolen in a phishing attack in February and the arrest of two budding NFT entrepreneurs who were charged with FRAYDDD.

April 26, 2022