NFTs Stolen As BAYC Instagram Account Gets Hacked

Bored Ape Yacht Club is one of the foremost holders of NFT collections.

The BAYC non-fungible token collection is built on the Ethereum blockchain.

BAYC collections are cartoon ape pieces and were first launched into the Nft marketplace in April 2021.

As of 2022, over $1 billion worth of Bored Apes has been sold to prominent individuals, including Neymar, Post Malone, and Serena Williams.

The phishing attack was deployed on the verified Instagram page of BAYC.

The hacker gained access to the Instagram page and changed the link on the page to a fake airdrop phishing link.

Everyone that had their blockchain wallet connected to their devices lost their NFTs as soon as they clicked the link.

Some stolen digital assets include 4 Bored Apes, 6 Mutant Apes, and 3 Bored Ape Kennel Club (BAKC).

The worth of the attack is estimated to be about $3million.


Over the years, several individuals have fallen victim to different forms of attack and hacking on their wallets. As blockchain developers improve security features, these hackers still have their ways.

While the attack on the Bored Ape Yacht Club Instagram account is not the first and won’t be the last, it is one of the attacks with huge loss.

Before moving to how the attack occurred and the form of attack deployed, we shall examine the uniqueness of BAYC NFT collections.


The Bored Ape Yacht Club

---

The Bored Ape Yacht Club is a prominent NFT creator, collector, and holder owned by Yuga Lab. This Non-fungible token collection is built on the Ethereum blockchain.

The BAYC collection features cartoon apes that are generated by special algorithms. The first Bored Ape was released in April 2021.

As of 2022, over $1 Billion worth of Bored Ape Yacht NFT has been sold. Some of the holders of BAYC include Neymar, Snoop Dogg, Serena Williams, Post Malone, and a host of others.

The BAYC has a collection of 10000 unique Bored Ape pieces stored on the Ethereum blockchain. The purchase of a Bored Ape piece makes you a member of the virtual club and an owner of the unique piece.

Some other benefits of owning a Bored Ape NFT include an exclusive discord server, access to additional NFTs, the ApeCoin token, the BAYC BATHROOM, etc.

For an NFT collection that started trading at 0.08 Eth in 2021, it is now being sold for six figures, and it is expected to be worth more in a few months.

We can now move to the details of the attack on BAYC.


Details Of The Phishing Attack

---

The Bored Ape Yacht Club (BAYC) is one of the prominent collectors and creators of NFT pieces. Therefore, it was shocking to hear that such a verified Instagram page was hacked.

Prominent individuals and celebrities like Steph Curry, Post Malone, and Jimmy Fallon are holders of these highly-valued NFT pieces.

A report states that the hackers deployed a phishing link to the users, holders, and followers of the BAYC Instagram account. The hacker sent the phishing link that contained a fake airdrop link.

Since BAYC is expected to launch a project in the upcoming week, the hackers used that advantage to send the link, and the unsuspecting followers felt it was an airdrop in respect to the upcoming launch.

All followers that had their blockchain wallet connected to their NFT account fell for the scam and got their digital assets siphoned away from their wallet to the hacker’s wallet.

According to some reports, about 4 Bored Apes, 6 Mutant Apes and 3 Bored Ape Kennel Club (BAKC), and other assorted NFTs were stolen. According to Gizmodo, the Spokesperson of BAYC, about $3million worth of digital assets were lost to the phishing attack.

It took a while before the BAYC team knew of the attack. Immediately after they got hold of the information, the team deleted the fake links from their Instagram account to avoid other users falling into the trap.

According to the Bored Ape Yacht Club team, it is still a mystery how the hacker accessed their Instagram account. It was revealed that two-factor authentication was activated for the account, and there were other tight security measures in place.

A look into the account of the scammer on Rarible showed that the wallet has 134 NFTs, that include 4 Bored Ape and several other pieces made by Yuga Labs.

Another account says that about 765.3 ETH was diverted from the BAYC account alongside the stolen NFTs. It is also circulated that out of the stolen Ethereum, 1.6 ETH was donated to Ukraine's Crowdfunding wallet.

This attack is becoming incessant. Some time ago, a Bored Ape holder with the name "s27" reported the loss of his Bubblegum Ape and Matching Mutants valued at about $567,000. The NFTs disappeared from his wallet after swapping at an exchange platform named "Swap Kiwi."


The Worth Of The Stolen NFT Pieces

---

According to the online information, each stolen BAYC piece is worth a fortune. According to their recent sales price and market value, the lowest priced of the Apes, #7203, was last sold for 47.9 ETH.

Ape #6778 was sold for 88.88 ETH; Ape #6178 was last sold for 90 ETH, and Bored Ape #6623 was sold for 123ETH, making it the most valuable among the entire NFTs that were stolen.

It is estimated that the value of the four stolen Apes is about $1 million.

In a different account by Peckshield, a Blockchain security firm, they put the value of the stolen NFT at $2.7 million, and Coindesk put the floor price of the 24 Bored Apes and 30 Mutant Apes at about $13.7 million.


Conclusion

---

Phishing attacks on NFT collections are becoming incessant. The users that clicked the link on the BAYC Instagram account could never have doubted the authenticity of the link since it was on the verified Instagram page.

BAYC has retrieved their account, but many valuables have been lost. The company urged all the attack victims to reach out to them immediately. Also, BAYC has reiterated that no minting news or important information will be passed via their Instagram page.



Author: Valentine A., Gate.io Researcher
This article represents only the researcher's views and does not constitute any investment suggestions.
Gate.io reserves all rights to this article. Reposting of the article will be permitted, provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.