Another day, another multi-million-dollar Bored Ape NFT heist.
A total of $3 million worth of tokens were stolen from BAYC after their Instagram account was hacked, reports The Register. This was done primarily via phishing: the hackers tricked people into clicking on a copycat website which was designed to steal the assets.
It was reportedly a fake promo NFT giveaway that gave way to this latest Bored Ape NFT heist. Once the hackers were done, they managed to make off with six Mutant Apes, four Bored Apes, and three Bored Ape Kennel Club tokens. Aside from that, they also stole a variety of other NFTs for a total stolen value or roughly $3 million.
BAYC acknowledged the hack on their IG account via Twitter, while also warning users to not mint anything, not click links, or not link their wallets to anything:
🚨There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club 🍌 (@BoredApeYC) April 25, 2022
A spokesperson for Yuga Labs, the collective responsible for creating the Bored Ape Yacht Club, has stated that they're already working out things with any affected users. They also mentioned that the hack happened even if they were implementing "tight" security on their Instagram, which included two-factor authentication.
How The Hackers Did It
As previously mentioned, the attack was done by phishing. Users were promised a "free airdrop" of a land within the metaverse, according to a report by CNET. Then they were given a link to a copycat website which likely looked legitimate enough, where they unknowingly linked their MetaMask wallets to that of the hackers.
BAYC users were hoping that they'd get a free allotment of land in the Otherside metaverse, only to fall into a trap. In the end, it wasn't just Bored Ape NFT assets being stolen. Among these was a $54,000 Clone X NFT, which was perhaps one of the most valuable assets stolen from the collection.
Not The First Bored Ape NFT Heist - In Mere Months
This new Bored Ape NFT heist is definitely not good for the image of NFTs as a whole - considering that the collection has already been jacked earlier this year.
That one saw the crooks steal around $1.5 million from the debut of Bored Ape Yacht Club's ApeCoin cryptocurrency. To do so, the hackers, claimed a massive amount of tokens using NFTs they didn't own at first, then subsequently performing fake flash loans. These loans were given and paid back all in one transaction on the blockchain, as per the original The Register report.
For now, the stolen tokens from BAYC were already being sold on marketplaces as of this moment. Four of these tokens were just sold on LooksRare for 540 ETH (around $1.6 million). The other unsold ones were given a "suspicious activity" label on the marketplace OpenSea. But despite this label, there really is nothing stopping the hacker/s from offloading their loot.
In total, 134 monkeys were sent straight to the hackers' wallets, writes LADBible. By the time that BAYC's warnings were posted, it was already too late.
This article is owned by Tech Times
Written by RJ Pierce
