The popular NFT collection Bored Ape Yacht Club is making headlines again, not for good reasons though. Bored Ape NFTs, allegedly worth $3 million, were stolen after hackers gained access to the collection’s Instagram and Discord accounts.
“This morning, the official BAYC Instagram account was hacked. The hacker posted a fraudulent link to a copycat of the BAYC website with a fake Airdrop, where users were prompted to sign a’safeTransferFrom’ transaction. This transferred their assets to the scammer’s wallet,” BAYC’s official Twitter handle explained.
Immediately upon discovering the hack, we alerted our community, removed links to the compromised IG account from our platforms and attempted to recover the account.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
A safeTransferFrom transaction is a type of function that allows senders to safely transfer NFTs to the recipient wallet. The function also checks whether the recipient is a valid ERC721 receiver contract before transferring the NFTs.
The hacker posted a phishing link on the collection’s Instagram account, presenting it as an airdrop wherein upon clicking, existing Bored Ape holders will receive a free allotment of land in the upcoming BAYC’s Otherside metaverse.
While details of the damage were not revealed, BAYC’s co-founder “Garga.eth,” revealed that at least four Bored Apes, six Mutant Apes, three Kennels, and other “assorted valuable NFTs” were stolen by the hacker.
The IG hack resulted in 4 Apes, 6 Mutants, 3 Kennels, and some other assorted valuable NFTs being lost. We will be in contact with the users affected and will post a full post mortem on the attack when we can. For now I would like to stress that 2FA was enabled on the account. https://t.co/bsc3tHt9QG
— Garga.eth (@CryptoGarga) April 25, 2022
In addition, as per data provided by Etherscan, more than 90 NFTs could be stolen resulting in estimated damage worth $3 million. Bored Ape developers are yet to find how hackers gained access to social media accounts despite two-factor authentication and security in place.
We will also NEVER announce mints on the BAYC or Otherside Instagram accounts first, ever. Only obtain information from our official Twitter accounts,” the company further informed